fbpx

Redmond Accounting Inc

Fraud

Take Action Against Fraud: 5 Things You Can Do Today

Watch our webinar all about Take Action Against Fraud: 5 Things You Can Do Today

Fraud is something no one wants to think about. However, businesses of 100 or less employees suffered $150,000 in losses on average. AND it typically takes up to 14 months to detect the fraud.

Watch the reply for a discussion on proper controls to protect your business and you can identify common fraud schemes, recognize processes that may be susceptible to fraud and determine controls to guard against fraud.

For timestamps and transcription, please see below. 

Timestamp 02:35

I am Diana marketing manager @ Bill.com. I’m pleased to welcome you to today’s webinar, taking action against fraud, five things you can do today. Those who aren’t familiar with Bill.com, where your leading provider of cloud-based software that simplifies digitizes and automates complex back-office financial operations for small and mid-sized businesses. Our customers use AI enabled to manage their end to end financial workflows, process payments, manage cash flow and create connections between their business and their suppliers and clients. We partner with several of the largest US financial institutions, including the majority of the top 100 us accounting firms. And we integrate with leading accounting software providers. I’m excited to welcome back today’s speaker Laura Redmond, Laura’s CEO of admin accounting, a boutique accounting firm providing client accounting advisory and consulting services centered around QuickBooks, online and its ecosystem with apps. She was also awarded 2019 top client accounting services pro advisor. So without further ado, please join me in welcoming Laura Redmond.

Timestamp 3:44

Thanks so much, Diana. Hello, everyone. I’m so glad you could join me today. Our topic is fraud, a word that causes most of us to shutter. So as Diana was saying I want to introduce myself a little bit just to tell you about my experience. So you know, where I’m coming from. And as Diana was saying, I run a firm called Redmond accounting, Inc. We are based outside of San Francisco and Silicon Valley, and we have staff in California, Ohio, and Arizona. We moved all of our clients to QuickBooks online and Bill.com and Expensify and other cloud apps like this in 2011, even before that. But everyone was transitioned by 2011. And so we’ve been working in the cloud and creating for our clients a paperless, web based type of accounting environment. For this past decade, our firm provides client accounting services.

So we act as the accounting department for our clients, the bookkeeper, the controller, the CFO, we don’t do tax. We don’t do audits. And we provide technology services where we build this cloud accounting infrastructure for businesses who then have their own staff, their own accounting department to do the work. They just have us set it up and we’re in their back pocket as support. And we also help other accounting firms by training their staff and implementing cloud accounting as infrastructures for their clients. And, and we act as the technology division, white labeled for other accounting firms. So all of that cloud accounting experience over the past decade led us to create this tool that we needed to run our firms. And that is that tool is called Aero workflow. So in addition to the accounting firm, there’s a separate company called Aero workflow that I spend a great deal of time working with, and that allows us to schedule all of the various tasks that we have.

We can schedule them and they’re recurring frequency and delegate all of our tasks to each of our different staff. We have separation of duties and all of this stuff is going to kind of come into play is what I’m talking about today. Andaccounting firms around the world use Aero workflow to run their accounting firm. And then the third thing I spend a lot of my time on is I’m a member of Intuit’s trainer writer network. And I do webinars with Intuit and Bill.com and live plan and other cloud-based apps like that. I co-authored a lot of intuit’s QuickBooks, online certifications for accountants, and I’ve traveled a bit around the country teaching at accounting technology conferences. So all of that type of work I do is really kind of the same thing. It’s all centered around QuickBooks online and its ecosystem of apps.

Timestamp 06:42

And in addition to those apps, there’s also the very important new method of workflow, how you do things that is called for in this cloud environment. Okay. So that’s me. And as we get into this topic of fraud today, I thought it would be fun to talk about a few stories. I like stories. So I’m just going to tell a few stories. Our firm is celebrating our 16th year in business. Next month, we started in April, 2005 and we are not certified fraud examiners. You would expect fraud examiners to see a good bit of fraud, but we’re general practitioners. And we have also seen fraud. So I just want to tell you a few stories that we’ve come across personally, just in the normal course of business that we do. And if you have been witnessed to fraud, then these stories may resonate with you.

