Fraud prevention (in the age of remote work)

When three factors come together, fraud is likely to occur. The so called “fraud triangle” consists of the following:

  • The fraudster must feel some kind of financial pressure.
  • The fraudster must perceive an opportunity to execute the fraudulent action.
  • The fraudster must be able to rationalize their deviant behavior.

Remote work presents an opportunity – or at least the perception of one – for a would-be fraudster.  The possibility of a co-worker or a supervisor coming by for an unscheduled visit may keep some employees honest. Without this possibility, an employee may be emboldened to steal personally identifiable information – such as a social security number or driver’s license number. An employee who takes payments from customers may have access to a credit card or bank account number. These numbers might easily be set aside by an employee with the motivation and opportunity to do so.

What can an employer do it mitigate against the risk presented by remote work? The employer should make sure its anti-fraud preventions are as strong as ever. Below are a few tactics that an employer should deploy:

An employer should tighten its standard accounting internal controls. For example, the employer should separate the “handling” function from the “record keeping function” such that the same employee that receives and deposits money is not also charged with logging transactions and minding the books.

Another tactic involves the use of biometrics for authentication. Biometrics include a person’s voice, their fingerprints, and even their patterns of speech. Requiring an employee to log on for each session by using such inherent characteristics may serve as a bulwark against fraud.

An employer might also carefully delegate authority for certain types of transactions. For example, an employer could restrict an individual employee’s ability to conduct transactions over a certain dollar value – requiring supervisory approval for a transaction to be processed. Delegation of authority might be temporally limited such that an employee’s access automatically expires after a set amount of time. This allows an employer to review the employee’s work for the previous period of time to ensure accuracy.

No matter how an employer chooses to protect itself, some degree of fraud may be inevitable. Nonetheless, by enlisting strong anti-fraud controls, the probability of minimizing the scope of loss – and identifying a culprit – increases by a significant margin.

Archives