Category Archives: Crime

Immediate Vault Immediate Access

Human Trafficking and Supply Chains: Q&A with Tim Nelson of the Slave-Free Alliance

Posted on by

The International Labour Organization estimates that 25 million people are subject to human trafficking around the world, with children comprising one of every four victims. In many cases, the victims are used and transported by their traffickers in supply chains. 

Tim Nelson is the international development director for Hope For Justice, an anti-trafficking organization that aims to end modern slavery. He also holds the same title at the Slave-Free Alliance, an affiliated group that collaborates with businesses to assess and prevent the risk of human trafficking in their supply chains. Nelson recently appeared on RIMScast to discuss the how human trafficking has evolved into a major supply chain risk and how employers and employees can identify signs of this abuse.

Check out some highlights below, and to take a free deep-dive with Nelson and learn how to take action to prevent human trafficking in your company and community, download RIMScast episode 120.

For more information on steps businesses should take to help identify and combat modern slavery on their premises, you can also check out the Risk Management feature article “Human Trafficking: How Businesses Can Combat the Modern Slavery Epidemic.”

What inspired the creation of the Slave-Free Alliance?

Tim Nelson: We primarily started in the U.K., and formed because of the Modern Slavery Act, which requires companies with £36 million (about $50 million) or more in their annual revenue to state their efforts to remove slavery from their supply chain. Consequently, we tend to work with businesses above that £36 million level and we try and effectively help them honor their commitment.

We also work alongside federal or local police and alongside other NGOs and effectively try and be a trusted friend. Many people, because of the countries that they come from or what they’ve been told, are suspicious of police or are worried about corruption. We can be there to build that bridge of trust.

How can someone identify trafficking and modern slavery?

TN: Traffickers are those individuals who would use other people to generate profit for themselves and are looking for every opportunity. Global estimates indicate that there’s $150 billion made from this illegal activity. And therefore, the traffickers have thought it through. 

One of the complexities in identifying it is that human trafficking is hidden in plain sight. The common form that most people are aware of is sexual exploitation. But ultimately, traffickers [also] realized that they could traffic individuals to work in the supply chains of businesses, making components, working in manufacturing, working in agriculture.

Could you provide an example of how traffickers permeate supply chains?

TN: Last year there was a case where 400 victims were identified as being slaves within the primary supply chain of some of the major supermarkets within the U.K. And, like we said earlier, it was in plain sight—no one could see how this was happening.

This particular occurrence happened because the traffickers had gotten control of a recruitment company and they were able to bring individuals from a non-English-speaking nation to the U.K. Those individuals were given jobs, but the traffickers had control of their bank accounts. They were forcing these 30-plus individuals to live in a three-bedroom property. Many of them were washing themselves in a local river—not having running water was a sign that this is not how people should be living in 2020. 

National Slavery & Human Trafficking Prevention Month is held annually in January to educate about the different forms of human trafficking. What can risk professionals do to ensure the awareness continues all year?

TN: I would encourage all businesses to realize that they’ve got the power to change this so easily if they start to engage and put in different processes and systems. And part of what we’re trying to do is not to just encourage individuals or companies to stop buying goods from a particular company. If you just stop dealing with a company because you suspect there’s modern day slavery or trafficking happening, that company will close and another one will open like a phoenix. Companies can also sometimes be complicit just by not even looking or allowing enough due diligence to show that they are slave-free within the supply chain.

Is there a bottom-line impact as well?

TN: What we are seeing now is, internationally, inaction can be a major risk to your business. I can think of companies where issues around slavery were brought to the fore and share prices dropped by half as institutional investors pulled out. This is a key ESG issue, which makes it a C-suite-level risk in many cases.

What should companies expect when they engage with the Slave-Free Alliance?

TN: The first thing that we would do is conduct a gap analysis. This is not just looking at where you’re getting supply from—it’s to try and identify the weaknesses that may be in your supply chain. And that gap analysis forms something almost like a risk register.

Every company is different. I spoke to a Fortune 100 company last month that didn’t even have a procurement division. And that’s what I would have assumed every major multinational had. But every company has a different approach to it.

Quite often, a lot of people find that the even the thought of how big their supply chain creates a massive complexity because there might be just three people running the procurement department.

When we see something that would sit within the risks that we identify, then we work with the companies to diminish that risk. It could be an [unannounced] site assessment or working with those people who are going in and auditing the factories themselves.

For more information about how your business can combat and identify modern slavery, visit the Slave-Free Alliance and Hope For Justice. You can report suspected activity in the U.S. to the National Human Trafficking Hotline and internationally to the International Labour Organization.