And if you have not, then my hope is that these stories help you prevent it from happening to you or the businesses you work with. So there’s no fear intended here, just sharing stories, sharing experience. So my first story is one day we got a call from a growing company that had about 50 employees and they had referred to us. They needed a new accounting department and it was urgent. They said their book caper, if their employee bookkeeper had just quit. The last day of the month, one of her duties was printing the weekly vendor bill payments, the company’s blank paper check stock was kept in a locked drawer. She had to ask the manager for checks. Every time she went to run a check run. So they had systems in place. She had to tell the book, the bookkeeper had to tell the manager how many checks she needed, the exact number that she was going to need to print.

Recently, when they, by the time they called me, they said that recently there had been several paper jams. They were thinking back from what the bookkeeper had told them that there had been several paper jams in the printer and the bookkeeper dad to ask for a few extra checks after the bookkeeper quit, the bank statement arrived, and they discovered that the bookkeeper had been printing checks, made payable to herself and forging the principal’s signature, the check signer signature. Luckily they found it, but they had a lot of financial activity in their business and they felt that it very easily could have gone undetected. So they worked with local authorities and in their situation, those checks were small Lish, but they added up to $17,973.53. So be aware of employee fraud, it does happen. And one little tip I’ll give you that we learned during this experience was this is just an aside that if this ever happens to you, when you catch it, you can, at least this is not a great comfort, but you can actually send a 1099 to the criminal that in addition to whatever other punishment they receive, they will also have to pay tax on the amount stolen.

Timestamp 10:11

So anyway, there is one story. Another story that we’ve seen as a firm is one day we received an email from an existing client and they were authorizing a payment by wire to one of their vendors. It was a large amount, but not out of the ordinary for this business. The amount of the wire was $1.4 million, but  that was not the only time that kind of money had moved hands with this company. It had a trail that the emails we received had a trail of emails below it, where you could see the vendor had sent the supporting documentation and people were replying back and forth. There were, you know, just, you can read the conversation there. And we even recognize the project name that this wire was referencing. We had made some other payments recently for that same project in this situation, all wires, the procedure was that all wires require written and verbal approval.

So we call the client using the number that we have on file to confirm the wire. And we discovered that the client knew nothing about this wire. They did not request it. So then we, the client and our affirm went into investigating that email request for that wire payment. And we found that the sender’s email was very similar to our client’s email domain. So we thought it came from our client. But when you look really closely, the criminal had added one letter into the domain name. There was an R in the domain name and they added a second. Are you just easily missing something like that. It was not noticeable. So in addition to the fraudulent wire request, it was disturbing to all of us, to us, to our client, that the criminal had tapped into this business’s secure email account to their domain and gotten a hold of an actual email conversation which they were able to jump in on and forward along to us.

And, you know, and even know to forward to us as the payment group with the fraudulent wire payment requests. So it had actual employee names and email addresses and the vendor on the project names. So it looked really legitimate. So that can happen. And this story is to say, be aware of email fraud, and you’ll hear email fraud also called BEC or business email compromise. That’s one of the terms they use for this. And my third story is one about maybe three or four years ago. It’s been a client of ours. So this is an existing client.

 

Timestamp 13:12

Another one, these are all separate clients.They forwarded us an email that as their accounting department, they had received it from a police officer in another state and they said, what is this about? So we looked into it, the police department was investigating a check, then an individual trying to cash that was flagged as fraud. So we immediately went into a fraud alert feeling, you know, that feeling. That’s like, wait, what’s going on? Who do we trust what’s happening here? So first we called the police department, but we didn’t even know if that was a legitimate police department. So we went out publicly defined that city’s police department and got the number that way and called that police department to verify that the person who had sent the email was in fact, a police officer. And yes, it was. So that part was legitimate. So then we started working with that police department. The officer sent us a copy of the check and it had our client’s company name and address in the upper left corner. That was correct, but the payee name and the dollar amount didn’t match anything in our records. So the check had been altered. Then, over the course of the next hours, we started to receive similar reports on that same day from other States about checks that did not match anything in our system, $1,978, $2,300, $7,812. And then one came in for $450,000. A check had been stolen, washed duplicated, and then used all over the country. Different States, Washington, Georgia, Maryland does day at all that they hit all at once trying to get cashed.Our anxiety was rising as the day progressed. The local police department stepped in and led an investigation where they worked with all the police precincts around the country and the different States that were involved in this case. And the fraud attempts continued to happen over the next several months. We did keep receiving more and more, but in the end, the lead detective sat down across the conference table with me, the client, their whole legal team and security team, and confirmed that not one penny was ever stolen.

