ASSET PROTECTION: Fraud Schemes That Target Businesses and Medical Practices
Asset Protection includes being informed of all your personal and professional risks, it's not just "lawsuits and trusts". Both internal and external fraud schemes target small businesses and medical practices at the end of every year, here are some common ones to look for.
INTERNAL SCHEME: OverpayingEmployee intentionally overpays legitimate invoices to generate refunds. Refunds from vendors are then diverted back to an account controlled by the employee.
INTERNAL SCHEME: Paying false invoicesEmployee issues payments for invoices to a company that that does not exist or that they or a partner created. Variations may include those with shipping and receiving authority that verify receipt and inventory for an accounting department that then, intentionally or unintentionally, pays these "confirmed" bills.
INTERNAL SCHEME: Over-orderingEmployee orders materials that are billed to you and are actually delivered but used and resold somewhere else, while you receive no value. We've seen this happen with medical supplies, drugs, office supplies and electronics, to name just a few.
INTERNAL SCHEME: Kickbacks and undue influenceEmployee with purchasing authority diverts purchases or even referrals to get something in return, often at the expense of the employer. In some cases, conspirators are awarded with cash payments, in others it may be gift certificates, sports tickets, elective medical procedures (one thief "earned" breast implants this way) for what they refer to the third party, including in the worst cases, specialty physicians, labs, and imaging centers. Are your customers or patients being "diverted" this way to people you ordinarily wouldn't trust with your reputation?
INTERNAL SCHEME: Wage TheftAll business owners must continually be alert to attacks on their payrolls with padded hours, false pay rates, and even phony employees, where one employee can punch two or more time cards. Watch for overtime and holiday pay issues in particular.
INTERNAL SCHEME: Plain Old TheftNot every scheme is complex. Failing to record cash payments and pocketing the money or simply stealing from the cash register is common. Payments can also be intercepted and stolen from the mail before you ever see them so be mindful of patterns of unusual discounts and credits. This also creates a data breach exposure as payment info can be exposed; a stolen check for $100.00 could create a six-figure liability. Inventory controls are obviously important as well, we've seen a variety of expensive things stolen by or with the help of an employee.
Common External Threat - Invoice FraudAt year end, the volume of incoming bills and invoices may actually more than double, as annual renewals, regular recurring bills and even bills for services, rents or materials to be incurred in 2017 will be mailed early to allow you the opportunity to pay before December 31st to take advantage of possible 2016 deductions (check with your CPA). These criminals bill your business for expenses you would logically incur including printing, insurance, licensing, supplies, memberships, subscriptions, insurance, and even taxes, and fraudulent "fair labor standards violations" and other official sounding but fake government agency administrative fees.
Some invoices are overtly fraudulent, billing you for goods and services you never received or ordered with vendors you don't actually deal with, but the more sophisticated ones may use the actual names (or lookalike names) of vendors you actually deal with and substitute their own addresses, websites or phone numbers for payment.
Specific Red Flags To Look Out For1. Invoices from known or unknown vendors and bills from out of state or out of the country for goods and services delivered locally.
2. As series of invoices with consecutive numbers from the same vendor (are you the only client?), as well duplicate invoices or invoices in amounts or frequency outside your regular spending pattern.
3. Bills, correspondence and websites with serious grammatical and spelling errors, photocopies or otherwise unprofessional looking markings.
4. Calls, emails or letters asking for updated payment or credit card info, especially if the card isn't expired. Most conmen get credit card numbers just by asking.
5. Fake websites, malicious links in emails, and "invoice attached" attachments from unknown vendors or creditors. A simple PDF can let scammers get a look at everything in your computer, including patient information.
6. Phone numbers and addresses that are wrong or unverifiable.