"Education ranks as one of the top 5 industries in the country as far as number of reported cases of occupational fraud, and colleges – just like for-profit businesses – are at risk with the spread of cybercrime," says Mr. Gifas. "These and other internal and external fraud threats present a complex array of crimes that college and university financial offices are trying to get their heads around."
Mr. Gifas, who spoke recently on the topic of fraud to the Association of Independent Colleges and Universities of Massachusetts (AICUM), explains some of the risks for college financial offices:
Fraud puts more squeeze on the bottom line: "Across industry lines, a typical organization loses 5 to 7% of its revenues to fraud each year, according to the Association of Certified Fraud Examiners, and 40 to 50% of affected organizations do not recover any of their fraud-related losses. With budgets tighter than ever, colleges can't afford these kinds of losses."
Internal threats – slow detection and negative impact on reputation: The Chronicle of Higher Education reported that an employee of a college in New York state defrauded the school of $80,000 a year for ten years until the fraud was detected in 2012. This type of occupational fraud is all too common, says Mr. Gifas. "According to the American Bankers Association, 60% of all fraud incidents within a business involve employees," he says. "And the reputational damage from internal fraud seriously affects prospective students, faculty, donors, and administrative and regulatory bodies."
Hacking and social engineering – loopholes in network security: "While hackers look for vulnerabilities in the technology, fraudsters using social engineering look for vulnerabilities in people," says Mr. Gifas. "These perpetrators convince employees to reveal passwords and challenge credentials, allowing the fraudster to enter the computer system. This is a reminder that even the strongest network security safeguards can be rendered useless if passwords are freely given away.
Electronic payments on the rise: "More and more of colleges' vendors are asking to be paid via wire and ACH – and the upside is ease-of-use, speed, and greater visibility. The downside of these tools is that bank account information and wire instructions are being exchanged more frequently, so it's more critical than ever to safeguard these transactions.
Checks still a risk in an online payment world: "Despite the increase in electronic payments, check fraud is still at the top of the list of targets, just second to credit card fraud," says Mr. Gifas. "Today, 70% of business-to-business payments are still made by check, and 85% of organizations experienced actual or attempted check fraud in 2012, according to the Association for Financial Professionals' latest fraud survey. We've seen colleges dealing with everything from fraudsters tampering with real checks to a criminal ring creating forged checks modeled after the real thing."
"To effectively combat these fraud risks requires a 1-2-3 punch of awareness, banking tools, and technology security," Mr. Gifas explains. "Common sense about safeguarding credentials and implementing approval protocols is the first tier. Using banking tools such as Positive Pay – which ensures that only authorized checks are paid – is the second tier. And then making sure your technology security systems are completely up-to-date rounds out your defenses. Any one of these in isolation won't work – a layered approach is essential to staying ahead of fraudsters, who are working night and day to game the system."
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.