And the reason not one penny was ever stolen was because our client was using Bill.com and build up comes, fraud prevention features prevented it. And the detective had not heard of Bill.com before that. And he was a fan by then. So our clients check the account safely, because Bill.com is routing and account numbers are on every check that goes out. Our client’s account number was not on the check. And so our client’s bank account number was safe. In addition to that, Bill.com automatically on every check, you don’t have to turn it on. Bill.com automatically is a positivepay service on all checks. So none of those fraudulent checks were successfully cashed because they all had different dollar amounts and the system than what the person trying to cash it. So our client was safe and Bill.com was safe. So that story is just to tell you to be aware of check fraud. And these three stories I’m telling you again, I don’t mean to incite fear at all. Just want to mobilize you to protect yourself because these are just three that I’ve seen. And I’m, you know, not generally working necessarily within a fraud situation.

 

Timestamp 18:29

So there are a couple of reports I want to show you.And just talk about some of the highlights. This first report was released last year by the AFP association of financial professionals, it’s called the payments fraud and control survey report, and it covers fraud related to payments. And then this one is the association of certified fraud examiners, and they released the 2020 edition of their report to the nation a few months ago. So it’s great, it’s a global study. It’s a great study on occupational fraud and abuse. So occupational fraud is when fraud is committed by individuals against the organizations that they work for. And it’s among the costliest forms of financial crime and existence. There are more than 3.3 billion people in the global workforce, and nearly all of them have access to or control over some portion of their employers, cash or assets. And the vast majority of those 3 billion people will never abuse the trust placed in them, by their employers, but the small percentage who do can cause quite a bit of damage.

So anyway, here are some highlights from those two reports. One thing to note is that eight out of  10 organizations were victims of attempted or actual payment fraud attacks in 2019. And I think in a few months, we’ll get the newer numbers out. Of course, 2020 was a COVID year. It’ll be interesting to see if that had any effect, but these numbers are somewhat similar over the past many years. So 81% is quite a number. It’s the second highest percentage in the past decade, it has increased since a low of 60% in 2013, but it has been gradually increasing since then. And experts say that to you, institutions are taking steps to avoid fraud and lots of organizations are only doing it once they’ve become a victim.

Then there is just as much or more fraud in large organizations. However, small businesses seem to feel the impact more than larger entities. Attacks on smaller organizations increased 10% last year. Attacks on large well-known companies may make the most headlines, but smaller businesses are vulnerable and they aren’t as likely to have sophisticated or extensive internal controls. Now looking at occupational fraud, fraud committed from inside the organization, the median loss per case across all business sizes is 125,000, but that meeting and amount is greater in small businesses. It’s 150,000. So billing fraud is two times higher in small businesses. Payroll fraud is two times higher in small businesses. Check tampering is four times higher in small businesses. Occupational fraud typically lasts about 14 months before just detected now check fraud top the list of the payment fraud of the payment methods, check fraud top the list as the most frequently subjected to fraud attacks.

 

Timestamp 22:23

This is from 2019 on the 2020 report, 74% of organizations experienced check fraud. That’s three fourths of businesses. And while checks are increasingly seen as outdated methods of payment, many B2B payments are still made by paper checks, 42%, which is up from 70% in 2018. So common check fraud techniques include photocopying valid checks to deposit it multiple times for creating fraudulent checks with stolen bank account information or soaking stolen checks and chemical washes to remove the toner, the ink, and replace it with a different page name and amount. So check tampering is nearly four times more common at small companies. The next most common was wire fraud and that’s on the decline down from 48% in 2017 down to 40% in 2019. That’s the third consecutive year in which wire fraud activity declined, but it’s still hot then comes credit card fraud at 34%. And well, what does credit card fraud look like? Fraudsters use card skimmers. And that’s when you insert your card, the information goes to someone else other than the gas station or restaurant that you think you’re paying. So if you are not sure about the metal slot that you’re, you know, at the gas station, the metal slot, you’re inserting it in. If it doesn’t, if it looks worn or loose or something you know, you may want to go in and go straight to the attendant or something. Fraudsters also intercept mail, such as bank statements and new credit cards and fraudsters access online purchasing. So when you’re buying online, make sure the web stories are a secure checkout. Make sure that you’re on a secure private network, not at the public library or cafe or airport or mobile device. I mean, sometimes we are, but just be aware that that’s happening, that that can happen. And some fraudsters get a job working in a restaurant or a store. And when they take your credit card to pay for your mail or your goods, they copy your card info. So it’s best

