More than 120,000 small to medium size businesses experienced internal credit card fraud in 2018 that is referred to as “friendly fraud” or “family fraud”. The words fraud, friendly and family don’t seem to go together. “Friendly fraud” is committed by someone you are friendly with or perhaps an employee that you consider to be “family”.
How it Happens
In the simplest version, your employee issues a credit from your bank account that goes to their own personal credit card to pay down their own personal balance. In most cases, we find that merchants seldom question credits, returns or voids that occur within a typical business day. Both credits and voids are frequently used to commit fraud against employers and may go undetected for a long time. We will share methods you can use to prevent product loss as well as the theft of money from your bank account. In the most common fraud scheme we see, an employee says that a customer called in with a complaint and in an effort to resolve the issue, your trusted employee issued a refund to make the customer happy. This likely would seem completely normal. The other method of friendly fraud occurs when your employee completes a transaction and then voids the sale as if it never happened. Their friend walks out of your business with a load of merchandise or free services that was paid for as they left and then the transaction is erased while you sustain an unknown loss.
Monitoring Credits/Returns
When an employee issues any type of credit, discount or adjustment that posts to a credit card, you need to compare the credit card number on the original sale to the credit card number receiving the credit. This isn’t just a good business practice, it is a requirement by the card brands. Always verify the last 5 digits of the card being refunded are exactly the same as in the original sale. Any type of refund or credit should be accompanied by a simple form of written documentation summarizing the original date and charge, the return/credit information and a written statement about what caused the adjustment. This form should require two signatures including the person initiating the credit and another employee who verifies the card digits and the purpose of the credit issued. If there is a claim that no other employee was available at the time the credit was issued, due diligence should be exercised in verifying all details of the specific transaction.
Monitoring Voids
In the event an employee must void a transaction for any reason, a supervisor should perform the void and verify the situation that caused the need for a void. Voiding a transaction with some POS systems can completely eliminate the data as if the transaction never happened. This is a license to steal. This is why management should always be involved in a void and both the manager and employee should sign a document that includes the date, time and circumstances that caused the void. While this documentation may end up in a filing cabinet at the end of the day, a periodic review of voided transactions can help you identify specific employees that have a need to void transactions more than others. This can be an indication of either theft or the need for additional training.
Tips for avoiding friendly/family fraud:
#1 – POS Control
Always require management to be personally involved with each credit or void transaction initiated on a POS system. Some POS systems can be set up to require a management key or code to complete these types of transactions. We recommend you invoke this feature.
#2 – Virtual Terminal User Rights
Most virtual terminals allow for individual users to be created and associated with a specific set of permissions. Limit the individuals in your organization who have the user rights to process a refund, credit or void. Make sure to de-activate user accounts when an individual is no longer an employee.
#3 – Physical Terminal Password
Most credit card terminals can be set up to require a password to be entered for all credits, returns or voids. We recommend you use this function. Give us a call if you would like to set yours up like this.
#4 – Send Confirmation
If you have access to a customer’s email address, always send a confirmation email notifying your customer that a credit that was issued. This allows them to have written documentation that you followed through on your end. More importantly, it sends a red flag to your customer if they were not involved in a credit transaction.
#5 – Turn off Unreferenced Credits
If you are processing payments through a gateway or virtual terminal, there are many tools you can implement to reduce the likelihood of fraud. An unreferenced credit occurs when funds are credited to a credit card that was not used to make an original offsetting purchase. If unreferenced credits are enabled, an employee has the ability to credit any credit card including their own.
Should you have any questions about this article or need any guidance, please don’t hesitate to reach out to Remedy Payment Solutions at 714-461-2200 or info@remedypayments.com.
Remedy is powered by Chosen Payments whom is a registered ISO and FSP of Wells Fargo Bank, N.A., Concord, CA and BBVA USA, Birmingham, AL., and Elavon, Inc., N.A., Atlanta, Georgia, and Evolve Bank & Trust; Memphis, TN., and Merrick Bank, N.A., Draper, UT.