(Crain’s Chicago Business, 26 February 2007)
Just because criminals have moved online doesn’t mean they’ve stopped going through your garbage, says fraud expert Frank Abagnale Jr. He would know. His life as a con artist from age 16 to 21 was the inspiration for the 2002 Leonardo DiCaprio movie “Catch Me if You Can.” Crain’s asked Mr. Abagnale, 58, how businesses can protect themselves against security threats.
What financial crimes threaten companies the most in the Internet age?
It’s amazing to say this, but check forgery is still huge in the U.S. Last year, $20.6 billion in losses occurred from check forgery, with banks taking about 10% of those losses and businesses taking 90%. I’ve been teaching check forgery at the FBI Academy for 32 years, and I always thought it would go away, but it’s still as popular as ever.
We’re still very much a check-user society. Americans write 39 billion checks every year. Seventy-five percent of all payments from one company to another are made by check, even though we have the Automated Clearing House Network (a national electronic funds transfer system) and wire transfers.
Has technology made forgery easier to commit?
Yes. Forty years ago, if I was going to forge a company check, I needed a Heidelberg printing press, which costs $1 million. It was 90 feet long and 18 feet high. You had to know color separation, typesetting and graphic art. Today, you sit down at a laptop and pull up United Airlines’ Web site. You capture their logo in color and maybe one of their 747s taking off and you put that on the screen in check format. In 15 minutes, you have a check 10 times nicer looking than United’s actual checks.
What does a company that’s a soft target look like?
It’s a company that leaves information everywhere. If I was doing this today, I would be looking at doctors’ offices and those independent insurance agents who are one guy alone in a strip mall with a secretary. In a typical doctor’s office, the files are in a file cabinet without doors. I would find a janitor who cleans that building and say to him, “I don’t know what they pay you, but I’ll give you $100 for each file you pull down. I’m not asking you to steal anything — just copy their Social Security number, date of birth and name onto a Post-it Note.”
How could a company stop something like that?
You can never be 100% risk-free, but you can make it difficult for people to steal from you. For example, replace your garbage cans with shredders. Shredders are so inexpensive and quiet today that you should have one at every desk. Also, criminals will notice if you buy checks with no security features on them at Staples, so buy controlled check paper that’s not available through wholesalers.
Should business owners worry about how much access their employees have to company information?
Yes. You wouldn’t believe how many companies have their bookkeepers write, sign and reconcile their checks. Under the law, if a bank can prove that the bookkeeper does all this, the bank has zero liability. The owners say, “I trust her; she’s been with me a long time.” Well, the embezzler is always the trusted employee. After a while, the bookkeeper says, “This guy doesn’t know if he’s got $1.34 million or $1.33 million. If I take $10,000, he’s not going to know.”
What can companies do to protect themselves from their employees?
There’s software that allows companies to control who sees information. So if my secretary started to download my clients’ personal information, the computer would freeze up. The most expensive I’ve ever seen is $100,000, and there are more-affordable versions for small businesses.
Do companies need to spend a lot of money to protect themselves from financial criminals?
No. You can make minor changes that won’t cost a lot. For example, don’t have your officers’ signatures in your annual report on white paper with black ink that anyone can scan and put on a check. Also, I recommend that all companies use Positive Pay, a simple, free or low-cost service offered by most major banks. You write checks and, at the end of each day, your office downloads to your bank what’s called an “issue file.” It says to the bank, “Here’s all the checks we wrote today, the check number, dollar amount and who we wrote the checks to.” When they come back to your bank, each check has to match the file you sent or the bank will not pay.
©2007 by Crain Communications Inc.
Read this article at Crain’s Chicago Business.