if you can have the waiter or the clerk swipe the card in front of you and not take it out of your site. Anyway, those are just some examples of common credit card fraud scenarios. And then what happens, the next thing, you know, once credit card fraud has occurred, you receive notification notification from your credit card, financial institution. Many of you may have had this happen. And they’ll say that unusual credit card activity has been detected or maybe one of your employees notifies you that they don’t recognize charges on their company credit card statement or worse. Nobody notices that all fraudsters just get away with it. So anyway, credit card fraud, they’re 34% and then after credit card fraud comes ACH payment fraud, which is on the rise with wire fraud on the decline and ACH on the incline. So this suggests fraudsters are paying attention to this payment method now. Okay. So fraud sources, the number one the majority of payment fraud attacks originated from business, email compromise BEC

 

Timestamp 26:10

That’s email fraud, 61% of companies that experienced fraud in 2019 did..

That’s pretty concerning how widespread that has become because we all depend on email. So how do they do it? Well, first they researched the size and type and frequency of the payments you make. So train your staff, make sure this information is not shared. Then they impersonate someone by saying an email from a lookalike domain, the recipient of the email. Thanks the message has come from a legitimate source, like a trusted vendor or an executive within your company and the email requests or authorizes payment, and often has new or changed payment instructions, particularly where to send the payment and payment is sent to an account as constraint as instructed. And that is to control an account that is controlled by the criminal. So incorporating email fraud controls is challenging. And even if the fraud is detected, funds have often been moved already. So oftentimes people are finding that when they’ve had this occur to them, they go to try to reverse the wire and it’s too late. The fraudsters, as soon as they get your wire will generally move it immediately. Again, the second most common source of payment fraud in 2019 came from individuals, forging checks and stealing credit cards. And the third most common source of parent fraud identified is third-party vendors.

 

Timestamp 28:54

So there are lots of effective fraud controls that can be implemented quickly and inexpensively to protect your company. So here, we’re going to go over five ideas that you can implement today, or whenever you’re ready. The first one is to establish clear fiscal policies and procedures. I know that sounds boring, but it is important. You want to do this in writing and you want to get them approved by the upper echelon at the organization. These need to be crystal clear, no confusion. They should be followed by all staff involved. Then using those policies and procedures feel like creating a streamlined checklist based on your procedures. And those will be used by the person or each of the people who is performing the work to ensure that everyone is following the procedures so that no one is forgetting an important step. So the tasks are performed consistently to reduce errors, save time, avoid fraud, and to perform the tasks on schedule at the right time. Checklists also act as a work log so that the work can be tracked.

That helps you look for and solve potential vulnerabilities and security and figure out exactly how you will handle every accounting task in your organization. So let’s look at an example. If the procedure is to validate a change of payment address request or change of payment instructions that you received from an existing vendor, based on what we know about the threat of fraud in the situation, your checklist may include steps like this, validate the sender’s email address, domain name looking carefully for very minor changes, identify a known contact phone number in your system, not the one in the new payment instructions, pick up the phone and call the vendor to validate the new payment information, ask the vendor for the reason for the change and be suspicious. If the vendor is vague about that and is wary of vendors who frequently change payment instructions and then escalates any concerns if a payment, the same is suspicious.

