The box the article is referring to is on the job application completed by each candidate.  The question asks if the candidate has ever been convicted of a crime.

The law for Connecticut goes into effect October 1, 2010.  The article states several cities including New Haven, Hartford and Norwich has also adopted the “ban the box” change. It appears the law change will only effect state and city positions at this time.

The change does not prohibit an employer from asking the question, just not on the initial job application form.  The theory is that if the candidate has been successfully screened into a potential hiring position, during a face to face the candidate can offer details and explanations as to why they have the conviction, whereas a check box on the application could lead to a sure fire screening out of being potentially hired.

As a fraud examiner who has dealt with many individuals who have made poor decisions, permanently effecting their family, reputation and career, I encourage every employer to ensure themselves that this question regarding the potential trustworthiness of a future hire is included within every hiring process.  It’s not to say that anyone convicted of a crime should not be hired ever again, certainly that should not be the case.  However, every employer should have all the facts about a candidate’s background to allow for an informed hiring decision.

However, due to the very nature of fraud, creative employees working within an environment constructed with ineffective or non-existent internal controls, or worse, complacent supervisors and owners who simply do not perform the reviews and control measures, often circumvent any preventive measures.

That is why detection measures need to be incorporated within the control structure, to detect a scheme as early as possible, and to minimize the loss to the organization.  Together preventive controls coupled with detection measures are any employer’s best line of offense against the risk of employee embezzlement.

The third and possibly the most important component is to ensure the organization has adequate employee dishonesty coverage.  When an employee circumvents both preventive and detection measures, the losses add up, and very often the only means to recover the diverted funds is through an insurance claim. Adequacy in this day and age should start at $100,000, but is subjective to each organization.

Last Monday my latest book was released by Wiley, Preventing and Detecting Employee Theft and Embezzlement: A Practical Guide. I encourage everyone who has employees, or who is responsible for employees within the financial areas of any business or organization, to read my latest book. While it appears to be a bit of self-promoting, I wrote this book in response to twenty years of requests from business owners and managers who direly needed a practical resource to easily follow for implementing internal controls within their business. Well, now it exists.

The book can be found anywhere on-line where books are sold. Here is one link for Amazon.

It is well known that purchasing gas is one of the first things someone does with a stolen or fraudulent card, because typically there are no cameras and human intervention over the use of the card.  It either works at the pump to buy gas, or it doesn’t.  If it works, a minimal amount is purchased, and then the card is used for the real fraudulent purchases.

Skimming moved into the world of gas pumps, and appeared in articles as far back as 2008.  Identity and credit thieves attach card capturing devices into gas pumps, capturing each customer’s credit or debit card information, and transmit the card information via wireless/cellular to a nearby conspirator receiving the information on their cell phone – each customer unaware their card has been jeopardized, as the devices are installed inside the pumps.

Skimming has become so sophisticated that card information is available to the thieves almost instantaneously to their unlawful skimming, commonly transmitted to a nearby cell phone.

In a recent ad I noticed yesterday, Apple’s iPhones now have an app available to swipe, capture and charge credit or debit cards right through the iPhone.

Provided it hasn’t already been discovered and used, it’s just a matter of time that the thieves will migrate to this technology, capturing the unsuspecting customer’s card information via a swipe on their iPhone, and simply press the send button to transmit the stolen information to their co-conspirator making up fraudulent cards using customer information.

Isn’t technology just wonderful?

Even if coverage is maintained, I am confident most insureds are unaware of two common limitations within the coverage should there be the potential for a claim on the policy due to a potential theft of embezzlement.

First, the coverage often does not cover the acts or actions of an owner, partner, shareholder, or member (LLC) of the insured.  So, for an example of something we commonly see where an owner or partner steals funds and/or assets from the entity and the other owners or partners, the coverage would likely not be applicable to provide restitution to the entity for the diverted funds – as the perpetrator was an owner or partner. The theory is that the insured cannot steal from themselves.

Second, the coverage usually covers any employee (defined within the policy) commonly referred to as blanket coverage.  There is at least one exception to who would be covered – someone who has stolen in the past.  If there is any evidence that the insured knew, or should have known, that an employee had been dishonest in the past, whether in their present employment or in previous employments, the individual is not insurable, and therefore any actions by that individual are not recoverable.  Further, once potential dishonesty is discovered on the part of any employee, any loss beyond that date of discovery by the individual is generally not recoverable as well (the insured should have mitigated their loss and prevented any further theft).

This should have a direct impact on the screening and hiring process for most employers.  If a potential candidate will have access to funds and/or assets within their employment, and the candidate has an issue of dishonesty in the past, it is likely if the candidate is hired anyway and a subsequent loss is suffered due to the actions of that employee, there could be no recovery through the policy.  In investigating the claim, the insurance carrier will request copies of the individual’s personnel file as well as conduct their own investigation into the background of the suspected perpetrator.  Chances are they will identify the past dishonesty and deny the claim.

These are not newly added restrictions to recently issued policies.  In fact these limitations have existed for years.  However, due the growing scrutiny we have been experiencing by carriers reviewing and investigating dishonesty claims to determine if payment should be made on the claims, it is apparent many employers who maintain this coverage are unaware of these limitations.

