Keep an eye on your chip card.

Card/payment security is a key topic within organizations’ Commercial Card policies and procedures. You know the drill: lock them up when not in use, ensure a website is safe before entering payment information, be attentive to phishing tactics, etc. Have you overlooked anything? Maybe. According to sporadic media reports, a risk associated with chip cards is that the chip could fall out. The risk is very small, but possible. A displaced chip could be used to create a counterfeit card, but this requires a fraudster getting a hold of it. 

Generally speaking, chip cards are durable. I’m aware of card issuers trying all sorts of things to test the durability; for example, putting them through the washing machine. (Yes, the cards came out fine.) Now the question is, what should you do with this news?

What to Do

As part of your Commercial Card program management efforts, communication is important. The best overall advice is to be mindful, but not get hysterical.

  • Make cardholders aware.
  • Update your training presentations accordingly.
  • Ensure your policies and procedures direct cardholders to contact your card issuer if they realize their chip is missing or even loose.

To date, I have not heard of any chip problems with Commercial Cards. However, industry professional Theresa Blatner informed me about a case at her workplace involving an employee’s personal card. She explained, “It was being used in our cafeteria. I contacted the café manager who said that the chip was loose on the card. The reader indicated an error and defaulted to using the mag stripe. He also said that he has seen a few cards with faulty chips—two of them where the chip fell out.”

Final Thoughts

The small risk of chips becoming loose or falling out does not detract from the benefits of card usage. Chip cards still offer greater security than cards with only a magnetic stripe and, with any type of card, there is fraud protection. All this being said, it could be a driver for increased adoption of mobile payments if/when it makes sense. The beauty is, we have all sorts of options within the realm of Commercial Cards.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Check fraud by an AP supervisor.

How likely is it that check fraud could happen to your organization? The following case shines a spotlight on control gaps, as well as drawbacks of checks. Would the same thing have happened with card payments? Keep reading to learn about the crime (the AP perpetrator is currently awaiting sentencing), the control that not enough organizations are using, and what might have occurred if the payment fraud vehicle had been a Commercial Card. 

The Crime

As reported by KSTP-TV, Teresa Garin, former accounts payable supervisor for Hamline University in St. Paul, Minnesota, pleaded guilty last month to felony-level theft by swindle. Between August 2015 and February 2017, she stole nearly $160,000 in approximately 70 university checks, mostly written out to fake vendors that she created. In addition, she had cashed checks made out to legitimate vendors and, when they inquired about late payments, she cut duplicate checks to pay them. 

The university was alerted by their bank, which had noticed checks being deposited into Garin’s personal bank account. A police investigation ensued. Upon getting caught, Garin admitted to the scheme, saying she used the money to pay off bills, help with living expenses, and provide financial assistance to family members. Yes, she was fired. For details, read the article published by KSTP.

Control Gaps

As always when reading about internal fraud, I contemplated what might have allowed the crime to occur, such as:

  • Lack of separation of duties for 1) setting up new vendors and 2) cutting checks, including duplicate checks; it appears she could do everything on her own

  • No usage of the Payee Name Positive Pay service, which would have prevented her from cashing checks to legitimate vendors; see definitions below

Per AP Now’s 2017 Payment Attitudes Survey (www.ap-now.com), approximately 20% of respondents’ organizations are not using Positive Pay and/or Payee Name Positive Pay. Yet, it is one of the best things an organization can do to fight check fraud—besides scaling back on checks altogether.

Definitions  

Per 101 Best Practices for Accounts Payable by Mary Schaeffer:

  • Positive Pay is a service offered by most banks. As part of the service, companies transmit to their banks their check issuance file each time checks are written. The file contains a list of check numbers and dollar amounts. When a check is presented for payment, it is matched against the file. If there is a match, the check is honored and the check number removed from the file. If there is no match, the check is handled according to the preset instructions from the company.

  • Payee Name Positive Pay is an enhanced product that includes the payee’s name along with the check number and dollar amount in the file sent to the bank.

What About Cards?

Let’s imagine if Garin tried to accomplish a similar thing with a card. She was after cash, but, assuming an MCC block on cash/ATMs, this would not have been a good option for her. Further, setting up fake vendors to pay via a card (in order to obtain cash) would have been difficult. Even if she went the Square route to pay herself, she would have to provide personal information as part of the set up process.