 

Timestamp 31:36

So those are several steps and you don’t have to do them on every bill, your processing, just from time to time when your vendor gives a change of payment address or payment instructions. So once you have this policy in place, you can see why, if people use the steps, they would be less likely to have some of the fraud situations that can arise. And organizations with clear procedures are better able to educate and train their employees on these common fraud practices and on the company’s controls to guard against it, training employees how to spot and prevent fraud is essential. I mean, just bringing up that checklist and having the discussion about it as essential and training employees, not to share information on social media related to their roles and responsibilities is another good idea. A lot of people are out on social media, especially like LinkedIn, which is a great place for, you know, to, for social media, for businesses, but lots of people give information that is very interesting to cyber-criminals and they can kind of give away maybe too much about their position. Maybe they say, they’re the person approving bills. Well, that might be information that a cyber criminal might want to know. So make sure that your here employees who are in that role of making payments, maybe don’t share too much information on social media about their duties and also make sure your company website doesn’t show your internal structure or your organizational chart when it comes to those people responsible for guarding the company’s funds. And also don’t publicize these procedures, train your employees, that these processes are not to be shared publicly.

Here’s what a documented procedure might look like. It will have screenshots. It will give very clear information on exactly what to do. Imagine how many steps there are and all of the various procedures in an accounting department. And so imagine how easy it would be to forget a single step, if you didn’t have a checklist. And so documented procedures and checklists help the organization retain control and not be as much at the mercy of someone who knows how to do it all by memory. And here’s what a checklist might look like. It lists each step in order, it’s the shorter cut version of the longer procedure. So, you know, every time you go to do the work, it might be all in your head. And if you don’t have the procedures in the checklist and you’re the person that does this work and it’s all on your head, then the rest of the organization can kind of feel like they don’t know how to step in if you’re out sick or they don’t have much oversight over it.

So if you have these procedures and these checklists and you can switch them from one person to the other and separate duties, this all becomes a much better situation for fraud prevention. So a checklist with every step, the steps themselves might also have a link to the full blown procedure guide. So that as each person in the accounting department is doing this work, they’re not having to open the big procedure guide and read it every time, because then work will slow down a lot, the procedure guidance there, if they’re new, or if they’re covering for someone else, they don’t know how to do this. They’ve got the full procedure. It is there. It’s clear to everyone how you’re supposed to be doing things. So if someone’s not doing it right, then they’re out of line there. But the checklist is the shorter cut version.

So that when you do go to do this work, every time you should use that checklist and, and each of these steps could have a link to the part of the procedure guide. If someone does get unsure about one part of the checklist, then they could go jump in and say what screenshots or what the procedure guide says about it. And that’s really helpful when someone forgets how something should be done or you’re training a new employee, or the person who normally does this work is out sick or on vacation. So these checklists are really helpful and you know, think of a pilot. They have to follow a checklist before takeoff. And I’m sure they’ve done these steps many, many times. I’m sure they know them by heart, but if I’m a passenger on that plane, I want the pilot to use the checklist.

 

Timestamp 36:45

So imagine the fraud implications of a simple accounting mistake. We use these checklists at our firm and we also allow our clients who are doing their own accounting to use them. And we have them for everything from entering bills, paying bills, voiding checks, reimbursing expense reports, processing, company card purchases, onboarding new employees, validating time-tracking paid time off setting up a new vendor, setting up when a vendor changes their payment instructions, reconciling bank accounts. I’m calling these all out. Cause I, I want to just give you an idea of how many pieces there are to the accounting, to the work that accounting departments do and how many of them are potential openings for fraud. So these tasks may all sound simple to someone who knows that work, but there are actually a ton of steps behind them and they represent complex work that can cause major issues or fraud if they’re not performed correctly.

So do you have your procedures documented in your organization? And if the answer to that is no. Then can you think of an accounting process that leaves your business vulnerable and start with one, maybe one that you can improve upon a day it’s tedious work. I don’t love sitting around and writing up checklists and procedure guides, but it’s important. So I don’t want you to be overwhelmed with it. Just start with one. Establishing these secure procedures is especially important as a foundation for the next action item, which is to separate financial duties to ensure that no one single person controls all the parts of a financial transaction. So once your procedures are documented, then you’ll go through every one of them and make sure that there are no areas controlled by one person. So you see creating the procedures for one, it gets out how we’re going to do things here, but two, it allows you to have it all now out to be able to go through it and parse it up and divide it and delegate it.

