How to Prevent and Detect Internal Fraud

What every business owner should know about deterring and detecting fraud.

According to a recent study by the Association for Financial Professionals (AFP), 81 percent of organizations were targets of payments fraud in 2019. And while check fraud continues to be a common payment channel to exploit for fraudsters, cyber-attacks are also on the rise. In fact, the AFP reported that 75% of organizations experienced Business Email Compromise (BEC) in 2019.

“Companies that view fraud protection and mitigation as a sideline function instead of as a primary business function are taking a huge risk,” says Greg Miles, Senior Vice President and Manager of Treasury Management Product Development at Regions. “A one-time fraud event involving something like a wire transfer can put a company out of business.”

Malicious cyber-attacks grab headlines, but in reality, the most prevalent type of fraud is internal. Internal fraud incidents could include forged checks, misapplied payments, or embezzlement. Here’s what you can do to prevent and detect fraud in your business.

Spotting Fraud: Behavioral Red Flags

There are a few common red flags employers should be on the lookout for in order to detect fraud. These may include a combination of the following: significant lifestyle changes that extend far beyond an employee’s means, behavioral or attitude changes, refusal to take vacation or sick days, and obvious financial difficulties. If an employee has something more than a working relationship with a vendor or a supplier, that could also be an indicator.

What to Do If You Suspect Fraud

Contact your bank immediately. Your banker will recommend documenting everything, reviewing account reconcilements, audit logs, bank records and transaction journals, and looking at computers and hard drives. If you’re on a business network, you can look at network logs that might provide a record of communications that have taken place. If the fraud is traced to an employee, then that person’s access to critical systems should be suspended until you sort things out.

How Can Companies Prevent Fraud?

There are many steps businesses can take to safeguard against payment fraud. Implement internal control systems such as rotating roles, dual controls, and regular and unannounced audits. In addition, regularly check bank account records, look at the amount and volume of checks being written, and move checks to electronic channels, if possible.

Create a controlled accountability structure with checks and balances and rotation of duties and encourage team members to report suspected fraud. A tip line or anonymous email address may help encourage employee willingness to do so and can be one of the best ways to detect fraud. Business owners should also consider implementing a robust employee training and awareness program, as well. Informing and educating employees on the warning signs of BEC may be critical to prevention.

It may be smart for your company to have a cyber-insurance policy. But remember — these plans don’t always cover events where human or employee deception is involved.

Speak to your banker about products or tools you can implement to help deter and detect fraud. Many banks offer fraud prevention tools such as Positive Pay services, account reconciliation, and increasing controls around entitlements, in which dual control practices are encouraged.

Last but not least, remember that internal fraud isn’t the only threat to your business. In addition to protecting against internal fraud, it’s also crucial to educate yourself on how to protect against cyber fraud and other types of external fraud, such as business email compromise.

For more tips on how to improve your business’s cybersecurity and safeguard against fraud, visit


This information is general in nature and is provided for educational purposes only. Regions makes no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information presented. Information provided and statements made by employees of Regions should not be relied on or interpreted as accounting, financial planning, investment, legal, or tax advice. Regions encourages you to consult a professional for advice applicable to your specific situation.