Much less if any media attention has been devoted to the changes banks and lenders have been slowly making within the fine print regarding fraud perpetrated against your accounts.  In an earlier post I described how traditionally a customer would identify potential or actual fraudulent activity within their account, notify their financial institution, and after completing an affidavit for the bank, would have their account restored.  In recent years many banks enforced “timely” notifying the bank, but that generally meant within 30 days of receiving your latest statement.

With the transition underway for many institutions from paper statements to on-line access and electronic statements, less scrutiny is likely and fraudulent activity can be missed, possibly for months.  Less scrutiny or worse complacency could cost you going forward.

More alarming is a notice I just received on my line of credit.  This shows the fraud risk shift is expanding to all types of accounts, and not just traditional bank checking or savings accounts.  The policy change with this well-known national bank indicated I had days to notify the bank, or bear the risk of loss from the activity.

My advice again is to pay attention to what your banks, investment firms and lenders are sending you, and read them carefully, or you could end up being “surprised” when you alert the institution because something happened within one of your accounts.

Stopping Employee Theft: What Every Employer Must Know.

R.W. Deckert      ISBN # 0-9662640-0-2

This book was not what I expected.  I thought this book would be another book written for the business owner audience on internal controls and segregation of duties to prevent employee thefts – and it does include these topics.

However, the author’s background included over twenty years working as an insurance claims adjuster for fidelity and employee dishonesty claims, and he spends the first half of the book educating the reader on what this coverage and complimentary policies entails.  From describing the different types of coverages and the importance of every employer to have such coverages, through what each type of coverage covers and doesn’t cover, he explains the entire claims process through final resolution of the claim, from receipt of payment through denial of your claim.  He also provides much advice on how to properly file your claim to ensure the maximum assurance of payment on the claim.

Often in employee theft and embezzlement cases the funds are spent or otherwise unrecoverable, and the insurance policy is the only means for recovery.  All too often even today victim employers fail to carry adequate to no coverage for the risk of employees stealing from the business, leaving no means for recovery.  This book is the best book I have ever found that details out the issues relating to this insurance coverage and the claims process leading towards recovery.  It will be a valuable resource in my library.

The posts on their wall discussed the medical issues of their parent, along with health updates.  A recent post mentioned having to run out and refill prescriptions.  The next day their mail had been stolen, ransacked and only the envelopes that appeared to possibly contain prescriptions had been ripped open.  Thinking back to their posts, anyone reading their Facebook account knew where they lived, that a family member had significant medical issues ongoing, and that they made it easy for someone in search of stealing prescriptions possibly received by mail to track them down.  The latest post even told readers when they would be away for a while.

I am amazed at how open people can become with their posts on sites like Facebook and MySpace, sharing intimate details about their personal lives, and at times articulating their movements, without realizing the details they leave for someone with ill intentions.

It is widely known that employers monitor and review potential candidates’ postings to assist them in their hiring decisions, as do law enforcement agencies to keep tabs on things.  I guess I hadn’t realized until hearing the student’s story that others monitor the postings and activity for other purposes.

Be very careful of the details you leave with anything you do over the Internet.

I have a portable GPS, my second unit, as my first was stolen from a rental car (subject of an earlier post).  The first thing I did was program my home address so I could easily navigate home from any destination using the button provided.  I never thought about a potential risk I was creating until recently.

Turns out when thieves steal your GPS, they next look for your “Home” address, listed separately or under Favorites.  If the thieves just stole your GPS from your car, they also know you are away from your home, allowing them time to drive to your house (conveniently guided with your GPS unit) and burglarize your house as well.  This could also happen if your unit is permanently mounted in your car if the thieves simply steal your car.  The garage door opener left on the visor in your car is likely how they will gain access to your home.

The best advice I have seen is to replace your actual home address with an address somewhere near your home that you could manage to navigate the rest of your way home without the guidance of your GPS unit.  One suggestion I really liked was to have the “Home” address the local police station, bringing the thieves right to their doors.

Another banking session discussed the customer’s responsibilities to detect fraud and to timely notify the bank of any potential or actual instances of fraud in a timely manner (or run the risk of bearing the cost of the fraud versus the bank).  The “timely” was defined as 30 days for paper statement customers, and as quickly as 24 hours for any electronic or on-line customers.

Well, the shift seems to be happening as described.

In reviewing Bank of America’s electronic agreements today, I noticed written within one of the long detailed legal notice (something I suspect no one ever reads but simply clicks the “accept” button) that if you fail to notify the bank of a potential compromise of the account of user id information within (4) days, and the bank can show the customer should have known of the compromise, the customer will be exposed up to $500.  I saw similar language in my mortgage company during the fall, shifting the burden away from them to protect my account and information.

Here’s an interesting question to raise with your state’s banking commission.  If you go away on a vacation for a period greater than the four day requirement, and while away you have no Internet access (you are one of the lucky ones basking in the sun on the Fiji Islands), how would you be able to monitor your on-line accounts daily to enable you to fulfill the four day requirement.  If your account was compromised on Monday, and you returned on the following Saturday, the first day you had an opportunity to check your account activity, five business days would have passed, and now you could be potentially responsible for the fraudulent activity that occurred between Monday and Saturday (or have to prove to the bank you had no way of knowing).

Seem ludicrous?  You may want to check you bank’s policies.