Types of Business Fraud and How to Protect Yourself

From identity theft to return fraud, businesses are the subject of various types of schemes to take advantage of employees, customers and revenue. In some cases, the losses can threaten the ability of an organization to stay in business.

In almost every case, fraud can distract the executive team from their primary responsibilities. It also robs companies of the capital they need to build and sustain the business in today's hyper-competitive environment.

Here are some of the most common frauds—and how to make sure you're protected.

1. Employee Fraud

According to the Association of Certified Fraud Examiners, organizations lose 5% of their revenue to fraud each year, with the typical fraud case lasting 14 months and generating losses of $8,300 per month. Asset misappropriation, which includes various forms of fraud involving cash and theft of inventory, is the most common and least costly, with a median loss of $100,000. While financial statement schemes are the least common, they generate a median loss of $954,000.

2. Identity Fraud

The 2020 Identity Fraud Report from Javelin Strategy & Research found that identity fraud, which happens when criminals access an online account, generated $16.9 billion in losses in 2019, leaving customers to pay $3.5 billion in out-of-pocket expenses.

3. Retail Fraud

Retail "shrink," which is short for shrinkage, is the term retailers use to describe losses associated with theft and fraud, cost the industry $61.7 billion in 2019. That's an increase of 21.9% over the prior year's losses. In terms of revenue, shrink cost retailers approximately 1.62% of sales in 2019. The primary types of shrink are shoplifting, employee theft, administrative errors, and fraud.

4. Cybercrime

The Federal Bureau of Investigation's 2019 Internet Crime Report pegs the losses associated with cybercrime in the United States at $3.5 billion. Of those losses, business email compromise, which involves the use of email to facilitate scams, generated $1.7 billion in losses. The global estimates of the cost of cybercrime vary widely but often reach into the trillions of dollars.

Combatting fraud in any of its forms requires an investment in the people, processes, and technology to shore up an organization's defenses. For smaller and medium-sized organizations, that investment may prove minimal and relatively easy to sustain. For larger organizations, it will require considerable funding and oversight to launch and maintain an effective anti-fraud program.

Regardless of the size of the organization, to prevent financial crime, businesses must pay attention to the following:

Setting the Tone

Most employees will never steal from their employers. Nonetheless, according to Donald Cressey, a criminologist, if an individual faces some form of pressure, can rationalize their behavior, and has an opportunity to engage in a scheme, the stage is set for fraud to happen. To discourage employees from doing so, companies must document and share their expectations. An ethics policy sets the standards of employee behavior, including the types of activity that would constitute a violation.

Evaluating Internal Controls

Employees, customers, and criminals often take advantage of an organization's internal controls, or lack thereof. Companies must continually evaluate the existence and effectiveness of their internal controls. They must also make sure to fix any deficiencies as quickly as possible. The longer an internal control is lacking, the greater the potential for fraud.

Educating Employees

To help protect an organization from fraud, both internal and external, employees must know how it happens and how they can help detect and prevent it. Educate employees on the type of schemes facing the organization. Additionally, provide employees with the ability to alert management should they uncover activity indicative of fraud. For example, many organizations invest in anonymous reporting hotlines.

Communicating Policies and Procedures

Employees should have a clear understanding of their employer's policies and procedures and why they matter. For example, if a company requires employees to create complex passwords to access the company's network, and they prohibit the sharing of their login credentials with coworkers, employees should understand why the policy exists and how the company ensures compliance.

Reconciling Bank Accounts Regularly

Some fraud schemes involve bank fraud. To detect fraud before the losses can multiply, a company's accounting staff should reconcile the company's bank accounts frequently. In addition, banks provide businesses with access to a broad range of fraud prevention and detection tools. Reconciling bank accounts often coupled with the use of a bank's fraud prevention tools can dramatically reduce the likelihood of losses.

Backup Files Often

Some criminals use malicious software, known as ransomware, to deny a company access to its electronic documents. Alternatively, as part of an effort to sabotage a company, an employee might delete critical files, or steal them as they leave the company. To minimize the potential for data loss, companies should backup up their data to an offsite location frequently.

Stay Up-to-Date on Fraud Schemes

There are countless news stories detailing examples of business fraud. Reviewing those cases can help executives improve their knowledge of how fraud happens, and extract lessons learned to incorporate in their employer's fraud defenses. The simplest way for executives to learn from a case is to identify the internal controls that failed or were lacking and see if the same situation could apply in their company.

Whether an organization experiences a loss associated with the fraud perpetrated by an employee, customer, or a third party, the ramifications can be significant and long-lasting. While investing in prevention requires a willingness to set aside funds, it is by far the better path to pursue.