Fraud is a deliberate act with the intention of obtaining an unauthorized benefit, such as money or property, by deception or other unethical means. This page specifically outlines bank fraud types, actions to prevent them, university bank account setup requirements and where to find more resources.
There are several types of banking fraud that you might encounter, which include, but are not limited to:
- Check fraud: Amount or payee name has been altered; not an official Stanford University check
- Credit card fraud: May occur during a transaction when the credit card is present as well as during a card-not-present transaction
- Online fraud: A website pretends to represent a legitimate company in an effort to obtain confidential data
- Identity theft: An individual tries to obtain sensitive data such as Social Security numbers, bank account numbers or other identification
- Email fraud: These types of fraud are electronic and can include, among others:
- Spoofing - Email sent from someone pretending to be someone else
- Phishing - An email message purporting to be from an existing company, usually one highly recognizable, or one with which the university already has a business relationship. In most cases, it may appear to be a message that asks to "confirm credential information," or asks the recipient to "log in to their account,” "create a new password" or similar requests. If the “fish” takes the “bait,” they are “hooked,” meaning their account information is now in the hands of the fraudster, or the attacker has pierced the university’s security firewalls.
- Business email compromise - Email fraud where employees with access to company finances are tricked into making money transfers by an email pretending to be from the CEO, CFO, associate vice president or a trusted customer.
If there is suspected financial fraud, staff should submit a support request to the Information Security Office, and submit a support request to the Office of the Treasurer (OOT).
The best way to prevent fraud is to minimize the opportunity for it to occur. All employees of Stanford are expected to do this as part of the university's code of conduct. Employees are responsible for protecting all confidential, proprietary and private information that pertains to other employees, students, parents, vendors, donors, sponsors and other members of the Stanford University community.
Use proper care to ensure the security of documents (both paper and electronic) containing information such as bank account numbers, credit card numbers, Social Security numbers, student ID numbers, phone numbers, addresses, or mention of payments to individuals.
Additional actions that can be taken to minimize fraud include:
- Enroll in direct deposit to receive salary and expense reimbursements.
- Scrutinize the email and email address of the sender for any inconsistencies, such as:
- Misspelling or slight variation of the business name
- Unusual domain extensions such as “.app” or “.online”
- Poorly written text
- Request to select or click on a link
- Request to change your site credentials due to a “compromise”
- If an email from an executive at the university requests a financial transaction, call the executive or their administrative assistant to verify its authenticity before taking any action.
- Forward all requests to change vendor bank account information to Payment Services - Vendor Management for verification and processing @email.
- Request that a stop payment be put on a check if you do not receive an expected check.
- Minimize the chance of data on your computer becoming compromised by following UIT’s Information Security guidelines.
- Do not email confidential data without including “Secure” in the subject line.
- Do not give out confidential information if you are unsure of the recipient.
- Limit the amount of documents you generate that contain sensitive financial information.
- Do not leave confidential documents in public view.
- Properly dispose of paper that contains confidential information in your department's sensitive documents recycling container for secure disposal. Do not place documents with sensitive financial data in the general waste paper recycling bin.
- Immediately report suspected instances of fraud.
Fraud can take place at any time, both when the card is present and during a card-not-present transaction. A card-not-present transaction can lend itself to more risk, as it might occur when a charge is made over the telephone, through the mail or online.
Merchant, ask questions and follow up on the following fraud indicators:
- Larger than normal orders: Because stolen cards or account numbers have a limited life span, crooks need to maximize the size of their purchase, buying the most that they can at one time.
- Orders that include several of the exact same item: Having multiples of the same item increases a criminal's profits.
- Orders made up of "big-ticket" items: These items typically retain maximum resale values and therefore maximum profit potential for the criminal.
- Transactions with similar account numbers: Account numbers may be generated using software available on the internet.
- Shipping to a single address but transactions are placed on multiple cards: This could involve an account number generated using special software or even a batch of stolen cards.
- Multiple transactions on one card over a very short period of time: This could represent an attempt to "run a card" until the account is closed.
- Multiple transactions on one card, similar card or with a single billing address and multiple shipping addresses: This could represent organized activity, rather than one individual at work.
- Multiple cards used from a single IP address: More than one or two cards could indicate fraud.
- Carding: The use of large volumes of stolen payment card numbers to make low dollar amount purchases online in an effort to verify which numbers are still active. Once a stolen card number is validated, it can now be re-sold on the black market and then used for bigger transactions or to purchase gift cards or other prepaid cards.
If you suspect any fraudulent activities on your ecommerce website, we recommend the following:
- Report suspicious activities
- Refund the successfully settled fraud transactions immediately to manage the impact of potential chargebacks. Be sure to keep documentation on refunds in case it is needed for any future investigation.
Submit a support request to Merchant Services to evaluate and utilize fraud prevention options, such as:
- Implement a card verification value (CVV) and/or an address verification service (AVS) security step
- Consider setting a minimum transaction amount to $10 or higher when possible
- Block the IP addresses of known frauds
- Implement CAPTCHA to prevent attackers from using the automated system to run a batch of credit card numbers
To learn more about accepting and processing credit and debit card or digital payments, please visit Accepting Credit and Debit Card Payments.
All university bank accounts must be set up by the Office of the Treasurer. This ensures bank accounts have the latest banking tools available to minimize risk and are entered into the university’s bank account management system. To learn more about accounts and set up, see Bank Accounts and Services.
Submit a support request to set up a new account.
Visit the Wells Fargo Fraud Information Center website for information on fraud prevention.
For further banking support regarding requesting a stand-by letter of credit, fraud or suspicious activity or questions regarding check or international banking, submit a support request.