Fighting retail fraud during COVID-19

Font Size

Taxwise Or Otherwise

With the COVID-19 pandemic creating an unprecedented crisis for countries, organizations and individuals, fraudsters have been quick to identify opportunities to take advantage of retail businesses (both traditional and electronic), as well as consumers.

Case in point, I have friends who have experienced their share of scams in the midst of the pandemic. One was almost tricked into buying fake face masks while the other received a phishing e-mail requesting bank details. Fortunately, they were not victimized but they shared their experience on social media to warn others. With these fraudsters on the prowl, the National Bureau of Investigation (NBI) has had to remind the public of scams related to COVID-19, especially involving essential items and online sales. Indeed, fraudsters are continuing to advance their schemes, at a pace that may seem even faster than the spread of the virus during this vulnerable time.

Based on PwC’s Global Economic Crime and Fraud Survey 2020, consumer fraud — whether committed by or on consumers — tops the list of economic crimes globally, in terms of incidence/frequency (35%) and impact (18%). Moreover, an April 2020 survey conducted by the Association of Certified Fraud Examiners (ACFE) reports that 90% of respondents have seen an increase in scams targeting consumers, primarily through third-party seller and buyer scams on legitimate online retail websites.

I personally think that the retail sector is having an even harder time now since they’re forced to revisit and restructure their operating model to cope with COVID-19. This, alongside market pressures and rationalization, have opened up a window of opportunity which fraudsters can capitalize on.

For starters, business processes have needed to change in order to meet higher health safety standards (e.g. work-from-home and remote interactions with customers and suppliers). Associated controls will also need to follow suit and be modified accordingly, resulting in gaps which may not be immediately noticed.

Due to urgent business needs, people are also more likely to circumvent existing controls in an ad-hoc manner in order to get things done. Consequently, they may neglect to perform the necessary controls and may not spot relevant “red flags” in a timely manner. These expose the organization to a higher degree of risk that could have been mitigated under the old operating model.

Lowered financial performance, greater struggles to meet KPIs, and higher risks to personal job security, when combined with external factors such as dwindling family income streams and emergency financial needs, may put pressure on those who are desperate for relief, pushing them to commit fraud. Perceiving that they have been neglected by their organizations, there may even be people who would feel justified in committing fraud, making them an attractive entry point for collusion by more experienced fraudsters.

Fraudsters know full well that COVID-19 and the related disruption has brought them new opportunities and targets for their fraud schemes — retailers would do well to recognize that their processes are more exposed and that their people are more vulnerable nowadays.

Based on PwC’s white paper, COVID-19: Keeping an eye on evolving fraud risks, retailers need to be most wary of supply chain fraud. Due to transport restrictions and manufacturing downtime, businesses are compelled to find alternatives in order to meet demand. Consequently, control standards have generally been lowered, resulting in more counterfeit/substandard products, misappropriated goods/supplies/payments and unfulfilled contractual obligations.

With more employees working remotely, new infiltration opportunities have also become available to the tech-savvy fraudster, pressuring IT teams and IT infrastructure systems to tighten up security controls in order to combat cybercrime. Generally, higher stress levels have also made people more vulnerable to sophisticated social engineering techniques such as phishing/smishing and business impersonation.

Internal fraud is also on the rise since standard operating procedures and controls are more relaxed in sensitive areas such as approvals, pre-transactional reviews and processing and release of payments, while post-transactional reviews have become less effective. These have contributed to higher risks from asset misappropriation, payroll/reimbursement fraud and accounting fraud.

Financial crimes have also become more prevalent, with a noted rise in fraudulent investment scams and money laundering activities.

It is best for retail businesses to be careful of these schemes as these may eventually lead to mid- to long-term financial losses, reputational harm, and lower market share when left unchecked.

Retailers should ensure that these four key steps are embedded in their day-to-day operating framework:

• Focus on changes in risk. Knowing what to look out for is the first part of the battle. Retailers need to identify which processes and controls were modified due to the crisis, determine the new most-at-risk areas and note down critical gaps that need to be improved. In conducting the assessment, audit trails should be kept as much as possible.

• Identify controls. Controls may need to be revised so that they are realistic, aligned and fit for the revised processes. For example, retailers may need to reinforce post-transactional controls. Continuously loop in and seek advice from the members of your senior management and the board of directors.

• Investigate fast. Do not wait for the crisis to settle down — it is often better to investigate a small incident now, rather than to deal with a big one tomorrow.

• Remediate promptly. Retailers should continue to collect information to plan and implement more structured responses wherever possible. It is also critical to ensure that key stakeholders (e.g. employees and suppliers) are provided with regular updates on risks and controls.

With people ever desperate for more information and tools to help mitigate the virus, retailers must properly formulate a structured approach to identify, reduce, and remediate fraud risks as part of their COVID-19 response so they can protect their business, people, customers and other stakeholders.

The views or opinions expressed in this article are solely those of the author and do not necessarily represent those of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd. The content is for general information purposes only, and should not be used as a substitute for specific advice.


Reymarc Sagrado is a senior associate with the Risk Consulting practice of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd., a Philippine member firm of the PwC network.

+63 (2) 8845-2728