| lessonOverview |
Question: Please tell us what your credit organization has done in the past year, or that is currently being done, to prevent or reduce fraud. This can include everything from training to process improvements to technology deployments to new controls.
The responses to this survey question were very informative. One thing that jumped out at us was the amount of attention being directed towards training, especially since there does not appear to be a substantial anti-fraud budget and only minimal interest in increasing the fraud budget (18 percent).
Likewise, there were also substantial conversations related to controls as well as policies and procedures, two other areas where much can be accomplished with a narrow budget. In contrast, there was a much more limited conversation related to implementing software solutions or otherwise involving IT assets, which typically require an ample budget.
In other words, it appears that credit professionals are doing what they can with the available resources. As such, they appear to be more engaged with the fraud issues that affect their credit operations than the executive team, which naturally is looking at the bigger picture.
Fraud related to credit operations and the order-to-cash process appear to be less prevalent than frauds perpetrated on the procure-to-pay side of the equation. Fraud related to outgoing payments is a huge problem according to the experts. With management's attention diverted elsewhere, credit managers are to a large extent left to their own devices in dealing with credit related frauds until such time as there is a major breach or the cumulative losses begin rivaling those in other areas of the organization, thereby getting the attention of corporate executives.
To provide a better feel for how credit organizations are dealing with fraud, we've included a sampling of the actual responses to the question at the end of the article, following a table that summarizes the efforts the respondents discussed grouped around five areas:
- Training
- Controls
- Policies & Procedures
- IT/Software
- Communications
It bears mentioning that these five areas are listed based on the frequency with which they were discussed in response to the question about what is being done to deal with fraud. Training is at the top of the list and communications the bottom for this reason.
It also bears noting that there were a few credit organizations that are doing nothing. One reason being that frauds had not been an issue, and in another case the Audit Team was responsible for dealing with fraud, the credit organization only being required to report it.
|
Focus Area
|
Organizational Activities
|
Tactics
|
|
Training
|
· Fraud and IT training to prevent fraud, from on-line activities to being aware of surroundings
· An internal audit committee is being formed with plans to improve education on fraud
· Reminders at staff meetings that fraud is more prevalent in these economically challenging times.
|
· Explanations of Tech Procedures
· Informational Emails
· Webinars & Videos
· Cross Training
|
|
Controls
|
· Verbal verification of any changes to addresses, emails, account information
· Two-way verification of requests for bank account changes
· New accounts require a letter from the named bank confirming ownership of that account.
· All new customers are called to verify/confirm information and their bank is called to confirm the company has an open account that is in good standing.
· An internal audit committee is being formed with plans to review all internal controls related to fraud to ensure they are being followed.
· Eliminated any credit cards over the phone; buyers must use self-pay, either in online store or from invoice with link.
· All passwords updated with strong, non-duplicate passwords and multi-factor authentication where appropriate
|
· Tighter controls
· Multi-factor Password Authentication
· Periodically Changing Passwords
· 3 step review of all institutional POs
· Added layers of segregation of duties
· Quarterly Audits
· Voice validation
· Continually re-verifying information
|
|
Policy & Procedures
|
· Updated policy and procedures
· Review all policies and procedures, and taking steps to assure compliance
· Working closely with sales and Customer Service on any new customer orders that come directly across the Internet. Requiring someone in sales to have at least contacted the new customer prior to our attempting to set them up for approval.
· We are putting in a reporting procedure for other departments so that when they see something that seems "off" they can bring it to management's attention.
· Google maps is used at the Street View and satellite level to confirm location and look for signage including address and company names/logos, trucks with company name/logos, and material found in their lots/yard.
· All customer credit information is verified and confirmed using D&B, references, the internet, website and Google.
· All employees and contractors signed an updated security policy with tips and new requirements like password management tool.
· Following procedures regarding new account set up, order entry, payments - verifying all changes with all stakeholders
· Review segregation of duties – banking and payment processing
|
· Card not present procedures
· Confirmation of changes
· Segregation of Duties
· Enforcing Compliance
· Enhanced Reporting
· Enhanced Customer Verification
|
|
IT/Software Improvements
|
· IT upgrades on software
· Implementing 3-D Secure
· Fake phishing campaigns to ID weaknesses
· Process improvement – detection
· Cyber-security upgrades
· Fully integrated credit card processing
|
· Implement new systems
· Multi-system Integrations
· Reliability Testing
|
|
Communication
|
· Sending out to communication all of the customers, advising about recent fraud attempts and that they should always validate any change of information that may/may not come from the company. Advising that the banking information hasn't changed and that they don't plan on changing it in the near future.
· Having meetings to discuss items we have encountered to see what we learned from the situation and what we can do going forward
|
· Proactively communicate fraud attempts and tactics to team
· Quarterly reminders to be vigilant
· Distribute educational articles as they become available
|
Sampling of Responses
- Review of the segregation of duties around payment posting and banking
- Additional layers of segregation added to the bank deposit and posting duties
- Full system integration of credit card processing, lead by the credit department
- Three-step review of all institutional purchase orders nationwide
- New policies and procedures around card not present credit card payment transactions at the point of sale. - Barry Hickman, Sr. Director of Credit, Dal-Tile Corporation
- We have started customer confirmation and in-house confirmation on all changes. - Peter Laney, Controller, Ohio Valley Aluminum Co. LLC.
- IT is putting a high focus on CyberSecurity including reassessing our credit card process. - Linda M Morich, Credit Manager, U.S. Mineral Products. Co., t/a Isolatek International
- More training. Added a fraud statement on our collection emails to customers. - Stu Sturzl, Sr. Credit Manager, Sargento Foods Inc.
- Training and process improvements in detection. - Kathy Brown, Funai
- Training, videos, 'fake' phishing campaigns to ferret out weakness, and dual-factor authentication. - Tony Warfield, VP Credit, D&H
- We have done more training of present employees. - Ken Okabe, EDM
- Require passwords to be changed every 90 days. - Michelle Wilson, Credit Manager, BEGA US Inc.
- I am not aware of any employee fraud within the company, and if there was, controls would not have come from within the credit department. However, the survey questions have prompted me to question our CFO. - Cheryl Fischer, Credit & OE Manager, Krug Inc.
|