So split the procedure into smaller parts that you can delegate to different staff. Let’s look at an example, let’s take paying vendor bills. There are several parts to paying vendor bills with several people involved. Each smaller part is its own process, its own checklist. So process one might be one person enters the bill transaction into the accounting system. Process. Two is a different person approves the bill and you may actually have multiple approvers process. Three is a third person, different person schedules. The approved bill payments. Each of those three processes probably has its own checklist of steps. Definitely has its own checklist of steps for that person to do. For example, the checklist for entering bills may have steps related to validating the bill document or the supporting documentation and verifying the remittance address matches what the system says or is this fraud where someone’s remitted something and trying to get away with having a payment sent to another address, selecting the proper chart of account class codes and location codes and all that stuff, assigning the proper approvers, and then the person who’s paying the bills might have another checklist with totally different steps.

Timestamp 40:06

They’re going to be verifying where their funds are available. They’re going to be reviewing the approvers notes to see if there’s any comments about it. They’re going to be verifying the method of payment. They’re going to be processing and scheduling the payment. So that’s just kind of to give you a visual on the steps and why they should be delegated between different people. And there are other accounts payable processes related to paying vendors. You know, like the waiting checks and adding new vendors and things like that, all of those need to be documented and delegated appropriately for separation of duties. And then there are countless other procedures related to your entire finance department, of course. So you’ll review all of your procedures and split them up again. I don’t want to overwhelm, I just want to give you the big picture and then just start however long it takes you at least, you know, start doing that.

Here’s a screenshot showing the permission. Granted if you’re using Bill.com, this is a screenshot when you invite a user and you give them permission. This is a sample when given to an AP clerk, that’s the person probably entering the bills and separation of duties allows you to give different levels of access to different people so that everyone doesn’t have full access to the entire financial infrastructure and the person who enters bills wouldn’t have authority to pay the bills and vice versa. If you’re using accounting software like Bill.com and you probably have additional functionality like secure username and to even log in time date stamped, audit trails, to track who did what you may have two factor authentication you’re using encrypted secure data channels. It probably automatically logs you out in Bill.com. You can create a setting to enforce the approval workflow.

So bills have to be approved before they can be scheduled for payments and time, date stamps again on the approvals. So I’ll just throw out some other examples of separation of duties. These are other places. If you’re looking for ideas and again, not to overwhelm, just trying to spark ideas because all of you attending can be doing different things at different businesses. But some examples of separation of duties are require purchases, payroll, and disbursements to be authorized by a different person than the one actually making the payments separate those who work with money, coming into the business from those employees who work with money, going out of the business, one person wouldn’t be, or shouldn’t be handling both money and money out and separate the handling of funds from the bookkeeping, the person who handles payments received from customers and deposits and that the bank might be a different person from the one who records those transactions on the books and reconciles,

Whoever does the purchasing may not be doing the bill, pay all those, the person who’s doing the purchasing may be an approver on the bill to ensure that the person authorized to write a check and who has the key to the locked check stock. If you’re using paper checks, make sure that that person is different from the one who’s signing the checks and vice versa.

 

Timestamp 43:24

The person who’s opening mail, stamps all the checks as a deposit only before handing them over to the person responsible for depositing them. That way they can not be cashed and periodically review your accounting systems audit log. You can filter audit logs often by looking for voided and deleted transactions. To look for foul play. You can require supervisors to approve employees, time sheets and paid time off requests for payroll. Payroll is certainly an area to look in for fraud. If you’re using paper paychecks, you could require that they be distributed by a person other than the one who authorizes or records payroll transactions for wire requests, you could require that they be in writing, followed by verbal authorization. That’s certainly one I would suggest using. I’ve seen that one be effective. If you’re if the organization’s so small that you can’t separate the duties, you can require an independent check of the work, be done by perhaps a board member that you report for at the end of every month or something.

