I’m speaking today with Mark Clodius. Mark and his wife, Monika, are founders and owners of Clodius & Co. Jewelers, a custom jewelry store in Rockford, Illinois. When Mark learned I was doing some blog articles about fraud, he contacted me and offered to share the story about the time scam artists targeted his company.
Lauren: You’ve experienced fraud. How long ago was this and what happened?
Mark: I want to say in happened in 2011 or a little later. We started buying gold and other scrap jewelry over the counter from the public. Early one morning, I received a call from an employee of a check cashing place some states away who said, “I have a check here. I just want to make sure it’s good.” I said, “Okay, sure. Give me the check number, and the amount, and the payee.” After a bit of searching, I told him, “That’s funny, we don’t have that check number, we don’t have that payee, and we don’t have that amount.” The guy said, “Well I got the check right here.” I remember saying, “I don’t know what’s going on. This is pretty weird.”
An hour later, we had another similar call from another state. And then 20 minutes after that, we had another call. We called our bank and put them on alert. They started receiving multiple checks to draw on our account. It turned out that somebody we bought gold or other scrap jewelry from copied the information from one of our real checks and printed a bunch of fake checks. The numbering was out of sequence and they misspelled our company name, which turned out to be a lucky thing. They did have our correct address and banking information, along with our bank’s routing and account numbers.
How Scam Artists Work
They (the thieves) were passing these fake checks all over the country. They would tell their victims, “We want to buy something from you and we’ll send you money. Then the thieves would tell them, “This company (Clodius & Co.) owes us money,” and they would use the fake check either to buy and pay for the goods and services or ask the victim to cash the check and send the balance to them.
How many fake checks were out there?
I would say hundreds. We flagged the account and after just a day or two, we closed the account and we set up two new accounts. From there, the story goes into two paths. One path is what continued to happen with the fraud, the checks and the problems that it entailed. And then the other path is what we did about it. On the fraud path, we continued to have checks presented to the closed account and received calls from all over the country from people asking, “Is this check good?” Then we started to get angry calls about why did we not cash the check and why was their check bad. We’d have to explain, over and over, that someone had committed fraud, against both of us.
Some of the victims knew someone in their local government or prosecutor’s office well enough that we received letters from these officials informing us that if we didn’t make good, we would be subject to legal action.
What a nightmare.
One time I got a call from an assistant district attorney in Texas and he was a hard nut. He was determined he was going to get the money because he believed we had bounced a check on a constituent of his. I tried over and over to explain to him what happened but he didn’t want to listen.
I finally told him, “Alright, slow down! Look at our company on the internet.” He found our website. “Now look at the check. Look at the spelling on the check and the spelling of our name.” And he said, “Oh,” in a deep Texas accent. He finally got it. I think there were two more phone calls with him and faxes back and forth before it was settled to his satisfaction.
After two or three months, it died down but then about eight months after the first incident, we had another round of calls again. All the same things again. It was a lot of calls and a lot of difficulty.
Did they come from any one part or region of the country?
Really, they were from all over the country. There was a lot in the south east, from Washington, D.C., Baltimore, South and North Carolina, Mississippi, Alabama, Texas. East Texas and a little bit of north Texas was very common. We also got calls from Cincinnati, Ohio, and Pennsylvania, anywhere there was someone who was gullible enough to accept this kind of payment arrangement.
That would be one of the first things I would tell a business owner not to do – to take payment in the form of a third-party check. Don’t become a bank, especially to somebody that you don’t know.
No kidding! And we heard incredible stories. Some of them, these people were set up over weeks and they were getting checks in amounts of $3,000, $10,000, $12,000, usually in odd numbers.
Someone would have goods or services for sale. The thieves would find them through Craigslist or other ads. The thieves would contact the seller. Maybe their first purchase or two from the seller was done legitimately. Then at some point the thieves would say to the victim, “Hey, I’m on the road and can’t get over there to pay you. But there’s this company that owes me money and they sent me a check. I’ll have it mailed to you. Please cash it in payment.”
So, they’d create a feeling of trust with a couple of legitimate transactions. Really clever. Did they ever catch these guys?
Not that I know of. The transactions were too small. If my memory’s correct, the FBI and banks don’t really care much until it gets into the hundreds of thousands of dollars.
They were smart. They kept their activities small and in multiple states to keep things under the radar. Interesting. This was in 2011. Did you still get some activity into the next year or two?
