Embezzlement Flags in Credit Card Statement Data
By Rachel Organist
If you follow us on social media, you may have noticed that we occasionally share the quick analysis tricks we like to use here at Workman when looking at financial and other data. In this post I’ll dig a little more into specifically how we use these and other data analytics when reviewing credit card statement data.
Credit Card Embezzlement
Misuse of a company credit card is one of the most common forms of employee embezzlement, and it’s something we often look into for clients even if the primary scheme is thought to be something else. As with any investigative process, it’s helpful to keep the context of the case and an idea of what you’re looking for in mind as you examine the data. With that said, depending on the case, I look for some or all of the following red flags to identify potentially fraudulent transactions:
Benford’s Analysis: Specifically, Benford’s first-two-digits analysis can flag transactions intended to stay just under a reporting threshold or transaction amount limit (for example, an unusual number of transactions with the first digits “49” may be an indication that the user is attempting to stay below a $500.00 limit).
Month-over-month pivot table analysis: There are many kinds of useful pivot table analyses, but I especially like to count expenditures by payee and month to look for changes in spending patterns over time.
Day of the week: Many credit card statements list both transaction dates and posting dates. When available, we use the transaction date to get a better picture of how the card was used and when transactions actually occurred. If a card should only have been used for business purposes and no weekend use (e.g. during travel) was expected, transactions occurring on weekends can be easy and useful to flag.
LLC payments: Payments made to LLCs are potentially suspect because they’re so easy for fraudsters to set up and use as a way to funnel money out of the business. Often, the LLC’s name will be something innocuous that looks like a legitimate vendor. We see these kinds of payments more commonly from business operating accounts, but they can appear on credit card statements, too.
Even-dollar payments: You can use Benford’s last-two-digits analysis to look at all even-dollar payments, but it’s usually more useful to take it a step further and look at all payment amounts that are multiples of $100.00 or $1,000.00.This is another trick that often flags fraudulent payments made from a business’ operating account, but is also worth trying on credit card data.
Unusually large payments: This is something we check for on almost any data set, and I’ve been using the z-score to filter for outliers ever since I read Trent’s great blog post about it.
Transaction location: Many credit card transactions will list a location on the statement. This information should be used with care, as it may represent a business’s headquarters or office location, and the transaction may have taken place at another location or online. Sometimes, though, location information is accurate and valuable, especially when differentiating business and personal travel expenses.
This checklist is a great place to start the next time you’re reviewing credit card statement data for potential misuse. We’ll keep sharing videos on these and other #datasleuthhacks, so stay tuned—and if you have your own tricks you’d like to share, drop them in the comments or reach out on LinkedIn!