Practice embezzlement has been on the rise in recent years. In fact, three out of four physicians will suffer some financial loss from employee dishonesty over the lifetime of their practice, according to the Medical Group Management Association. But whether a known party or stranger:
- It usually takes about 18 months for evidence of fraud to surface
- Losses can reach the mid-six figures by the time criminal activity is detected
- Know that some fraudsters wait to target businesses over long holiday weekends.
Nipping fraud in the bud is far easier then dealing with its aftermath. Practices should implement internal controls just like any business—like closing out the credit card machine daily with manager oversight to approve refunds or voids.
For your business credit cards, some basic precautions can go a long way in protecting your practice against theft, or at least minimizing the damage.
- Control who sees your credit card information. If your receptionist opens your mail, you might instruct this person to give unopened credit card bills to you or your bookkeeper. Have all statements scanned into a password-protected computer then shred the paper documents. Better yet, ask that all business credit cards be managed online to save time and avoid any mail fraud issues. And it never hurts to have more than one employee involved in your accounting process for good oversight.
- Make sure statements are reviewed ASAP. Report anything suspicious no matter how small. A common criminal tactic is to make small purchases on a compromised card, typically $5 or $10, and wait to see if the fraudulent transaction is noticed before making larger purchases.
- Do random statement reviews. If it’s not feasible for you to review all your credit card statements, review a random selection every few months to stay on top of your office spending patterns. (Do the same with a random selection of bank reconciliations and statements.)
- Consider freezing your personal credit file. In most small businesses, owners are required to provide a personal guarantee for business accounts, and may be subject to credit check. If not actively applying for new credit, you can place a security freeze on your personal credit to prevent unknown businesses from accessing your credit file. This can help minimize opportunities for thieves to fraudulently list you as a guarantor or open new credit accounts in your practice’s name.
- Educate your employees on phishing scams. A caller says he is with your credit card company “investigating” a potential identity theft and needs your account information. Hang up. Your credit card company already has this data. Similarly, delete all legitimate-looking emails that ask you to verify sensitive information like your 3-digit security code. Clicking on links or opening attachments can infect your computer with nasty spyware.
- Monitor your business credit reports regularly for any changes in your scores and ratings. Though Dun & Bradstreet (https://www.dandb.com/credit-signal/) may be the most recognized source of business credit reporting, Equifax (equifax.com), Experian (experian.com), and TransUnion (transunion.com) also provide business credit services.
You want to focus on providing quality care. Entrusting your day-to-day operations to front-office employees is a practical way to run a successful business—but only with the right oversight and internal controls.
EMV Chip Credit Cards—the Newest Weapon for Fraud Protection
It stands for “Europay, MasterCard, and Visa” and it’s the latest defense against credit card “skimming”—where scammers capture card information with a quick swipe through an illicit card reader. Officially launched in October 2015 in the U.S., the EMV card features an embedded microchip (along with the traditional magnetic stripe) that makes the card extremely difficult to counterfeit. In the U.K., the move to the EMV Chip card helped reduce counterfeit card fraud by over 70% in 2012.2
2 Fighting Fraud Action UK, “Fraud, The Facts 2013” report
Contact Henry Schein Financial Services: 800-443-2756 • firstname.lastname@example.org