When setting up and growing a new business, be it a one person trader or major new enterprise supported by venture capitalists, there are many things to be done: Identifying potential suppliers, targeting customers, establishing presence with online market places, implementing a social media strategy… the task list is endless. With so much on your mind it is all too easy to neglect an issue which could cause your business to fail: fraud.
You may well have given some consideration to general risks in your new business but have you really considered what fraud risks you may face? This is an important topic for any business but it is even more crucial for those are operating in an online environment as the issues are very diverse.
Key Fraud Risks
There is a plethora of different ways that you can become a victim of fraud, some issues will be common to all businesses but others will be specific to your type of business. Since we are moving ever faster into an online economy let us focus on a few common issues faced by eCommerce businesses:
- False Identity: “On the internet, nobody knows you’re a dog”. This is a famous adage which began as a caption to a cartoon in The New Yorker in 1993, but personally I prefer “On the internet, nobody knows you’re a cat”. Ten years on and this adage still rings true. Do you really know your customer? What about KYS (Know Your Supplier)?
- First Party Fraud: This is where the offender is a genuine person but they are intent on defrauding you. Perhaps by falsely claiming non-delivery of a high value item, or claiming they never made an order when in reality they did.
- Malware (Malicious software) and Phishing: So you have just obtained a £20,000 business loan to help your business grow – congratulations! The last thing you want to happen now is to lose this important loan because your online business banking account has been compromised due to malware. Damage caused by malware can range from minor annoyances such as spam links being sent out via your Twitter account, to extremely damaging such as your website being taken offline, preventing you from trading and damaging your reputation.
- Identity Theft: Consumers are becoming increasingly aware of this issue but did you know that it is just as easy to steal the identity of a business? In some cases it is actually easier to steal the identity of a business compared to stealing the identity of an individual.
- Hacking and Data Compromise: Criminals across the world recognize the value of data and over the last few years there have been some very high profile cases against major corporations (Sony recently fined £250,000 by the ICO, TJX, LinkedIn) but any organization holding valuable data can become a target. When it comes to personal data you should also consider any legal and regulatory requirements such as PCI DSS.
Argh! I am a Victim, What Should I Do?
Firstly, don’t panic! Incidents of fraud against both individuals and businesses in the UK should be reported to the police via Action Fraud. Review what has happened, is there a gap or failure in your counter-fraud strategy? By recognizing how the incident has occurred and identifying what has happened you are in a good position to strengthen controls and minimize the risk of a repeat attack.
Depending upon the severity of the attack and losses you may wish to engage with professionals to assist with investigations, look at potential recovery of losses and implementation of controls to guard against further incidents.
Counter Fraud Measures
While some of the issues may seem frightening there are measures that you can take to reduce the risk of being a victim of fraud. Firstly you should identify what the risks are to you and your business. Now identify mitigating actions, some actions might be simple such as ensuring that any passwords to online accounts and services are strong and changed on a regular basis, others may need some planning such as ensuring your website is sufficiently secure and resilient from attacks.
You now have the beginnings of an anti-fraud strategy which you can implement – you will most likely want to identify some kind of prioritization so that the most important risks are addressed first.
For some businesses defining and implementing an effective strategy be a difficult task. You may not have sufficient knowledge or skills to protect your business from fraud. Help is however available and it needn’t cost the earth. You can obtain general information and advice free from The Fraud Advisory Panel and from Action Fraud. There are fraud forums that meet regularly to discuss current issues, trends, and to share best practice techniques, examples are The P&A Fraud Prevention Forum which has a focus on business to business fraud and UK regional fraud forums. You may want some professional advice or training from specialist consultancies or a counter fraud practitioner.
Stay safe out there and remember “On the internet nobody knows you’re a cat”, or do they…?
Darren from TheFraudTube writing on behalf of ezbob – Finance for E-commerce