More than 120,000 small to medium size businesses experienced internal credit card fraud in 2018 that is referred to as “friendly fraud”. The words fraud and friendly don’t seem to go together. “Friendly fraud” is committed by someone you are friendly with. Not only are you likely friendly but, you likely consider the person committing friendly fraud against you to be like a family member to you.
How it Happens
In the simplest version, your employee issues a credit from your bank account to goes to their own personal credit card to pay down their balance. In most cases, we find that merchants seldom question credits, returns or voids that occur within a typical business day. Both credits and voids are frequently used to commit fraud against employers and may go undetected for a long time. We will share methods you can use to prevent product loss as well as the theft of money from your bank account. In the most common fraud scheme we see, an employee says that a customer called in with a complaint and in an effort to resolve the issue, your trusted employee issued a refund to make the customer happy. This likely would seem completely normal. The other method of friendly fraud occurs when your employee completes a transaction and then voids the sale as if it never happened. Their friend walks out of your business with a load of merchandise that was paid for as they left and then the transaction is erased while you sustain an unknown loss.
When an employee issues any type of credit, discount or adjustment that posts to a credit card, you need to compare the credit card number on the original sale to the credit card number receiving the credit. This isn’t just a good business practice, it is a requirement by the card brands. Always verify the last 5 digits of the card being refunded are exactly the same as in the original sale. Any type of refund or credit should be accompanied by a simple form of written documentation summarizing the original date and charge, the return/credit information and a written statement about what caused the adjustment. This form should require two signatures including the person initiating the credit and another employee who verifies the card digits and the purpose of the credit issued. If there is a claim that no other employee was available at the time the credit was issued, due diligence should be exercised in verifying all details of the specific transaction.
In the event an employee must void a transaction for any reason, a supervisor should perform the void and verify the situation that caused the need for a void. Voiding a transaction with some POS systems can completely eliminate the data as if the transaction never happened. This is a license to steal. This is why management should always be involved in a void and both the manager and employee should sign a document that includes the date, time and circumstances that caused the void. While this documentation may end up in a filing cabinet at the end of the day, a periodic review of voided transactions can help you identify specific employees that have a need to void transactions more than others. This can be an indication of either theft or the need for additional training.
Tips for avoiding friendly fraud:
#1 – POS Control
Always require management to be personally involved with each credit or void transaction initiated on a POS system. Some POS systems can be set up to require a management key or code to complete these types of transactions. We recommend you invoke this feature.
#2 – Terminal Password
Most credit card terminals can be set up to require a password to be entered for all credits, returns or voids. We recommend you use this function. Give us a call if you would like to set yours up like this.
#3 – Send Confirmation
If you have access to a customer’s email address, always send a confirmation email notifying your customer that a credit that was issued. This allows them to have written documentation that you followed through on your end. More importantly, it sends a red flag to your customer if they were not involved in a credit transaction.