Preventing Paycheck Protection Program Loan Scams

Posted on by

The COVID-19 pandemic and subsequent shutdowns have meant perilous times for small businesses across the country, with many shutting down temporarily or even permanently. As part of the U.S. government’s efforts to forestall bankruptcies and layoffs, Congress allocated hundreds of billions of dollars for the Paycheck Protection Program (PPP). Small businesses can apply for loans from the U.S. Small Business Association (SBA), which the SBA will forgive if the receiving business meets certain criteria, like “if all of the company’s employees are kept on the payroll for eight weeks and the money from the loan is used to pay for rent, mortgage interest, utilities or payroll.”

The program has helped many businesses, but also left many stranded and desperate when they could not qualify for the loans. According to the Wall Street Journal, as of this week, the government has disbursed “4.6 million loans worth more than $513 billion.” But some businesses were forced to return the funds when they discovered they could not open soon enough to meet the eight-week deadline, and some did not even bother applying because they did not meet the criteria. The program has also faced criticism for not providing enough funds, and when larger and/or publicly traded companies (like restaurant chain Ruth’s Chris) received loans.

As with many other government programs that award payouts and may have confusing or labyrinthine application and approval processes (such as Social Security payments or tax refunds), scammers have targeted desperate businesses trying to access PPP funds. Online identity verification service Social Catfish recently published guidelines for avoiding PPP-related scams that small businesses are facing, including phishing and robocall scams.

As Risk Management recently reported, phishing scams—in which criminals use fraudulent emails to trick users into clicking malicious links or divulging sensitive personal information—have proliferated since the start of the COVID-19 pandemic, often specifically targeting pandemic-related concerns. According to Social Catfish, online scammers have been using emails posing as the SBA inviting the recipient to apply for a PPP loan, then installing malware or stealing any information provided. With this information, scammers can then pose as a business to apply for loans or steal funds.

Scammers may also try to contact businesses by phone, either in person or by robocall, asking for confidential information or demanding a fee for their PPP application, even promising faster processing after the payment. Similar to the IRS, the SBA does not call PPP applicants for information, and there are no fees associated with PPP applications. Businesses applying for PPP loans may also encounter fake companies claiming that they facilitate applications, which scammers then use to steal the confidential information victims provide.

 To avoid being scammed, Social Catfish recommended that businesses interested in applying for PPP loans do their due diligence by following the steps below:

  • Don’t pay for a PPP Loan application. The SBA doesn’t require payment to fill out and submit a PPP Loan application. If someone is charging you to fill out an application, chances are its a scam.
  • Don’t give your information in response to any suspicious email, text, or phone call. The SBA will not email you out of the blue to fill out a PPP Loan application. If someone is emailing you out of the blue to fill out an application and to give them your information, chances are they are trying to scam you.
  • Verify the lender before applying for the loan. Only lenders approved by the SBA can administer PPP Loans. To find out if the lender you are applying with is approved to distribute PPP Loans, click here.
  • Don’t click on links in emails. The links in the emails are often filled with viruses and malware that will infect your computer and steal your personal information. They also spoof the application so that you’ll have to give out your personal or business’ confidential information.
  • Don’t reply back to any text or email you don’t know. Replying back to them with your personal or company’s confidential information may lead to you getting scammed. The SBA will not email you encouraging you to apply for the loan, you would have to look for the loan yourself.

Mitigating Payment Fraud Risks

Posted on by

For businesses that thrive on person-to-person transactions, cash is quickly being replaced by cards, as well as tap-to-pay systems, mobile wallets and QR-based payment systems. These technologies will continue to dominate the market in the near future, but the long-term future of the payment card industry will likely be shaped by the impact of blockchain and artificial intelligence. These developments will eventually also impact risk management, marketing and financial planning, as they present opportunities for serious risks, including fraud. Hence, it is imperative for risk management professionals to plan for these short- and long-term changes in the industry.

Strong risk monitoring requires proactively assessing threats and planning mitigation measures to minimize risk impact on the company or organization. To help mitigate payment fraud risks, businesses can take the following steps:

Train your Employees Regularly

The more regularly you train your employees, the more likely are they to spot suspicious behavior, no matter what payment technology the business uses. Repeated and regular trainings are essential because employees tend to forget what they have learned with time. These training workshops should teach the workers to never accept damaged cards from customers, confirm customer identities, and never enter a card number manually.

