Re-Alteration of Cheques
In altered payee schemes, remember that it is common for the perpetrator to take a cheque intended for a legitimate recipient and then doctor the instrument so that the perpetrator becomes the designated payee. But a cancelled cheque payable to an employee will obviously raise suspicions of fraud. Therefore, some employees re-alter their fraudulent cheques when the bank statement arrives. It has already been discussed how employees can alter cheques by writing the payee’s name in erasable ink when the cheque is prepared. These employees obtain a signature for the cheque and then erase the true payee’s name and insert their own. When the fraudulent cheques return with the bank statement, the employee erases his own name and re-enters the proper payee’s name. Thus, there will be no appearance of mischief.
Miscoding Fraudulent Cheques
Rather than omit a fraudulent cheque from the disbursements journal or list it as void, the perpetrator might write a cheque payable to himself but list a different person as the payee on the books. Usually, the fake payee is a regular vendor¾a person or business that receives numerous cheques from the victim company. Employees tend to pick known vendors for these schemes because one extra disbursement to a regular payee is less likely to be noticed than a cheque to an unknown person. The fraudster can also conceal a fraudulent cheque by overstating the amounts of legitimate disbursements in the journal to absorb a fraudulent cheque’s cost. For instance, assume that a company owes $10,000 to a particular vendor. The fraudster would write a cheque to the vendor for $10,000, but enter the cheque in the disbursements journal as a $15,000 payment. The company’s disbursements are now overstated by $5,000. The fraudster can write a $5,000 cheque to himself and list that cheque as void in the disbursements journal. The bank balance and the book balance will still match because the cost of the fraudulent cheque was absorbed when the amount of the legitimate cheque was overstated. Of course, the fact that the cancelled cheques do not match the entries in the journal should indicate potential fraud. This type of concealment is really only effective when the bank accounts are not closely monitored or where the employee is in charge of reconciling the accounts.
If possible, fraudsters will try to code their fraudulent cheques to existing accounts that are rarely reviewed or to accounts that are very active. Most of these cheques are coded to expense accounts or liability accounts. This particular method can be very effective in concealing fraud, particularly when the victim company is not diligent in reconciling its bank accounts. For instance, some organisations reconcile their accounts by cross-referencing cheque numbers with the amounts of the cheques, but they do not verify that the payee on the actual cheque matches the payee listed in the disbursements journal. These organisations will be unable to detect cheques that have been coded to the wrong payee in the disbursements journal.
Re-Issuing Intercepted Cheques
In intercepted cheque schemes, the fraudster faces detection not only through his employer’s normal control procedures, but also by the intended recipients of the stolen cheques. When the real payees do not receive their cheques they are likely to complain. These complaints, in turn, could trigger a fraud investigation. One way for a fraudster to avoid this problem is to issue new cheques to the intended payees.
An accounts payable troubleshooter was in charge of auditing payments to all suppliers, reviewing supporting documents, and mailing cheques. Every once in a while, she would purposely fail to mail a cheque to a vendor. The vendor, of course, called accounts payable about the late payment and was told that the invoice had been paid on a certain date. Since accounts payable did not have a copy of the cancelled cheque (because the fraudster was still holding it), it would call the troubleshooter to research the problem. Unfortunately for the company, the troubleshooter was the one who had stolen the cheque; she told accounts payable to issue another cheque to the vendor while she stopped payment on the first cheque.
Thus, the vendor received his payment, and instead of stopping payment on the first cheque, the troubleshooter deposited it into her own account.
Bogus Supporting Documents
Whereas some perpetrators attempt to wipe out all traces of their fraudulent disbursements by destroying the cheques, forcing the bank reconciliation and so on, others opt to justify their cheques by manufacturing fake support for them. These individuals prepare false payment vouchers, including false invoices, purchase orders, or receiving reports, to create an appearance of authenticity. This concealment strategy is only practical when the employee writes cheques payable to someone other than himself (such as an accomplice or a shell company). A cheque made payable to an employee might raise suspicions regardless of any supporting documents that he manufactures.