If Garin made personal purchases with a Commercial Card, the key control would be manager oversight to spot issues. If her manager missed something, then effective auditing would be next. Another detective control is reports. As a program manager, I found value in the following, which would have quickly put Garin on my radar.

  • “New Vendors” report showing the first time a particular vendor was used

  • Report highlighting vendor spend; for example, when YTD P-Card spend with a vendor reached or exceeded $5,000

Final Thought

Does Hamline University use cards? With 70 checks totaling roughly $160,000, the average amount per transaction is just under $2,300. This is a prime target for P-Cards, which offer notable benefits and stronger fraud protection (e.g., liability waiver insurance). It is time for every organization to actively reduce check payments and expand electronic payments, including Commercial Cards.  

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Danger signs of card misuse.

Another case of Commercial Card misuse has made its way into the news. Once again, the culprit is a person who held a high-ranking position, which created a tricky situation for staff. Keep reading to learn what happened and the unique action that exposed the problem. As for your organization, what mechanisms are in place to protect against abuse by executives? Do you discuss the potential warning signs of card misuse or fraud? See examples below of what your organization should pay attention to.

Card Misuse Case

The situation occurred within a Minneapolis suburb—at the Shakopee Public Schools—but it could happen anywhere. If folks in the public sector are taking chances even with taxpayers’ eyes on them, imagine what could be happening at private organizations.

The following content is based on reporting by Shakopee Valley News.

Rod Thompson, the former superintendent (he recently resigned), began making personal purchases on his P-Card soon after he was hired in 2011, but it was not discovered until this year. In all, he made more than 100 such purchases—many were shipped directly to his home—totaling approximately $15,000. There could be more, as the investigation is still ongoing. Missing or partial receipts, as well as a lack of cooperation by the district, have made the investigative process more difficult.

Thompson reimbursed the district for some personal purchases, claiming he made them accidentally. Based on articles I’ve read, it seems he did not initiate reimbursement unless someone questioned him.

“Dr. Thompson realized the P-card (credit card) had been used as a default card when he made purchases through Amazon and PayPal,” district spokeswoman Ashley McCray said earlier this year.

Gee, how convenient. He never noticed that his personal card was not charged or his P-Card was used. All the more reason for organizations to adopt Amazon Business if Amazon purchases are allowed.

Things began to unravel in March when Thompson announced a $4.5M shortfall within the district due to “human errors made through a series of inaccurate budgeting assumptions, omissions and errors.” In addition, the school district’s cash reserves have been in a downward spiral since 2012. Further, when Thompson left his previous position with a different school district, there was a $700,000 accounting error. Hmmm…

Ultimately, it was a group of concerned Shakopee citizens, not the school board, that began digging into records, which revealed Thompson’s card use and led to police involvement. As a side note, the district is currently revising its P-Card policies and procedures.

More Information 

Shakopee Valley News offers more information on this story.

2018 update: See a follow-up blog post from Recharged Education about the outcome of this internal fraud case.

Credit cards are not dangerous; rather, inaction in response to questionable activity and/or a lack of controls are dangerous.

Credit cards are not dangerous; rather, inaction in response to questionable activity and/or a lack of controls are dangerous.

Possible Warning Signs

Some of the below are demonstrated in the Shakopee story, but I am adding others to round out the list. However, please keep in mind that the presence of a sign does not solidify misuse or fraud. It may simply highlight the need for further review.

  • Cardholder has self-reported (and paid back) more than one or two instances of accidental P-Card use for personal purchases

  • Any “accidental” use that is found by someone other than the cardholder

  • Cardholder fails to provide, or is late in providing, receipts for P-Card purchases; Thompson was guilty of this, even though his executive assistant said she tried repeatedly to get him to turn in late receipts

  • Receipts/supporting documentation do not clearly reflect what was purchased

  • Purported business purchases cannot be located

  • Budget issues within a department

  • A cardholder’s spend is higher than historical averages and/or that of other cardholders with a similar job position

  • Cardholder has personal financial struggles and/or obviously lives beyond their means

Final Thoughts

If an executive has a sense of entitlement, he or she can wreak havoc on an organization by pulling rank on anyone who questions a purchase. While some type of board must provide oversight, they cannot scrutinize everything, as nothing would get done. At some level, a board needs to trust executives. There is a fine line, but controls must prevail. See a related blog post Executive card fraud beyond beliefincluding some tips.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.