On a regular basis, the e-commerce director at a Pennsylvania manufacturer used PayPal, as well as other digital and person-to person payment systems to buy equipment and services on behalf of the company.
The convenience of clicking a few buttons – instead of cutting physical checks or going through the hassle of a wire transfer – offered speed and convenience.
There was only one problem: many of the transactions were bogus, and over a two-year period the director funneled about $170,000 into his own bank accounts, according to Jeremy L. Witmer, a senior consultant in the business consulting services group at the professional services firm RKL LLP, which has offices across Central Pennsylvania.
There was “almost no oversight of the e-comm director,” according to Witmer. “His acts weren’t discovered until the company did a budget-to-actual review and found that more than $60,000 was paid to a web developer but never budgeted. The CFO asked for documentation, and realized the paperwork was faked. At that point we were called in.”
The firm worked with the State Police on the case, and the (soon-former) e-commerce director pleaded guilty, served time and had to make restitution.
“One of the reasons he was able to get away with this for so long was that the company didn’t have a procedure to verify and approve new vendors,” added Witmer.
The problem of fraud is a big one, according to a February posting from the information technology company IBM. “Online payment fraud losses from e-commerce, airline ticketing, and money transfer and banking services are expected to reach $48 billion by 2023, more than double the $22 billion in losses estimated for 2018,” noted the report, citing data from Juniper Research. “With the global rise in instant payment schemes, specifically new P2P payments methods, Juniper Research forecasts fraud losses for money transfers increasing by over 20 percent per annum to $10 billion in 2023.”
“We want to live in frictionless, one-click world, but that can bring its own problems,” said Jonathan T. Marks, a partner at the advisory, tax and assurance firm Baker Tilly and member of the forensic team. “When your bank account is linked to an outside payment provider, you need to be aware of what’s going on, and constantly monitor your transactions. Many people don’t bother to set up account alerts [which signal them about a variety of issues, including a transfer of funds above a certain dollar amount]. Even when merchants and individuals utilize two-factor authentication and other safeguards, that only helps to guard against — but won’t necessarily completely prevent — fraud.”
Financial institutions are also doing their part, he added. “If I use my credit card to buy gas in my hometown, and 60 seconds later my ‘card’ is charged for thousands of dollars of purchases in, say, Chicago, my bank may freeze the account. So that’s part of the solution, but there’s no single one-size-fits-all answer. You have to tailor a solution to fit each business and every transaction, because fraudsters are persistent and creative.”
No safety net
Nothing is 100 percent safe, according to Scott Groner, business technologist at the CPA and business consulting firm Concannon Miller in Hanover Township, Northampton County, but businesses and consumers alike can take some precautions, even if they involve tradeoffs.
“Merchants should try to know their customers,” he said. “When possible, request some form of valid identification, even though this may defeat the ease of digital transactions.”
He also has some advice for consumers when it comes to digital wallets, which can let them make in-store purchases by swiping their smartphones or other devices, instead of having to dig out a physical credit card.
“The beauty of using a digital wallet is that it’s not vulnerable to ‘skimmers’ [fraud devices attached to ATMs and other inputs that can swipe credit and debit card information], the way a physical card may be,” he said.
“But beware of using your mobile device on public wi-fi connections, since hackers may then be able to access your digital data,” he added. “Also, set your smartphone to lock after a certain period of time, so if you lose it, a hacker will have a tougher time getting into it. Finally, merchants and consumers alike should check their credit card and other account statements on a frequent basis to try to spot suspicious activity.”
Like freedom, the price of online financial security is eternal vigilance.