Detection of Cheque Tampering Schemes
Account Analysis Through Cut-Off Statements
Bank cut-off statements should be requested for 10 to 15 days after the statement of financial position’s closing date. These statements may be used to detect cash fraud during periods between monthly bank statements. Auditors often use cut-off statements to ensure that income and expenses are reported in the proper period. If employees know that a cut- off statement might be ordered at any time during the month and reviewed independently, cash fraud will be less likely.
A cut-off statement is generally ordered from the bank, delivered unopened to the auditor (or outsider), and reconciled. It can be ordered at any time during the accounting cycle. If cut-off bank statements are not ordered or received, obtain the following period bank statement and perform account analysis and investigation.
Copies of the bank reconciliations and account analysis should be obtained along with the complete set of bank statements on all chequing and savings accounts, as well as certificates of deposit and other interest-bearing and non-interest-bearing accounts. From the reconciliations, perform the following tests:
- Confirm the mathematical accuracy of the reconciliation.
- Examine the bank statement for possible alterations.
- Trace the balance on the statement back to the bank cut-off and bank confirmation statements.
- Foot the balance to the company’s ledger.
- Trace the deposits in transit to the bank cut-off statement to ensure recording in the proper period.
- Examine cancelled cheques and compare them to the list of outstanding cheques.
- Sample supporting documentation of cheques written for a material amount.
- Verify supporting documentation on outstanding cheques written for a material amount.
- Verify accuracy of nonoperational-cash or cash-equivalent accounts (CDs and other investment accounts). Analysis should include the verification of the institution holding the funds, interest rate, maturity date, beginning and ending balances, and current period activity. Book and bank balances should be compared and any accruals of interest analysed.
Another method related to the cut-off statement is the bank confirmation request. Unlike the cut-off statement, this detection method is merely a report of the balance in the account as of the date requested. This balance should be requested to confirm the statement balance as well as any other necessary balance date. If fraud is occurring at the bank reconciliation stage, this independent confirmation might prove to be very helpful.
Cheque Tampering Red Flags
The following irregularities might indicate fraud:
- Voided cheques might indicate that employees have embezzled cash and charged the embezzlement to expense accounts. When the expense is paid (from accounts payable), fraudulent cheques are marked and entered as void and removed from distribution points. An account-balancing journal entry is then made. The list of voided cheques should be verified against physical copies of the cheques. Bank statements should be reviewed to ensure that voided cheques have not been processed.
- Missing cheques might indicate lax control over the physical safekeeping of cheques.
Stop payments should be issued for all missing cheques.
- Cheques payable to employees, with the exception of regular payroll cheques, should be closely scrutinised.
- Such an examination might indicate other schemes such as conflicts of interest, fictitious vendors, or duplicate expense reimbursements.
- Altered endorsements or dual endorsements of returned cheques might indicate possible tampering.
- Returned cheques with obviously forged or questionable signature endorsements should be verified with original payee.
- Altered payees on returned cheques should be verified with the intended payee.
- Duplicate or counterfeit cheques more than likely indicate fraud. These cheques might be traceable to depositor through bank cheque coding.
- Questionable deposit dates should be matched to the corresponding customer accounts.
- An examination of all cash advances might reveal that not all advances were properly documented and, therefore, inappropriate payments have been made to employees.
- Customer complaints regarding payments not being applied to their accounts should be investigated.
- A questionable payee or payee address on a cheque should trigger review of the corresponding cheque and support documentation.
Prevention of Cheque Tampering Schemes
Cheque Disbursement Controls
The following list of activities will help tighten controls and possibly deter employees from giving in to the temptation to commit cheque fraud.
- Cheque “cutting” and preparation is not done by a signatory on the account.
- Cheques are mailed immediately after signing.
- Theft control procedures are adhered to.
