The risk of fraudulent transactions continues to limit the ability of companies to expand the distribution and allowable usage of both the purchasing card (PCard) and the travel card. While the appropriate use of merchant category codes (MCCs) and monetary limits is a key cornerstone of any card fraud prevention structure, in recent years new tactics and technologies have been developed that can help to mitigate these risks, when implemented and administered properly. Some of these solutions have been developed by software solution providers, while others are being developed within companies to address their own specific requirements.
As part of a recent Peeriosity PeercastTM on the topic of Corporate Card fraud, a major aerospace/defense company presented their approach to controlling corporate card fraud. With over 42,000 cardholders and millions of card transactions taking place each year, this company wanted to be very proactive in how it protected itself from fraudulent card transactions and card misuse.
The following is the four-pronged approach to their fraud detection framework:
- System Controls
- Detailed receipts required for expenses greater than $75 enabling auditors to verify business related expenses for the employee
- Manager approval is required on all expense statements
- Auditors review and ensure the expense dates align with employee reported trip dates
- Expenses categorized as other/other are flagged requiring detailed auditor review
- Continuous Monitoring
- Past due balances of $250 and higher are monitored weekly
- Past due notices are sent monthly and managers notified
- Corporate Card Manager Report sent monthly and manager review is required
- Post Payment Data Analytics
- Un-expensed transactions
- Frequent out of pocket expenses
- Group meals
- Duplicate expenses
- Account Reconciliations
Having developed internally a fraud control system, this company is able to visualize massive amounts of cardholder data to allow them to detect unusual employee behavior, even on an individual cardholder basis. They are then able to closely monitor specific cardholder accounts and zero in on those that have fraudulent activity taking place.
Reviewing the results of the iPollingTM questions related to this particular Peercast, the first question addressed the extent to which technology was utilized at companies to decrease exposure to corporate card fraud. Not surprisingly, most companies (59%) responded that they utilize technology to uncover risks, but there is much more they can be doing in this area. When combined with the 29% that only utilize fraud prevention technology on a limited basis, it results in 88% of the companies having a significant opportunity for improvement in this area.
The second poll question then addressed the topic of what is the biggest challenge companies are facing in employing more technology to monitor risks associated with corporate card fraud.
What is interesting about the results of this second poll question is that 56% of the companies recognize the need to employ more technology in addressing the fraud challenge, but either have competing priorities that are a higher priority or they can’t identify the proper technology to get the job done. The concern with card fraud is that companies can develop a false sense of security that their existing systems and controls are more than adequate, while, in actuality, there could be a significant control breach that they are not even aware of. With the large number of cardholders and high monetary amounts of transactions flowing through the typical corporate card program, comes the need to continually upgrade the capabilities of the fraud detection systems and controls to match the increased exposure that the company faces.
Some comments from this poll include the following:
- We utilize many tools (such as MCC limits and velocity parameters) through our commercial card provider to mitigate fraudulent charges.
- Beefing up our efforts in this area is on our radar. Some activities are underway, but managing priorities and resources is presenting the current lag.
- We utilize MCC templates to block certain merchants from our cards as well as monetary limits. We also use Microsoft Access to target specific activity for audit based on MCC, merchant name, comments entered by cardholders, etc.
- Our corporate card for US/Canada is: Individual Charge, Central Pay (via Concur), and 100% Corporate Liable. Employees’ expenses and charges are populated into the Concur Expense Tool, with approval for payment provided by individual manager. Detailed reporting and auditing of expenses is provided monthly by my team, and internal audit has full access rights to view historical data based on any findings or concerns. Since charges are populated to Concur Expense, Employee Card Holders are able to review and validate charges are legitimate within a few days. Individuals will contact the Global T&E Team when they observe fraudulent charges, requesting disputes and replacement cards. In CY14, 95% of all possible charges were placed on the card; $0 in fraud was tracked.
Is your company leveraging the latest technology to keep corporate card fraud to a minimum? How confident are you regarding the integrity of your card program?
Who are your peers and how are you collaborating with them?
“iPollingTM” is available exclusively to Peeriosity member company employees, with consultants or vendors prohibited from participating or accessing content. Members have full visibility to all respondents and their comments. Using Peeriosity’s integrated email system, Peer MailTM, members can easily communicate at any time with others who participated in iPolling.
Peeriosity members are invited to log into www.peeriosity.com to join the discussion and connect with Peers. Membership is for practitioners only, with no consultants or vendors permitted. To learn more about Peeriosity, click here.