Protecting Payments

Ross Federgreen Comments
Posted in Articles, Finance
Print

The key to sustaining a healthy relationship with employees who handle facility revenue is a clear set of operating rules, segregation of duties, and a checks-and-balances atmosphere. Many operators ask, “What if my operation is too small to accomplish separation of duties? What if I don’t have or want a specific set of job functions assigned and defined? What if I have longstanding employees I don’t want to embarrass?”

The solution to all these concerns is to establish policies and procedures. Before implementing any changes, however, discuss them with a qualified attorney.

Employment Cycle

You should look at three phases defining the employment cycle:

  • Pre-employment 
  • Ongoing employment 
  • Dispute 

A necessary step during the initial hiring phase is a background check, which includes criminal and financial checks. Nothing automatically prevents an individual from being hired or assigned a specific job function, but wouldn’t you prefer to know if an applicant lied on the employment contract or behaved inappropriately in the past?

Once potential employees pass background checks, they should enter a documented training program. Hand them an employee handbook explaining company policy, rules and regulations governing job titles. Responsibilities and duties need to be defined; otherwise it’s a prescription for negative outcomes. If employees are handling customer payments, more safeguards are necessary, including a rigid separation of duties, and a rotation of responsibilities and work environments.

The dispute phase occurs when an employee is the subject of investigation for possible wrongdoing. Make sure all alleged misbehavior is well documented and consult an attorney before taking action.

Common Breach Points

Employees steal or defraud employers in multiple ways. Cash-handling is the most vulnerable. When your facility accepts cash, a receipt should be issued and placed in a register, recording all transactions. Never allow employees to put money in their pockets for settlement later. Also, the person preparing the cash deposit should be different from the one who physically makes a cash bank deposit. If you have only one employee, make the deposits yourself.

Avoid accumulating cash in the office. Many smaller operators tend to stash money for several days before depositing it in the bank, but this invites theft. Checks, especially electronic ones, are probably the safest form of payment. It’s highly unlikely an employee can disrupt the electronic chain, particularly if external auditing is used. 

You can accept a paper check and immediately convert it to an electronic version. Ask tenants to use recurrent electronic payments for rents whenever possible.

Credit card handling is particularly vulnerable because no system can uniformly prevent misuse. Identity theft is a big concern, as is stealing and selling credit card numbers, or using credits and voids, which need to be carefully monitored.

Some employees issue credits against non-existent charges to the account of a friend or relative. External monitoring of the number and type of credits and voids can flag misuse. Make sure transactions are logged and matched with corresponding activities. Questionable activity should prompt an external investigation.

More people are pilfering credit card numbers and associated data PINs or CVV numbers. Employees can steal the electronic information off the magnetic stripes of cards without cardholders even knowing it. This information is sold in the black market and “new” cards are produced using stolen data. Less-sophisticated schemes include recording the pertinent numbers, double running a card, and failing to return the card to the customer.

If you’re processing credit cards, be sure you’re in compliance with the Payment Card Industry Data Security Standard, now required of all merchants dealing with credit cards. For more information, visit the VISA website at www.visa.com/cisp

It’s impossible to bulletproof yourself against rogue employees, but a regimented program helps safeguard you and your business.

Ross Federgreen is a co-founder of CSRSI, which provides an integrated approach to the analysis, design, implementation, deployment and management of electronic transaction services and systems. Since 1999, the company has helped more than 600 public and private institutions reduce the cost of acquiring money and minimize the liability exposure related to payment transactions and customer data. Its products include monitoring of merchant service activities for fraud, charge-backs, credits and disputes, as well as the Credit Card Analysis System. For more information, call 866.462.7774, ext. 23; e-mail rfedergreen@csrsi.com; visit www.csrsi.com

Comments
comments powered by Disqus