And certainly when accounting department employees take vacations, it’s good to have another step in and be able to do their work. So I just want to throw out one thought here. The Hawthorne effect is an interesting phenomenon having proper controls in place has a wonderful domino effect and protects the organization when everyone knows that financial activity is being reviewed and verified, the approval process is for whatever part of the accounting department you’re using it on. An approval process is a very important component to the separation of duties because it puts another set of eyes on things. So for bill pay approval, it’s even better. If you have more than one approver, one approver can represent the person that’s ordered the goods or services saying, yeah, I ordered this. This is good to pay. And another approver may be the department manager in charge of the budget related to this expense. And you might have another approver, maybe the controller or CFO who’s in charge of the available funds. So you can also have reviewers and approvers on things like customer invoices and employee expense reports and time sheets and reconcile and close. So lots of things to separate duties on, get more eyes on it.

Timestamp 47:55

Actions that you can take to help prevent fraud. And one of them of course, is to send payments securely, which we all want to do. Remember the stat we saw earlier, 74% of organizations experience check fraud in 2019 and with check fraud, being the most common payment fraud. So from the moment they’re issued, check payments are at a high risk for fraud. For these reasons dishonest employees may issue checks without proper authorization. Fraudsters can easily alter checks or create counterfeit checks and checks can contain bank routing and account numbers in plain sight for fraudsters to use. So it makes sense to make payments electronically instead of using paper checks and apps like Bill.com and Expensify and whatever other ones you’re using out there. Those are just the ones I know, but certainly whatever tools you’re using, those make this super easy and secure e-payment payment replaces the paper checks going out in the mail with electronic transfer of funds between the bank accounts.

I know businesses today that require their vendors to accept the payment. And they’ll no longer send paper checks. Bill.com and other tools like it, we’ll send checks out that are protected with positive pay and the hidden bank accounts. But I know vendors actually that make all of them, I know customers at higher, sorry that make their vendors sign up for e-pay and they will only do the electronic payments. So whichever you want to do, but if you do need to send a paper check, then I definitely would use something like a Bill.com or a tool like that that has positive pay. If you don’t know what positive pay is, positive pay requires that the information on the check that you issued matches the information on the check that’s presented at the time of payment. So if you’re printing your own checks, you can contact your bank and ask them to activate positive pay for you.

Then every time you print checks and you send them out in the mail, you’ll forward the details. You’ll usually like to upload an Excel spreadsheet or something to your bank. And then before your bank will honor a check, it makes sure that it matches the data against what you had uploaded. So if the check is not found in your data, or if the check information doesn’t match, cause it’s been altered, then the bank notifies you and you can decline the payment in Bill.com, you can track bill payment status from the time of payment is scheduled to when it’s processed, sent, and then cleared. And that information is very helpful to have your fingerprints when you’re at your fingertips, when you’re researching a payment to a vendor there are also options to click, to avoid and cancel the payment or to avoid and reissue a check before it has been collected cash.

And if you sent a paper, check, the scan, check images of the Clare check will be automatically scanned for you. So when you want to research a payment to a vendor, you can find all the way through the clear check. That’s really helpful. With staff who turn in an expense report, so you’re not paying back a vendor here, you’re reimbursing your employee. You can reimburse them electronically and they’ll be notified when payment is scheduled. And again, when funds are available on their account, that screenshot I’m showing here is that Expensify. But there are many other apps like that and you can pay wages when you’re doing paychecks on payday using direct deposit, lots of the payroll companies now all have direct deposit. You can require that. So your staff will get notified when they get paid, they can log in and see what their paycheck detail is.

So E payment, positive pay, hidden bank account information, all that protects your business. The next tip is to monitor your bank activity, the bank statement. Those should always be reviewed by someone other than the bookkeeper. We tell our clients not to put that on paperless. We like actually, it’s actually one of the few pieces of paper I do like to come in to our, to the owners of the companies, have an officer of the company review the statement, monthly spot, just random spot check, ask questions also in effect, remember just if people know you do that that’s information. So if you do sign up for the paperless thing statements, then do remember to go grab them and look at them every so often you can get banking alerts. In addition to checking your balance and bank activity online, you can sign up for banking alerts.