Thinking back, as late as 2013. Then the next part of the story is what we did going forward.
The Path Going Forward: New Awareness, Critical Strategies and Resources for Business Owners
We’ve all heard about these things but I learned some amazing things because of the attempted theft. The first thing was learning how exposed anyone with a commercial account is—you’re highly exposed if you are not checking your bank account daily. If you’re a consumer, you have 30 days to report fraud, from statement to statement, on your account. But as a business, you have between 24 and 48 hours to report fraud on your bank account. Because if somebody does an ACH (automated clearing house) payment and you’re not protected, or they write a check, after the money has left your account you only have 24 hours or so to pull it back. After that, if it’s gone, it’s gone, and you will never see your money again.
(Note: This 30-day notice on personal accounts only applies to ACH payments. In your commercial account, once a fraudulent check has cleared your account your only (slim) option is if your bank can get the money back from the entity who cashed the check.)
You might have grounds for a lawsuit or some type of criminal investigation, but if you have large cash balances stolen, it could destroy your business. If they took out the balance we had around Christmastime or New Year’s that would be very, very difficult to overcome.
Yes, I could see where a company in this situation could end up out of business.
We worked with the bank and we learned that they offered something called Positive Pay. Are you familiar with that?
No, what is it?
You send your bank an electronic file that lists the number, the payee’s name, date and the exact amount of each of the checks you want paid. Unless a check is in this file, the bank will not cash a check on your account. As the check comes through the bank’s system, it’s approved or disapproved. It must be an exact match. I once transposed the penny amount on a check when I entered it into the file. Instead of 78 cents, I typed in 87 cents and they wouldn’t cash it. They returned the check unpaid. Now, if you’re a little smarter than I am, you can take this information out of your QuickBooks account by way of a macro so you’re sending exactly what’s in your system.
So you don’t risk transcribing anything. The default is unless it’s on the list, it doesn’t get paid.
Correct. The same with the ACH payments. We have some that are monthly and the same amount so these ACH payments are approved automatically. We have ACH payments that are paid monthly to a vendor like the electric company. They have a maximum allowable transfer amount and maximum times per month which, in their case, is once per month. These filters just sit there and work. It costs some money. I don’t think it’s all that bad. It’s around $15 or $45 a month or something per account and then a tiny bit per item, you know, pennies.
Money well spent, I’m sure.
Yes. It takes some time but these things are available. I’ve talked to other business owners and they have no clue about this stuff, what’s available to prevent business killing-fraud.
What’s happening is these outside scammers are targeting businesses like yours because the Amazon’s and Microsoft’s of the world, while they have much bigger numbers at stake, they have systems and people in place to help prevent these scams. Smaller business can often have fairly large balances on hand, depending on the time of year. They might not have the systems or people in place to detect fraud. They’re more exposed and the thieves out there know that. That’s what they’re counting on. And they’re getting more sophisticated. It’s not some obvious Nigerian email scam coming in. It’s groups targeting and learning the names of the owners and CEOs, how they write emails and who in the company can do money transfers. They are creating fake emails that read like the real thing, directed to the right people to move money out of the company and into their accounts. These are not dumb crooks.
Not at all. Another change we made was to our banking account structure. Before this happened, we had one checking account, but we had two series of checks with two different numbering series out that one account. It enabled us to be cost effective yet keep track of payments.
So, you had payroll checks and other business expense checks that you ran out of just one account, keeping one number series for one type of payment and another number series for other types of payment. Is that correct?
Yes, one was for buying old gold and scrap jewelry from the public.
And then the other series of checks was just for other vendors and other things like that.
Correct. As soon as this happened, as I said, we closed that initial central account and opened two new ones. Now we keep three checking accounts. One is our primary business account, one is our client purchase account, and then the third is for our LLC (Limited Liability Corporation) which owns the building because the LLC has to pay some of its own bills.
So that’s another sort of stop-gap. It’s a firewall between the different buckets of money.
And the other two accounts are zero balance accounts. They have no money in them. Money is transferred into them only when the draw is pre-approved. It’s reviewed electronically once a day. The amount is paid to the zero-balance account and the amounts match up. We balance all our accounts daily, to the penny. And you know what, it’s not that much work. We download the transactions and then go through them with a QuickBooks add-on. And if something doesn’t match up, then it’s flagged so we can address it.
Was your bank helpful in all of this? Did you know about any of these services before this happened?
We did not know about any of it, but after the bad checks started our bank became very helpful.