- Accounts payable records and addresses are secure from possible tampering. Changes in vendor information should be verified.
- Bank statements should be reviewed diligently to ensure that amounts and signatures have not been altered.
- Bank reconciliations should be completed immediately after monthly statements are received.
- Bank reconciliations are not made by signatories on the account.
- Bank statements should be reconciled and reviewed by more than one person.
- Appropriate separation of duties should be documented and adhered to.
- Detailed comparisons are routinely made between cheque payees and the payees listed in the cash disbursements journal.
- Personnel responsible for handling and coding cheques are periodically rotated, keeping total personnel involved to a minimum.
Companies should work in a cooperative effort with banks to prevent cheque fraud. Consider the following control measures that might be taken in regard to a firm’s chequing accounts.
- Establish maximum amounts above which the company’s bank will not accept chequesdrawn against the account.
- Use positive pay banking controls. Positive pay allows a company and its bank to work together to detect fraudulent items presented for payment. The company provides the bank with a list of cheques and amounts that are written each day. The bank verifies items presented for payment against the company’s list. The bank rejects items that are not on the list. Investigations are conducted as to the origin of “nonlist” items.
Physical Tampering Prevention
The following list details cheque-tampering prevention techniques that are being used today by some institutions to secure businesses’ cheque integrity. These methods can be used individually or in combination.
- Signature line void safety band—The word VOID appears on the cheque when photocopied.
- Rainbow foil bar—A horizontal coloured bar placed on the cheque fades and is shaded from one bar to the next. Photocopied foil bars appear solid.
- Holographic safety border—Holographic images are created in a way that reflects light to reveal a three-dimensional graphic.
- Embossed pearlescent numbering—Cheques are numbered using a technique that is revealed by a coloured highlighter pen or by a bright light held behind the cheque.
- Other chemical voids—Cheques reveal an image or the word VOID when treated with an eradicator chemical.
- Micro line printing—Extremely small print is too small to read with the naked eye and becomes distorted when photocopied.
- High-resolution microprinting—Images are produced on the cheque in high resolution. This technique is very difficult to reproduce.
- Security inks—Cheques contain inks that react with eradication chemicals, reducing a forger’s ability to modify the cheque.
- Watermark backers—Hidden images can only be seen when the cheque is held at an angle. This image is very difficult to reproduce.
Cheque Theft Control Procedures
It is very important to provide internal controls that will minimise the possibility of cheque tampering and theft. The following is a list of items that should be incorporated into companies’ policies and procedures to help deter cheque tampering.
- New cheques should be purchased from reputable, well-established cheque producers.
- Unused cheques should be stored in a secure area such as a safe, vault, or other locked area. Security to this area should be restricted to authorised personnel only. Routinely change keys and access codes to storage areas.
- Review all hiring procedures. One of the most important means of fighting fraud is to not hire people with questionable backgrounds. Develop a distinct separation of duties in the accounts payable department, including written policies and procedures for all personnel who have the opportunity to handle cheques, from mailroom clerks to the CEO.
- Use electronic payment services to handle large vendor and financing payments, eliminating the use of paper cheques.
- Report lost or stolen cheques immediately.
- Properly and securely store cancelled cheques.
- Destroy unused cheques for accounts that have been closed.
- Printed and signed cheques should be mailed immediately after signing.
Electronic Payment Tampering
As businesses move to using electronic payments—such as automated clearing house (ACH) payments, online bill payments, and wire transfers—in addition to or instead of traditional cheques, fraudsters are adapting their methods to manipulate these payments as well. Some
of these fraudsters abuse their legitimate access to their employer’s electronic payment system; these schemes are similar to traditional cheque tampering frauds carried out by authorised makers. Others gain access through social engineering or password theft, or by exploiting weaknesses in their employer’s internal control or electronic payment system. Regardless of the means by which they log in to the system, the dishonest employees use this access to fraudulently initiate or divert electronic payments to themselves or their accomplices.
