wwwHow about a seven million dollar reminder to not only establish solid processes and procedures, but also provide training and remind employees of the importance of following processes?
The Details. In Apache Corporation v. Great American Insurance Company, Apache ultimately lost a suit against its insurance company when seeking payment under a computer fraud provision. The legal details aren’t necessary for our purposes, but if you are interested, you can read the case here. What is fascinating is Apache’s multiple payments totaling almost $7 million due to fraud. The course of events leading up to the loss include:
- A phone call from a person purportedly employed by a legitimate vendor, Petrofac, to Apache employee asking Apache to change bank account information for payments sent to Petrofac.
- Apache employee denied request, asking for formal request on company letterhead.
- One week later accounts payable received an email request from “petrofacltd.com” for future payments to be made to a new bank account. The real domain was “petrofac.com.”
- The email attachment was on fake letterhead and signed providing old and new bank account information. It is unclear if the old bank account information was legitimate.
- Apache employee called the number on the letterhead to confirm. The employee should have gone back to the vendor file to get the correct contact information.
- A second Apache employee approved and made the change. Thereafter, Apache paid legitimate Petrofac invoices to the criminal’s back account.
- Within 30 days, Petrofac inquired about the status of payments totaling almost $7 million. Apache paid legitimate Petrofac invoices, but paid them to a non-Petrofac bank account.
- Amazingly, Apache was able to recoup most of the money.
Solutions. Thinking this won’t happen to you? While you may not lose seven million dollars to fraudulent activity, we are all vulnerable for varying amounts. The solutions seem easy, but when people are busy, are not engaged, have not received training, or it’s been a long time since someone has been trained, bad things can happen to good people. Here are a few reminders.
- Proper verification. Don’t verify information from information received. Verify independently from information you already know to be accurate.
- Double check. Consider what the steps to signing off on a change should be. What questions should be asked, and what information should be verified before making changes?
- Staffing shortages. There are consequences to busy lives. It’s human nature to make more mistakes when we are stretched thin.
- Hire smart. Stay engaged. Checking backgrounds and references on new hires is always smart. Checking employees’ temperature from time to time should not be overlooked no matter how busy you are.
- Training Calendar. Red-tape is no fun. Training can be mundane, boring and therefore ignored. But, training, especially when it comes to internet fraud, accounting fraud and items requiring a high attention to detail is a must. Make sure you stick to a training calendar. Make the lessons fun and interesting. Keep the lessons short.
Stay sharp. Pay attention. Have fun. And, if you need assistance with recruiting or HR consulting, give us a shout.
LK Greer, HR Dallas, LLC dba Press One for HR