What an opportunity for a bank. They have an incredibly helpful product that more people would use if they knew about the product and the risks out there.
Yes. We ended up meeting with the vice-president of the bank in charge of commercial accounts who told us, “You guys have no idea how lucky you were that we managed to catch this.” We didn’t lose a single dime. Not one check went through out of the hundreds of fakes.
If that first check hadn’t been to a check cashing service which took the step of calling you, you would not have taken such quick action. You would have eventually known something was going on but only after losing thousands of dollars.
Exactly. At that time, we were not looking electronically or digitally at our bank account on a daily basis. Not at all.
And, as you said earlier, you had all your money in one account. Do you have a bookkeeper?
Yes, we do. We have a full-time bookkeeper. We’re lucky we have one who is very skilled. He’s underemployed but it’s low stress here so that works for both of us. That’s something that we feel that we must have. You know, we’re a modest-sized business. We’re doing two and a half, three million dollars a year plus the gold buying, and we have 17 employees or so. We’re big enough. I wouldn’t sleep well without a permanent full-time bookkeeper and these processes in place.
Your story is about external fraud. But it’s more likely that someone inside a business will commit fraud. A lot of times a business might have a part-time bookkeeper with minimal expertise. Accounting can be an area that business owners do not feel comfortable with so they tend to put a lot of trust and not a lot of oversight into that bookkeeping function. This dynamic can set the stage for internal fraud with that employee setting up false vendor accounts, fake employees or falsified expense accounts.
Be an Involved Owner – Know Your Numbers!
As an involved owner, I sit down once a week and I run a profit and loss and balance sheet. I look at them and I usually do some period by period comparisons, with both dollar amounts and percentages, and then I’ll poke around and look at the bills to pay. I need to recognize every vendor, every bill, and every check. Only Monika (Mark’s wife and partner) or I can sign checks.
I can tell you we had another type of fraud come through. We received small invoices from companies that we didn’t know. They were trivial amounts, $10 or $20, and they seem to be for office supplies or something. Since I didn’t recognize the vendor, we cleared those out quickly and never paid them.
We run a significant amount of bill paying through some credit cards where we get one and a half and two percent back. I love getting a check for a couple grand just for maintaining a credit card paid in full every month. But over the years we’ve seen some odd little charges show up there and reoccur. Again, usually for modest amounts. There was one that was for $29 and it seemed to be for an internet or computer thing when we were building our own computers here. I thought it was legitimate, then it popped up the next month. I went in and researched it. It turns out it was some overseas computer supply firm.
That makes sense. I’ve heard sometimes they’ll send in little amounts as a kind of probe to see if you pick it up and, if you don’t, then they’ll increase the amounts.
I think they got one payment from us and then the credit card company managed to deny payment for the rest. But it’s one of the things that you should watch for.
You’re involved, you’re active, you know your numbers. You’re also do what I call “poking around.” And I bet everybody in the company knows that you do that. That’s one of the most effective methods of reducing the risk of internal fraud. The CPA fraud expert I interviewed the other day reinforced this idea of establishing a good “tone from the top” as a strong fraud prevention approach. Is the owner on top of things? Are they treating people and vendors fairly? Or, are they always trying to cut corners to get the best deal? That tone, that culture of involvement and sense of fairness and honesty is one of the best defenses. Certainly, all the disciplines you have in place will help keep the bad guys away.
I think for a business where maybe the owner doesn’t have the knowledge or the interest it would be a good idea to have an outside accountant come in and just take a peek every now and then. I have heard all too often about the bookkeeper who took $60,000 or a quarter of a million or even more dollars out of a business over time.
It’s shocking and it keeps happening. Maybe the employee was basically an honest person but if you combine no oversight, lots of unfettered access to money, and then add in medical bills or gambling addiction or resentment that they’re not getting paid enough, then these things can add up to a recipe for disaster.
You can also ask your CPA to come in and conduct a fraud prevention audit. They’ll review your systems, for example, do you have the same person opening the checks and depositing funds? Are you looking at your accounts? Do you have a method for verifying vendors? Are you properly tracking any credits that you issue? All the things you’re doing. It’s never any one thing that’s going to prevent it or stop it and you can’t just say, “Okay, we’ve done this and that’s it.”
Mark, I’m sorry you had such painful experience but I really appreciate your time and sharing your story. I know others will benefit from hearing this.
Absolutely, my pleasure!