As with other schemes, once the fraudulent payment has been made, the employee must cover his tracks. However, the lack of physical evidence and forged signatures can make concealment of fraudulent electronic payments less challenging than other cheque tampering schemes. Some fraudsters attempt to conceal their schemes by altering the bank statement, miscoding transactions in the accounting records, or sending fraudulent payments to a shell company with a name similar to that of an existing vendor. Others merely rely on the company’s failure to monitor or reconcile its accounts.
Prevention and Detection of Electronic Payment Tampering
The most important practice for preventing and detecting electronic payment fraud is separation of duties. For example, in the case of online bill payments, such as those made through a bank’s website or a third-party business-to-business payment service, separate individuals should be responsible for maintaining payment templates, entering payments, and approving payments. For wire transfers, duties for creating, approving, and releasing wires should be segregated. And to prevent attempts to conceal fraudulent electronic payment activity, no individual involved in the payment process should reconcile the bank statement or even have access to it. In addition to separating duties, companies should consider segregating their bank accounts to maintain better control over them—for example, separate accounts can be used for paper and electronic transactions.
Account monitoring and reconciliation should be performed daily so as to quickly spot and notify the bank of any unusual transactions. Depending on the accounting software in use at the company and the account reconciliation offerings of its bank, much of the reconciliation process can be automated. Additionally, many banks are able to provide daily itemised reports of outstanding payments in addition to a list of those payments that have already cleared.
In guarding against improper access to electronic payment systems, proper management and protection of user access and account information are essential. All log-in information, such as usernames and passwords, should be heavily guarded, with passwords changed frequently and user access immediately deactivated for any user who no longer has a need for it (e.g., a terminated employee or an employee who has changed roles). Although most electronic payment systems will eventually time out, users should log off immediately when they are finished using the system or if they need to leave their computer unattended, even if only for a short time. Unattended computers that are logged on to a payment system provide fraudsters with a free pass to the company’s bank account. In one instance, an employee
who was working in the company’s electronic payment system left his computer unattended for less than ten minutes so that he could grab a cup of coffee. During that time, another employee who shared an office with him was able to wire $3,273 to an existing vendor with whom he was in collusion. Because the victim company performed daily account reconciliations, the fraud was caught the next day. The fraudster was fired immediately, and the individual who left his computer unattended while logged on to the system was reprimanded.
Bank Security Services
Most large banks offer a number of security services that can help business account holders mitigate fraud through early detection and prevention of fraudulent electronic payments. For example, ACH blocks allow account holders to notify their banks that ACH debits— whether authorised or not—should not be allowed on specific accounts. ACH filters enable account holders to provide their banks with a list of defined criteria (such as the sending company ID, account number, and transaction code) against which banks can filter ACH debits and reject any unauthorised transactions. Positive pay for ACH is another security feature offered by banks to their account holders. With positive pay, banks match the details of ACH payments with those on a list of legitimate and expected payments provided by the account holder. Only authorised electronic transactions are allowed to be withdrawn from the account; exceptions are reported to the customer for review.
Organisations can also set up their commercial banking software to restrict access to specific banking activities—such as viewing transactions, viewing bank statements, initiating electronic payments, or setting up ACH blocks or filters—to designated individuals. Companies should incorporate this feature into their internal control system to enhance separation of duties. For example, any individual authorised to make payments should not be permitted to set up ACH blocks or filters, or to submit positive pay information. In addition, businesses can customise their banking software to incorporate features such as dual authorisation for certain transactions and daily or individual transaction limits.
Companies can further enhance their protection against unauthorised access to an electronic payment system through the use of their banks’ multifactor authentication tools, mechanisms that combine two or more methods to validate the identity of the person attempting to access the system. These tools—such as tokens (physical devices that authorised users provide in addition to their passwords to prove their identities electronically), digital certificates, smart cards, and voiceprint recognition software—can help businesses overcome the problem of compromised credentials, such as usernames and passwords.