Fraud is a deliberate act with the intention of obtaining an unauthorized benefit, such as money or property, by deception or other unethical means. This page discusses bank fraud types, actions to prevent them, university bank account setup requirement and where to find more resources.
Banking Fraud Types
There are several types of banking fraud that you might encounter, which include, but are not limited to:
- Check fraud: Amount or payee name has been altered; not an official Stanford University check
- Credit card fraud: May occur during a transaction when the credit card is present as well as during a card-not-present transaction
- Online fraud: A website pretends to represent a legitimate company in an effort to obtain confidential data
- Identity theft: An individual tries to obtain sensitive data such as Social Security numbers, bank account numbers or other identification
- Email fraud: These types of fraud are electronic and can include, among others:
- Spoofing - Email sent from someone pretending to be someone else
- Phishing - An email message purporting to be from an existing company, usually one highly recognizable, or one with which the university already has a business relationship. In most cases, it may appear to be a message that asks to "confirm credential information," or asks the recipient to "log in to their account,” "create a new password" or similar requests. If the “fish” takes the “bait,” they are “hooked,” meaning their account information is now in the hands of the fraudster, or the attacker has pierced the university’s security firewalls.
- Business email compromise - Email fraud where employees with access to company finances are tricked into making money transfers by an email pretending to be from the CEO, CFO, associate vice president or a trusted customer.
Actions to Prevent Fraud
The best way to prevent fraud is to minimize the opportunity for it to occur. All employees of Stanford are expected to do this as part of the university's code of conduct. Employees are responsible for protecting all confidential, proprietary and private information that pertains to other employees, students, parents, vendors, donors, sponsors and other members of the Stanford University community.
Use proper care to ensure the security of documents (both paper and electronic) containing information such as bank account numbers, credit card numbers, Social Security numbers, student ID numbers, phone numbers, addresses, or mention of payments to individuals.
Additional actions that can be taken to minimize fraud include:
- Enroll in direct deposit to receive salary and expense reimbursements.
- Scrutinize the email and email address of the sender for any inconsistencies, such as:
- Misspelling or slight variation of the business name
- Unusual domain extensions such as “.app” or “.online”
- Poorly written text
- Request to select or click on a link
- Request to change your site credentials due to a “compromise”
- If an email from an executive at the university requests a financial transaction, call the executive or their administrative assistant to verify its authenticity before taking any action.
- Forward all requests to change vendor bank account information to Payment Services - Vendor Management for verification and processing @email.
- Request that a stop payment be put on a check if you do not receive an expected check.
- Minimize the chance of data on your computer becoming compromised by following UIT’s Information Security guidelines.
- Do not email confidential data without including “Secure” in the subject line.
- Do not give out confidential information if you are unsure of the recipient.
- Limit the amount of documents you generate that contain sensitive financial information.
- Do not leave confidential documents in public view.
- Properly dispose of paper that contains confidential information in your department's sensitive documents recycling container for secure disposal. Do not place documents with sensitive financial data in the general waste paper recycling bin.
- Immediately report suspected instances of fraud.
Preventing Credit Card Fraud
Fraud can take place at any time, both when the card is present and during a card-not-present transaction. A card-not-present transaction can lend itself to more risk, as it might occur when a charge is made over the telephone, through the mail or on the internet.
Monitor, ask questions and follow up on the following fraud indicators:
- First-time shopper: Criminals are always looking for new victims.
- Larger than normal orders: Because stolen cards or account numbers have a limited life span, crooks need to maximize the size of their purchase, buying the most that they can at one time.
- Orders that include several of the exact same item: Having multiples of the same item increases a criminal's profits.
- Orders made up of "big-ticket" items: These items typically retain maximum resale values and therefore maximum profit potential for the criminal.
- Transactions with similar account numbers: Account numbers may be generated using software available on the internet.
- Shipping to a single address but transactions are placed on multiple cards: This could involve an account number generated using special software or even a batch of stolen cards.
- Multiple transactions on one card over a very short period of time: This could represent an attempt to "run a card" until the account is closed.
- Multiple transactions on one card, similar card or with a single billing address and multiple shipping addresses: This could represent organized activity, rather than one individual at work.
- Multiple cards used from a single IP address: More than one or two cards could indicate a fraud.
Review the Card Acceptance Guidelines for Visa Merchants, "Section 3 Card-Absent Transactions" for card-not-present fraud prevention best practices and industry guidelines.
Setting Up New Bank Accounts
All university bank accounts must be set up by the OOT. This ensures bank accounts have the latest banking tools available to minimize risk and are entered into the university’s bank account management system. Contact @email to set up a new account.