Fraud Files is part of an ongoing series of articles regarding fraud victim advocacy, fraud recognition, and prevention education.
Intentional vs. Erroneous
In criminal law, fraud is defined as an intentional deception made for personal gain or to damage another individual. The key word here is “intentional.”
People making erroneous transactions during the normal course of their work have done just that: made an “error” which normally does not have personal gain associated with it.
Should you make such an error and it results in something that could appear to have caused a personal gain, you should self-report it immediately to your supervisor.
Recent studies show that more than 85 percent of fraudsters have never been previously charged or convicted for a fraud-related offense. So, why do they do it? Often it is nothing more than the lack of supervision that creates too much temptation. Please help keep our honest people honest. Sometimes all an identity thief needs is the opportunity—don’t put yourself at risk.
Keeping Your Account Information Safe
When sending supporting documentation to Procurement Services or elsewhere on campus, you should make every attempt to keep your personal information safe. It takes little more than a couple of seconds for someone to take a picture of your documents with their phone and have all the information they need to access your accounts.
The easiest step you can take to protect yourself is to use a black permanent marker to block out partial credit card numbers, social security numbers, street addresses, and any bank checking numbers or routing numbers from the documentation you are sending to Procurement Services. Be sure to do this on the front and the back of the page—if you mark out the numbers on just the front, the numbers are still clearly visible on the back.
For example, if you submit a copy of a personal check for reimbursement, block out all pertinent information except the amount and the payee. You surely don’t want your home address, phone number, and routing number available to the public!
One of the recent trends Procurement Services’ staff has seen involves a phishing scheme where identity thieves make low-dollar purchases in London with an unassuming credit or debit card holder’s funds. They use what is called number sequence generating software to run numbers until they find one that works. Once the thief sees that the card works, they are capable of draining the entire contents of the account.
It is suggested that card holders monitor their accounts on a regular basis and contact Purchasing or the bank quickly if they suspect fraudulent activity. Prolonging contact with bank representatives when you suspect an unauthorized charge may result in the bank being unable to correct fraudulent errors on your account.
Preventing Identity Theft
- Ensure that any university website that is used to access student accounts is secure or provide clear notice to all users that the website is not secure. Example …
- Departmentally controlled IT resources (network, servers, applications, individual workstations, etc.) are maintained in strict compliance with the Information Security Program best practices.
- Ensure that paper documents which contain personal identifying information are maintained in a secure environment, and such documents are shredded when UA Little Rock no longer needs to retain them. Examples …
- Employees keep sensitive documents and working materials out of the public view while working.
- Sensitive documents and working materials are secured during breaks and non-working hours.
- File cabinets that contain sensitive or confidential documents are located in a secure area.
- Employees are trained or otherwise required to use shredders for sensitive or confidential documents.
- Ensure that computer files containing personal identifying information are secure and that the only individuals who have access to such files are those with a need to access the files in order to perform their job duties. Examples …
- Computer files containing sensitive or confidential information are stored in a secure manner.
- There are adequate procedures in place to ensure that only necessary access to information system resources are made available to employees to perform their job (principle of least privilege).
- Ensure that all office computers which store or access student account information are password protected and follow all other computer security best practices as established by UA Little Rock’s Information Technology Acceptable Use Policy and Network Security and Computer Usage Guidelines. Examples …
- Employees are required to use a strong password for access to their computer and other systems.
- If employees are allowed to work remotely (e.g., from home or while traveling), secure methods are used to access IT resources and transmit files (e.g., the use of VPN, security of laptops, encryption, etc.).
- Employees are required to lock their computers and/or use password protected screen savers when they leave their work area.