Card, mobile credential, payment and security
Trust but verify: The foundation of fraud prevention
In this episode of CampusIDNews Chats, Audra Forsberg discusses a growing challenge facing campus card offices – fraud risks created by misplaced trust and weak internal controls. While trust is necessary in any organization, Forsberg emphasizes that trust without oversight can create opportunities for both internal and external fraud.
Forsberg shares examples of internal fraud that can happen in campus card environments, including unauthorized access changes, printing cards for friends, and adding funds to personal or outside accounts. External threats can also emerge through stolen credit cards used to fund guest cards, creating difficulties in tracing transactions.
A major theme throughout the discussion is that many issues arise not from malicious intent alone, but from weak processes and a lack of accountability. Training, written policies, and clearly documented procedures help staff understand what is allowed and what crosses the line. Managers also need to pay attention to employee pressures and warning signs that may indicate risk.
If people don't know policies and procedures, they don't know what is and isn't allowed. One common response when fraud is investigated is, "I didn't know I couldn't do this."
Forsberg stresses the importance of practical safeguards such as daily and monthly reconciliations, activity reporting, and requiring multiple people to review financial transactions. She also highlights the importance of leadership setting the right example through ethical behavior and policy compliance.
TRANSCRIPT:
I'm going to say this out first, trust but verify.
We're seeing card office fraud because people are overly trusted in their positions. Card administrators are not verifying that they're doing the work or making sure people are not taking advantage of the system. Ways people can take advantage of the system include adding access onto a card, printing out a card, and giving it to a friend for access into a residence hall room.
They may also have access to stored value accounts for student, faculty, and staff transactions and add money to their own account or a friend's account. Some external fraud includes credit card fraud. Someone might buy a guest card from a machine and use a stolen credit card to add money to it, making it difficult to track who used those funds.
Card office fraud can be common if organizations don't have internal controls in place.
One important control is training. If people don't know policies and procedures, they don't know what is and isn't allowed. One common response when fraud is investigated is, "I didn't know I couldn't do this."
Managers also need to recognize pressures people may be under. Students may experience financial stress, and there can be red flags managers miss.
Opportunity is often the biggest factor. Organizations can create opportunities for fraud by over-trusting people and failing to run daily or monthly reconciliations.
Another important control is tone at the top. Leaders should set an example by following policies and procedures themselves and not misusing resources.
Opportunity is often the biggest factor. Organizations can create opportunities for fraud by over-trusting people and failing to run daily or monthly reconciliations. Reports should track who granted card access, printed cards, added money to accounts, or changed meal plans.
These systems and reports should either be automatically delivered or consistently reviewed. Sometimes people become too busy and overlook them.
Written policies and procedures are critical. Organizations should define how transactions should be processed and when access should or should not be granted.
Reporting is also essential, particularly for financial transactions. Even when business managers are involved, trusted individuals still require oversight.
For financial transactions, a second person should always verify deposits. This not only prevents fraud but also catches mistakes and errors.
Resources are available through the NACCU Vault, which provides sample policies, procedures, manuals, and onboarding guidance. Universities also have their own ethics guidelines and policies related to financial transactions and access control.
The biggest takeaway is trust but verify.
Internal audit teams can provide ethics and fraud training. Universities also provide anonymous reporting systems so employees can safely report concerns without fear of retaliation.
