Business Insights
How to detect and prevent fraud in your organization

Article
Updated February 12, 2025

Look out for the signs of internal fraud and act quickly if you suspect it.

A weakening economy can spell bad news for business—and not just because of the potential for slower sales. Tough economic times can also lead to a spike in fraud by company employees.

“Typically, when the economy is good, internal fraud decreases, and when the economy is weak, it increases,” says Jeffrey A. Taylor, Head of Fraud Forensics and Commercial Payments Strategy at Regions Bank in Birmingham, Alabama. “Most of these cases involve an employee in dire circumstances who is perpetrating fraud in order to satisfy a financial need.”

No matter the state of the economy, internal fraud is an ongoing risk for companies big and small. A recent study of more than 2,000 fraud cases in 23 industries worldwide by the Association of Certified Fraud Examiners found that the typical fraud case went on for 12 months before it was detected and resulted in a median loss of $117,000.

Learn to spot internal fraud

Internal fraud perpetrated by employees can take many forms, including forged checks, misapplied payments, expense account abuses, billing schemes, embezzlement, kickbacks and more. Fraud can be extremely difficult to detect, especially when an employee has access to a company’s payroll file.

For example, when a company has thousands of employees, payroll payments will naturally fluctuate as people join the company, leave or update their dependents. Those natural fluctuations can provide cover for misappropriated funds. “The person responsible for creating a payroll file could open accounts at other financial institutions under fictitious names or variations of their name,” Taylor says. “Even if the payroll amount varies by a couple thousand dollars from one payroll period to another, it can look legitimate.”

To catch fraudulent activity early, Taylor suggests companies of all sizes review and reconcile their financial transactions daily. Employers should also be watchful for red flags among the staff. These include significant lifestyle changes that seem to exceed an employee’s means, changes in behaviors or attitudes, refusal to take vacation or sick days and a reluctance to share job duties. Look out for cases when an employee has a connection with a vendor or a supplier that goes beyond a working relationship.

Move quickly if you suspect fraud

If you detect internal fraud, it’s important to respond quickly. “The speed of detection and reporting is critical,” Taylor says. “One reason is prosecution. Law enforcement needs to see proof, and you must be able to document that activity. If you don’t act quickly, the suspect can hide or spend the funds before they can be recovered.”

Contacting legal counsel and law enforcement are crucial first steps. It’s also important to let your bank know quickly so you can cut off a suspect’s access to the company’s accounts. Your bank may also be able to help you recover funds from other financial institutions that have been used as part of an embezzlement scheme.

Prevent fraud with education and controls

There are many actions businesses can take to safeguard against internal fraud. One is to have a fraud risk policy and be serious about communicating it throughout the organization. Educating employees on the signs of internal fraud can help companies quickly detect a problem. “You’ve got to have a culture of fraud awareness, and it involves employee training to help them understand the different fraud vectors and scams,” Taylor says. “The more aware employees are, the more likely they are to recognize the signs of a scam.”

Robust internal controls can also prevent fraud. These include segregating duties to ensure that no single employee can run payroll or pay company expenses without the approval of a colleague. Keeping a company’s checks secure and not signing a blank check also help, though moving entirely to digital transactions can offer more safety.

Taylor also advocates implementing an internal control for payments called stop, call and confirm. “If you receive a request either via email or text message to make a change in a payment or to initiate a new payment, stop the process, pick up the phone and call the requestor at a number that you know,” Taylor says. “It’s a five-minute phone call that can save you a tremendous amount of grief down the road.”

This graphic is called “Stop, Call, Confirm.” There is a short opener that reads, “Three easy steps to take if you think fraud is happening.” Then each of the steps is listed along with one or two sentences of description. The first step is “Stop” and it reads “Did a strange request come in? Do not process it.” The second step is “Call” and it reads “Find a legitimate phone number for the contact. Don’t reply to any emails and assume the contact info in any email is false.” The third and final step is “Confirm” and it reads “Verify that the real vendor or employee actually made the request.” That’s the end of the graphic.

Three things to do

  1. Learn how to create an anti-fraud training program.
  2. Read more about payment fraud techniques you may see from internal and external scammers.
  3. For more tips on how to improve your business’s cybersecurity and safeguard against fraud, visit regions.com/fraudprevention.

Related Insights
View more