Fraud in our sector is largely opportunistic and confined to components, such as hard drives and CPUs, and easily disposed of equipment, such as laptops and LCDs.
The extent of fraud is linked to internal processes and the general state of awareness within the supply chain. No-one is immune and the reseller, OEM, e-tailer and distributor bear the brunt of fraud attack.
The modus operandi is largely confined to four relatively simple, but effective penetrative attempts:
Identity theft – in simple terms, this is where a supplier is approached by an apparently first-class business with sound ratings. Telephoned orders then come through with requests to deliver to alternative or end-user locations that are nothing more than pick-up points. Another ruse is to ask for collection of product.
How can firms avoid this? First, avoid delivery of orders to third-party addresses and do not allow collection. Additionally, set a low order value threshold and carry out additional checks. Call the applicant company, but avoid using any telephone number or email provided on the application. Insist on supplying only to known and confirmed operating addressesImitation – this is much more difficult to catch, but some rudimentary policy processes should limit exposure. Consider the risk of taking an order over the phone from a buyer, calling from one of your clients. There is urgency to the deal and perhaps the caller even admits to covering for someone who is away. The order is then delivered to an end-user address or where a field engineer may be on site. Once again, your client calls questioning the delivery and indeed the order. You’ve been had.
Ensuring simple internal processes are followed can limit this form of attack. Again, place order value limitations for such approaches and always insist on correct valid purchase orders and follow up email confirmation of orders.
False payment – this is where a prospective buyer places an order and offers to pay cash. The margin is great and the timing is just right to offload some aged inventory. You are provided with a copy of a bank slip and bank draft that has apparently been paid into your account and two or three days later, the call comes in saying you should have the funds and can you send the order or can it be collected. Your bank may confirm that a (cheque) credit in your favour has been received and given this validation you feel comfortable to release.
One or two days later the bank notifies of the returned credit. They either pay using a stolen cheque or an original draft for a notional amount, but altered when copied and faxed to match the amount of the order placed.
Credit card fraud – card-holder not present provides the perfect opportunity for someone with a cloned card to order online and order frequently. There is no hard and fast rule to avoid it, but again some sensible internal processes, a link to systems that provide protection through monitored use and known fraudulent cards and addresses can provide good levels of security.
Improve the quality and substance of your own internal monitoring systems to track card usage, address locations and values transacted.
Telco also announced series of initiatives to drive digital growth in the UK
Nana Baffour opens up on Getronics' mammoth acquisition of Pomeroy
Analyst predicts SaaS will remain the dominant segment in the market as it grows 17 per cent in 2019
NSS Labs claims vendors are refusing to have their products tested effectively and are trying to restrict its access