Credit cards are part of everyday business transactions. However, they present just as serious a security risk as cash does. While criminals external to your business can steal these cards, very often credit card fraud is an inside job. How can you prevent this type of fraud from happening in your company?
Between 2010 and 2012, Hlomane Chauke – former MEC of sports, arts and culture – allegedly ran up expenses of R243 000 on a government credit card. The problem is that he couldn’t account for these expenses. While relevant government departments are seeking an intervention to recoup the money from him, the case does highlight the real problem that credit card fraud presents in public and private sectors.
Many companies aren’t always aware of the misuse of company credit cards. Issuing a credit card to an unscrupulous employee is akin to giving them permission to commit fraud from inside your company.
In South Africa there has been an increase in credit card fraud
In 2012, according to the South African Banking Risk Information Centre banks lost over R300 million to credit card fraud and in 2013, this increased by a staggering 22% to R366 million. You can be sure that a significant percentage of the fraud being committed involves company-issued credit cards.
When an employee is given a credit card, they have access to all the information pertaining to that credit card, including PIN and security codes. Often, the employee will know if their use of the card is being monitored.
If no-one keeps tabs on how much employees spend on their company credit cards, misappropriated amounts can escalate into hundreds of thousands of rands. Worse, the credit card fraud may only be discovered once the employee has left the company.
There are two main types of company credit card fraud
In the first scenario, employees use the card to purchase personal items — from filling up their spouse’s car right up to purchasing luxury items, such as artwork and clothes. Often, these employees will use a deceitful method called ‘double dipping’ where an employee incurs a legitimate credit card expense and at the same time submits an invoice to be reimbursed for the same item. For example:
A business lunch paid for on the company credit card will show up on the credit card invoice, while the restaurant bill is submitted for expense reimbursement.
If the employee is caught out, they could simply say it was an innocent duplication. While it may be a mistake, it would be wise to keep a closer eye on the employee.
How can you stop credit card fraud in your company?
There are some red flags to watch out for with credit card fraud. As always, vigilance is the first rule of security – you must be alert for anything out of the ordinary:
This can be as something as simple as a purchase made with the company card over a weekend or public holiday made without a proper, or forged, invoice.
Watch out for large overnight delivery orders. An underhanded employee will want to have the order logged, paid for and delivered before any irregularity is discovered and the order is cancelled.
As a rule, I believe that it’s better to start with a detailed company policy on the proper use of business credit cards, including a stringent credit limit that is set up with the bank:
Before giving out a credit card, ensure that the employee undergoes a background check. This should also include a credit check to establish if they’re able to use the card responsibly. It should also include an integrity assessment.
When a case of fraud has been discovered, it’s important to take immediate action to limit the damage. Maintain a secure list in your HR department with details of card users, account numbers and their cellphone numbers. Also keep the bank’s ‘stop card’ numbers on this list.
Actively monitor card usage to prevent fraud. Don’t give an employee free reign — let them know you’re watching them.
Check that an employee’s card balance is proportional to his position within the company. Limit the number of credit cards issued and ensure employees take accountability for the card.
Always ensure that the credit card statement isn’t sent to the holder of the company card. This critical information should be sent to a divisional manager or senior HR manager.
Jenny Reid is the owner of iFacts and started her career in the security industry in 1995, working her way up the corporate ladder. Early on in her career, Jenny developed a passion for employee screening and this is what drives her business today.