So the bank will contact you by email or text message when certain activity occurs on your accounts, based on what you signed up for such as what withdrawal, exceeding a certain dollar amount or change of address. And then be really responsive when you get those fraud alerts. And you could also investigate whether your bank offers an ACHdebit block, that controls that blocks all ACH payments on your checking account, except for the payments by the pays that you’ve specifically authorized as allowed. So that’s another cool functionality. And then you have the apps like QuickBooks online and Expensify that connect to your bank feed. And the process of matching the bank fee to the transactions entered allows you to validate your banking activity and you can do this frequently more frequently than waiting until the end of the month reconciliation. So when the bank feed is not recognized, you can say, Hmm, what is that? Why did that happen? And you can take action on it immediately. And that’s important for credit card holders to review their credit card activity regularly, because if you catch it in time, most financial institutions will deactivate the card, the compromised credit card and reissue a new card and credit you a box for the fraudulent charges.

 

Timestamp 54:21

Our last tip of the day is technology. Many of today’s top tech tools for accountants are web-based and they integrate with each other when you’re researching apps, check out the integration options. So you probably want to start with a core general ledger like QuickBooks online or net suite, or Sage or zero, and then find tools that integrate with that general ledger and can help protect you from fraud.

Like you’ve heard me call some out today, Bill.com, Expensify Gusto payroll. There are thousands of others, literally thousands of others. Like if you just go to QuickBooks online’s app center, there are hundreds and hundreds. I think there are over a thousand just there that work with QuickBooks online. And then I’m sure the other is net suite save zero all have their own ecosystem of other apps too. So there’s lots to choose from. And the integration of these apps protects your organization from fraud by allowing you to grant access to staff for only the apps they need, right? So they don’t necessarily need to be in the general ledger. If all they do is sales, they can be in the CRM, right? So it keeps them out of secure areas and it helps support the separation of duties. And the integration of apps automatically syncs data to, and from the general ledger.

So you don’t have to duplicate that effort, which means reduced labor. And it reduces the vulnerability to errors. If you have to duplicate inner things in both systems, you’re more likely to have a booboo. And it also reduces the opportunity for fraud by manual entry and the integration of ads also offer some special fraud protection functionality as we’ve discussed today with EDD payment and positive pay and bank feeds. And so many more like employees can log into an online time shade that has GPS tracking on their smartphone that helps protect against buddy pinching. There’s lots of fraud. Preventative measures being built into these apps. Today’s web based accounting solutions are also generally all bank level secure, they’re password protected, they’re encrypted. So the data is entered and as it’s entered is encoded and masked, as it travels out over the internet to the server and the state is usually automatically backed up and always available to you.

So these technology tools, these web-based cloud accounting solutions protect your organization from fraud because they’re considered more secure than say a filing cabinet with paper documents, sensitive paper documents, and that they can be stolen. I’ve read newspaper articles where criminals broke the window, got in and took the entire file cabinet out of the building, a computer or a server with desktop programs and data files that that equipment can be just pulled out of the building and taken. There are cases of well, all sorts of things like that, but anyway desktop programs can be backed up and guarded against data corruption and loss and backup tapes stored in another location for safekeeping, but still, I mean, all of that can be automated now with technology. So take advantage of technologies. That’s this last tip. Our firm builds accounting infrastructure based around its ecosystem around QuickBooks online.

 

Timestamp 58:32

So we’ve, you know, researched it, it has a rigorous process to get listed on the app store. And, and so all of the apps that we use have passed that kind of security measure and the cloud accounting infrastructure gives the business access from all different places. And that’s really helpful. So I want to throw out, we have one tip and then our last polling question we’re done. So here’s a tip just for a fun bonus tip. If you’re signing paper checks or you’re writing mileage on a title card for a car you’re selling, or you’re signing a legal document, or you’re writing anything that you don’t want to be washed and changed. This is a really cool pen to know about. It’s about a dollar when you write with it, it’s permanent for the lifetime of the paper it’s written on its pigment based tank. It’s not water-based or dye based. There’s no chemical that can remove it. It forms an indelible bond to the paper. The ink is absorbed in the paper’s fibers. So when an individual tries to wash the information written on the check, the ink is in effect trapped. So it doesn’t wash off. Okay. And our last thing, if you want to hear more about my firm’s technology services and our live checklists or anything that we’re doing, then just click yes on this one and I’ll get in touch with you after the webinar.

 

I just want to throw out my email address and our website. If anyone is just looking for any more information about what I was talking about today, I just wanted to throw that out. If you’re struggling with technology, it’s getting really sophisticated now. So if you just need help setting up configuring apps, anything like that, we’re here to help.