How to prevent fraud: a straightforward small business guide
Media critic Neil Postman once said that “every technology is both a burden and blessing,” and it’s easy to understand what he means. Business owners can run an entire company with the swipe of a finger, yet the same technology that lets you conduct business from your smartphone also places you at risk of identity theft and other forms of fraud.
This doesn’t have to mean that the phrase “online security” is an oxymoron. There are some basic strategies that you can use to protect yourself from fraud. Use these fraud prevention strategies to protect yourself and pass them along to your employees.
Common forms of fraud
Before we get too far, it may be helpful to highlight some of the most common forms of fraud you’re likely to encounter today.
According to a 2021 report by Javelin Strategy and Research, Americans lost $56 billion due to identity fraud in 2020 alone.
A skilled identity thief can harvest your personal information and use it to obtain a credit card in your name or use your bank account for their own purposes.
Unfortunately, in an age where our personal identity is tied to our usernames and passwords, identity theft can result in a wide array of personal and financial consequences.
Employee fraud can be as direct as stealing actual cash or supplies, but it can also happen in the form of an employee who steals financial information from your customers. In other cases, you may have employees who take advantage of your workers’ compensation insurance, fraudulently exaggerating the seriousness of their injuries to maximize their payout.
New account opening fraud
New account opening fraud occurs when a cybercriminal attempts to open a financial or customer account using stolen or forged contact information. For example, a hacker may use information obtained on the dark web to get a credit card. This card can then be used to defraud businesses both online and in person.
As an unfortunate side effect, modern fraud detection solutions often suffer from false positives, which means that your company might flag a sale as fraudulent even when it is legitimate. This can result in lost revenue and customer frustration.
Finally, we’ll simply highlight the vast array of scams that exist today. Most of these scams are considered “phishing scams,” which are designed to harvest your contact details or other information.
While you’re probably wise enough to avoid unsolicited phone calls, some scams lure you in with the promise of a service that’s actually a clever ruse designed to capture your personal or financial information.
For example, some companies may catch your interest by claiming that they’ll offer a free copy of your business credit report, while in truth, these offers are simply online scams designed to capture your business information.
Fraud prevention strategies
How can you protect your business from falling victim to fraud? No strategy is foolproof, but there are steps you can follow to prevent fraud and take command of your personal and business accounts.
Maintain your internet security software
Never surf the web without fully up-to-date internet security software in place. Not only can this protect your devices from viruses, but it can also keep you from having your data breached by cybercriminals and hackers.
Report suspicious websites
Always look for the “HTTPS” at the beginning of the URL of the websites you share contact information with. While this does not 100% guarantee the site is safe, HTTPS is overall much more secure than “HTTP.”
You can also double-check that the URL matches the company’s web address and is not a clever duplicate intended to trick you into giving up your online credentials (e.g., Invoice2go.com, not InvoiceToGo.com).
Your internet browser may allow you to report suspicious websites. If you’re using Internet Explorer, simply click the gear icon, “point to safety,” then click “Report Unsafe Website.” If you’re using a shared computer, make sure to let any employees know to avoid that site in the future to ensure internet safety.
Guard your personal information online
You should always avoid giving out your Social Security number or other personal information online. In fact, if you can’t verify that the website you’re using is legitimate, you should probably avoid using it altogether, lest you find yourself a victim of fraud.
But what about sites that you already use and trust? Some e-commerce sites, for example, will offer to store your passwords or even credit card information to make it easier to access your account for future sales. Never do this.
Even if you trust the company, you have no way of knowing what fraud prevention strategies they have in place, which could put your data at risk in the event of a security breach.
Be careful with your email
Similarly, you should be highly cautious about what you share over email. While it’s common to include your basic contact information in your email signature, you should avoid including bank account numbers or other financial information that a cybercriminal could harvest.
Understandably, there may be times when business relationships demand that you share specific details with business partners or financial institutions. You can minimize your risk by using an email encryption program from services such as the following:
These services allow you to send encrypted messages through your existing email address but offer enough security to make it harder for criminals to harvest your personal data.
Be wary of suspicious links
It’s not uncommon to receive an email or social media message with links to an external site. Sometimes you’ll recognize the link; other times you won’t. Don’t assume that you can trust the links sent by another person, regardless of whether you know them or not. Some hackers impersonate people you know to trick you into clicking on links that can be used to harvest your data.