Use Contactless and EMV-Enabled Terminals

As payment technology changes, businesses must evaluate what options are safest and least prone to fraud. Currently, businesses should use EMV (short for Europay, Mastercard and Visa), which involves chips embedded into payment cards—a significant step in making transactions safer. The introduction and adoption of EMV-enabled secure terminals, particularly when using PIN and EMV security together, has helped merchants and customers prevent fraudulent transactions.

Contactless smartcards such as chip and magnetic stripe cards use contactless payment, which can present another secure way to process transactions. Most EMV terminals are also enabled with contactless payment. At such terminals, a fast and secure transaction is possible using Near Field Communication (NFC) or Radio-Frequency Identification (RFID) via smartcard or smartphone. If a merchant chooses to use contactless payment without PIN, they can put a limit to the amount spent on each contactless transaction to further minimize risk.

Beware Uncommon Transactions

Transactions that involve unusually large purchases could be a sign of potential fraud. Businesses should examine such transactions closely and confirm the identity of the customer. Similarly, if several purchases are made with a card in a short timeframe, it could indicate that the card was stolen and being used by someone other than the owner.

Maintain Online Security

As merchants and consumers shift to contactless and EMV-enabled point of sale terminals, risk has shifted towards online transactions. To mitigate this risk, it is important for online businesses to use the Address Verification Service (AVS), which verifies that the billing information matches the one registered with the card issuer. Vendors should also ask for Card Verification Value 2 (CVV2) to verify that the user has the card in hand when placing the order. Another important check is to put a limit on an IP address for the number of cards it can use for online transactions.

Prevent Employee Fraud

Employee fraud is always a major concern for risk management professionals.  Businesses should remember to keep an eye on credit card activity, particularly returns, as employee theft often shows up in fake discounts or returns. Companies should create alerts that set limits on returns at stores and notify management any time those limits are exceeded.

Prevent Your Employees From Getting Tricked by Phishing Emails

Posted on by

We all know to watch for suspicious emails. But phishing emails are becoming increasingly more sophisticated, tricking even the savviest among us. The costs to consumers, businesses and institutions keep adding up: According to the FBI, online theft, fraud and exploitation totaled $2.7 billion in financial losses in 2018.

The most expensive complaints involve business email compromise (BEC), a tool that cybercriminals use to launch many types of cybercrimes, from misdirected payment and inventory fraud to ransomware attacks.

More than a third of businesses (37%) surveyed nationally for HSB by Zogby Analytics received an email from someone pretending to be a senior manager or vendor requesting payments. The businesses reported that almost half of employees receiving those emails (47%) responded by transferring company funds, resulting in tens of thousands of dollars in losses. For some types of businesses and government entities, the payment frauds can reach hundreds of thousands to millions of dollars.

Three Tips to Help Employees Avoid Cyber Fraud

What can a business or institution do to help prevent employees from falling for email phishing schemes? Here are three tips to avoid falling for the latest tricks:

  1. Check the Source

Before you open an email, take a moment to consider the source of the email and whether that person is likely to send you an attachment or link. Check the email address, screen name or phone number associated with the message.

online pharmacy estrace with best prices today in the USA

Hackers often mimic an email address that you would trust with one letter or number off from the original name or domain.

The address may even look exactly like a trusted contact but when you mouse-over the name, you can see that the address is different. A hacked email account can also be used to send malicious content, so be sure to evaluate the content of the message.

  1. Check the Content

Before you click on a link or download an attachment, take a good look. Many times, if you copy the link or name of the attachment into a search engine, you can find out whether cybercriminals are actively using the content to spread malicious content, like a virus or ransomware.

Ask yourself whether this is the type of content you usually receive from the sender. Are you expecting an attachment? Even if you are expecting an attachment, does it appear, from the name and type of file, that it is legitimate? Is the attachment or link the only content of the email?

If you have doubts, delete the message or call the sender at a number you have verified as theirs.

online pharmacy zetia with best prices today in the USA

Also, hackers often make an urgent request to trick victims into clicking on malicious links or files. Any urgent request sent via email should be verified in-person.

  1. What if I Clicked on the Wrong Thing?

Everyone makes mistakes. You would not be the first person to click on a bad link or download a bad file. But even if nothing happens immediately, there is no guarantee that the threat is gone.

Malware can lay dormant for weeks, months, or even years before activation. It may also be transmitting information in the background without your knowledge.

So, act as soon as you realize you clicked on a bad link or file. Alert your information technology security department right away. If you are a smaller operation, run a virus scan and keep an eye on your financial information.

online pharmacy cymbalta with best prices today in the USA