By Nicolene Schoeman-Louw
We have all heard that horror story of being “duped” by a scamster. Often when we read about these incidents, let’s be honest, many of us think “it will never happen to me.”
As an attorney, our clients are often confronted by the reality that, in the age of the internet and all things connected, it could very well happen to you.
This often takes the form of an employee or supplier who want to update their banking details. Or perhaps it is even a client that has over-paid an account and now wants a refund. So, besides being out of pocket when acting on a change request — especially because the person truly entitled still demands payment — an overpayment requiring a refund could easily constitute money laundering or your unknowingly becoming involved in something unlawful.
Regardless of the finer details, when this happens from legal perspective, two systems intertwine, involving civil and criminal systems. On the one end, the perpetrators need to be identified and taken to task. And on the other side, the money must be reclaimed. Often these are two very distinct processes that hardly ever overlap.
Practically speaking this means:
1. The fraud must be reported to the police; and
2. A report must be made to the financial institutions involved.
The problem is that often the true identity of the perpetrators is challenging to identify and, once identified, to locate. From a civil perspective this is a real problem, because although practical this challenge has far reaching effects on the ability to claim the money back. Without an identity and location, it is impossible to serve process, especially in the instance where the money has been withdrawn or is no longer in the bank account where it was paid in error.
In addition, you will be forced to take stock of the true efficiency of your internal processes. A few practical lessons:
1. Question everything – so the next time a change request or refund request is received – treat it as if there is wrongdoing;
2. Demand original proofs of banking details and do not ever accept scanned or faxed copies;
3. Verify the details of the person issuing the proof of banking details before accepting it as authentic;
4. Have a multi-layered process where information received is verified, e.g. a written request confirmed by phone;
5. If the request is urgent – mark it as suspicious; and
6. Perform bank verifications through providers that offer this service before updating details.
It is crucial to regularly update internal policies with the latest best practice. If at any point you are uncertain, reach out and get professional advice.