Screen your phone calls
In the era before caller ID, it was impossible to screen your calls. Now, however, you can avoid suspicious phone solicitations before they make contact. Some phone companies will even label suspicious phone numbers as “possible scam,” which can save you the time of dealing with potential scam artists.
Of course, you run the risk of screening calls from legitimate customers, so you may be slightly laxer with your business phone than your personal cell phone. Business owners might consider training their employees to avoid these calls, and above all else, not to divulge sensitive data without your express permission.
Monitor your bank accounts
Perhaps most importantly, you should keep a daily eye on your personal and business bank accounts. This way you’ll notice any suspicious activity on the date that it happens, not be surprised by bank statements received weeks after the fraud occurs.
Online banking helps you to keep regular tabs on your account activity. If you use a mobile banking app, you can turn on push notifications to receive account activity alerts right to your phone. That way, if an unauthorized user has accessed your accounts, you can respond in real-time.
Keep your contact details up to date
Most banks and financial institutions offer financial services that include some type of fraud detection system, sending you a text message or calling when they detect fraudulent activities on your account.
Keep your contact information current with your bank or credit card issuer to make sure you receive a fraud alert when you need it. Most online banking platforms have tools that you can use to quickly and easily edit your personal data, ensuring you’ll receive prompt alerts of any fraudulent activity.
Monitor your credit report
Another way to monitor your accounts is to review your credit report regularly. Anomalies in your credit history can be a sign of fraud. Investigate suspicious activities and take action immediately.
You may consider investing in a credit monitoring service such as:
In addition to the company names mentioned above, you can obtain your business credit report from the three main business credit bureaus: Dun & Bradstreet, Experian, and Equifax.
Introduce staff accountability
You can’t always control your employees, but you can enact protocols that minimize the ability of your staff members to steal products or money.
For instance, you might place one employee in charge of verifying the accuracy of shipments or the amount of money included in a bank deposit, but then have another employee double-check this data to restrict the access any one team member has to your money or merchandise.
Having each employee sign a checklist can introduce a layer of accountability among staff members. With this kind of accountability, employees may stop to consider the risks before attempting to commit fraud. Limiting employee access to company supplies or data can also protect you against white-collar crime.
What to do if you’re a victim of identity theft
No matter how much effort you make to manage these risks, you may still find yourself on the receiving end of identity theft or another form of fraud.
What should you do when you review your bank statements and find suspicious activity on your account?
Notify your bank
First, notify your bank immediately. Your online banking service can likely direct you to the appropriate department. However, you may be asked to go to a brick-and-mortar location to sign a paper to initiate any investigation. This will freeze your credit or debit cards until a replacement can be issued, preventing the hacker from accessing your accounts.
Notify other companies
Secondly, if you know where fraudulent transactions have occurred, notify those companies as well. For example, if you’re disputing a charge made through Amazon, report them immediately to dispute the transaction and prevent the thief from retaining access to your account.
Notify the FTC
In addition to contacting these companies, you’ll also want to notify the Federal Trade Commission (FTC). The FTC is a government agency that can provide you with recovery resources and forms that will be helpful for your next steps in the process.
Notify law enforcement
Next, you’ll need to notify law enforcement. You can start with your local police department, which can help track down any local criminals who may be committing similar acts of fraud. In many cases, your complaint will be escalated to another agency, but local police may be able to offer some preliminary advice to assist you in your process.
Place a fraud alert on your credit reports
Protect your credit by placing a fraud alert on your credit reports from all three credit bureaus. That way if anyone should access your credit history in the next year, they’ll receive an additional notification that your accounts may have been compromised.
Streamline your services with Invoice2go
Preventing fraud can be a significant challenge, but the services available to modern consumers and entrepreneurs can help you stay profitable even in the face of scams.
Frequently asked questions about how to prevent fraud
We hear many questions about identity fraud. Here are a few of the most common:
Can I trust public Wi-Fi?
Public internet connections are your worst enemy. When you need to connect to the internet, rely on your phone’s data plan or wait until you can find a secure connection.
Am I responsible for fraudulent charges?
If you report fraudulent charges immediately, you likely won’t be responsible for any further false charges on your account. Additionally, federal law states that users are only responsible for a max of $50 in fraudulent transactions.
Will identity theft affect my credit?
Your credit score can be damaged by fraudulent activity. If you believe you’ve been the victim of a scam, it’s essential to address the issue quickly. Once the charges are resolved, your credit can be repaired, though it’s best to have a credit alert on your account so that others will know you’ve been the victim of fraud.