Fraud Policy
FRAUD POLICY
This document outlines the Fraud policy and Procedure related to Virtual Card for You accounts. “We”, “our”, and “us” refer to Virtual Card for You. “You”, “your”, and “customers” refer to the account holder.
Purpose of this Document
This policy details how the Virtual Card for You will approach identifying the fraud risks that it faces, when delivering its payment service, and implementing the necessary controls to mitigate them.
Review of Policy
This policy will be reviewed regularly, at least once a year, and amended as considered necessary by the Virtual Card for You’s Management Body in the event of changing circumstances or regulations.
Risk Assessment
All Fraud risks will be identified using a fraud risk assessment, which has been appended to this document.
The risk assessment will provide details of the following:
Details of Internal and External Fraud risks Virtual Card for You faces.
The controls in place to mitigate those risks.
The policies that have been developed to implement the controls.
Details of how the policies are monitored.
Fraud Risks
Virtual Card for You has identified the following risks relating to fraud:
Internal Fraud
Employees acting in a fraudulent manner, resulting in either:
• Financial loss, from either the company or a customer
• Identity fraud, resulting in a customer’s data being compromised
External Fraud
External threats have been identified in the following areas:
• Clients acting fraudulently
• Fraudsters posing as potential clients
• Email fraud; emails from 3rd parties purporting to be clients/staff
• Cheque fraud
Controls to mitigate the risks
Virtual Card for You has implemented the following controls, which will mitigate the risks identified above:
Controls for Internal Fraud
Virtual Card for You has implemented the following controls:
• Identity checks as part of the employment process, which will include a DBS check
• Data visibility restriction by department, which is governed by an Access Rights Policy
• Access to internal systems and trading platforms governed by an Access Rights Policy
• Virtual Card for You also uses proactive anti-cyber fraud mailers to our client base to promote awareness and vigilance
Specific Policies to implement the controls
The following policies have been implemented by the Virtual Card for You, which will enable these controls to be implemented:
• Access Right Policy
Controls for External Fraud
Virtual Card for You has implemented the following controls in relation to the external fraud risks
• KYC checks during onboarding
• As part of this policy, Virtual Card for You has made the decision not to accept cheques or Cash deposit
• Staff training to be aware of fraud trends
• Operational process to confirm all new beneficiary details with clients to avoid client email fraud/interception – see appendix 2
Specific Policies to implement the controls
The following additional policies and checks have been implemented by the Virtual Card for You, which will enable these controls to be implemented:
• AML Policies and Procedures
• Daily checks to prevent cheques from being paid into our client accounts
Issue Monitoring and Resolution
The controls outlined in this policy have been designed to prevent a fraud related issue from occurring. Where an issue does occur, details of how it will be monitored and resolved are outlined in the Operational and Security Incident Reporting Process.
Compliance Monitoring
This policy will be monitored through the compliance monitoring plan.
Breaches of Fraud Policy
Any breaches of the Fraud policy will be recorded on Virtual Card for You’s breach log in conjunction with its Regulatory Breach policy.
Updated September 30, 2024.
Copyrighted work of Virtual Card for You. © 2024 all rights reserved.