- Fraud is a growing problem, with the Federal Trade Commission reporting consumer fraud losses increased 70 percent in 2021.
- Fraud hits SMBs particularly hard, with every $1 in fraudulent transactions costing businesses an average of $3.99.
- SMBs must be aware of external and internal fraud risks and understand how data breaches can increase the likelihood of fraud.
- This article is for business owners and consumers who want to learn more about the overall fraud environment and how to address it.
Whether it takes the form of a suspicious email, a random call from someone claiming to be from tech support, or a text asking for personally identifiable information, Americans are inundated with fraud attempts. Amid rampant scams and deceit, it’s no surprise that many Americans feel vulnerable to fraud. Even with consumer awareness, fraud rates continue to skyrocket.
We’ll examine the problem of fraud, how it affects consumers and businesses, and what SMBs can do to mitigate it.
Fraud is a growing problem
According to data from the Federal Trade Commission, reported fraud losses in 2021 increased more than 70 percent over the previous year. In total, American consumers reported losing more than $5.8 billion to fraud in 2021. Keep in mind that these numbers are for consumers alone and don’t reflect additional losses for businesses. Because fraud continues to be profitable, it’s no wonder that rates continue to increase.
Fraud has become harder than ever to avoid. The FTC received over 5.7 million consumer complaints in 2021, including fraud reports from more than 2.8 million people. While the nature of the complaints varied, the most common fraud types were imposter scams and online shopping scams.
Additionally, the agency received 1.4 million identity theft reports, marking a massive increase in the rate of identity theft. In 2019, for instance, there were only 650,572 cases of identity theft in the country, according to data from SafeHome. SafeHome estimates that 33 percent of U.S. adults have been impacted by identity theft at some point.
Identity theft directly feeds into other types of fraud, including the following:
- Payment fraud. Identity theft goes hand-in-hand with payment fraud, where a fraudster steals sensitive customer information in the hopes of accessing their credit card or online banking accounts. For instance, attackers can leverage stolen Social Security numbers, driver’s license information or email passwords to access victims’ online accounts.
- Data breaches. Unfortunately, data stolen through payment fraud and other methods is readily available if cybercriminals manage to breach a business that failed to secure its data properly. Like fraud in general, data breaches continue to be an overwhelming issue. According to a 2021 report from fraud prevention company SEON, 2021 saw 1,862 data breaches affecting 293 million people.
- Business email compromise scams. Data breaches can lead to other cybersecurity incidents, including using stolen credentials to gain access to a company’s networks or to abuse someone’s email address for more scams. For instance, the FBI’s Internet Crime Complaint Center (IC3) found that business email compromise scams skyrocketed in 2021, leading to almost $2.4 billion in losses. In BEC scams, bad actors use compromised email accounts to trick businesses into wiring money to fraudulent accounts. These scams can also involve stealing tax forms or employees’ personally identifiable information.
BEC scams skyrocketed in 2020 alongside other COVID-19 pandemic business scams that took advantage of more people working from home.
Small businesses have a role to play in data security
Fraud threatens consumers and poses an omnipresent menace to small businesses. For example, payment fraud significantly threatens a business’ bottom line — especially if the business sells online.
Here’s an overview of how online selling leaves businesses vulnerable:
- In-person sales. With in-person sales, a business isn’t responsible for fraudulent credit card transactions if it follows proper procedures, such as verifying the cardholder’s identity and using a chip-enabled card reader (card networks no longer require signature verification). If fraud occurred in these situations, the credit card’s issuing bank would be responsible for any fraud-related fees.
- Online sales. By contrast, in an online sale, a business can’t verify the cardholder’s identity at the time of purchase. A small business with an online retail store is liable for customer refunds if a card was used fraudulently. And, according to research from LexisNexis, every $1 in fraudulent transactions costs a business an average of $3.99, leading to massive risk — especially for SMBs.
Online fraud is one of myriad fraud types SMBs must guard against. Fortunately, businesses can take concrete steps to limit fraud:
- Keep employees informed. Businesses must communicate to employees their essential roles in preventing fraud and increasing data security. New hire training programs and ongoing employee educational efforts must address fraud, suspicious circumstances, and how to recognize scams. Like most small business cybersecurity elements, overall security is only as good as the least informed employee.
- Work with reliable software vendors. SMBs should ensure they have reliable software vendors. For example, the best point-of-sale (POS) systems help businesses track inventory and sales, process payments, manage customer lists, and implement role-based access controls to ensure only the right people can access specific information. POS systems can help increase workplace productivity while providing insights into who is using what data.
- Prepare for credit card processing. Accepting credit cards is essential for many businesses. When a business doesn’t accept credit cards, it will likely lose customers and sales. However, businesses must ensure they’re adequately prepared for credit card processing. For example, they must understand PCI compliance issues and work with a reliable credit card processor.
- Keep customers’ payment data secure. Businesses should also ensure customer data — such as credit card numbers and personally identifiable information like driver’s licenses or email addresses — is stored securely. Ideally, businesses should encrypt all sensitive data. This can help limit the damage following a data breach and stop potential malicious insider employees from using company data for fraud.
- Implement anti-fraud controls. Businesses should implement and closely manage robust anti-fraud controls. According to the Association of Certified Fraud Examiners’ Occupational Fraud 2022: A Report to the Nations, 29 percent of reported fraud was due to a lack of internal controls, and 20 percent was due to overriding existing controls — allowing employees or business owners to steal data and carry out fraud. Businesses can significantly reduce the chances of internal fraud by mandating unique, strong passwords across accounts and implementing strict access management policies.
According to Verizon’s 2021 Data Breach Investigations Report, 46 percent of reported cyber breaches impacted businesses with fewer than 1,000 employees. Causes were split between external attackers and internal actors committing employee fraud.
Fraud is not unavoidable
Fraud is a more extensive problem than ever, permeating all aspects of daily life. Whether through phishing, identity theft or data breaches, consumers and small businesses must be aware of and vigilant about fraud. However, fraud is not a foregone conclusion. Businesses have the means available to significantly limit the likelihood that fraud will impact them.
Similarly, individuals can take steps to protect themselves. Strong, unique passwords for each website or account go a long way toward protecting individuals. Consumers should always practice caution. Unexpected communications that play off of strong emotions — fear, surprise or happiness — should be treated with suspicion.
With enough awareness and wariness, businesses and consumers can help prevent