Fraud Prevention Tips: Difference between revisions

From Jewel
Jump to navigation Jump to search
(Created page with ":'''''NOTE:''' Fraud attacks continue to evolve and increase, with losses in the billions of dollars over the course of a year. And yes, it happens to our churches. Just about every month we are hearing about a church that has discovered charges on their statement that they did not authorize. Some churches have lost hundreds and even thousands of dollars. Fraud may be inevitable, but financial loss is not, and here are tips that, if followed, can help you ensure the safe...")
 
 
(34 intermediate revisions by the same user not shown)
Line 1: Line 1:
:'''''NOTE:''' Fraud attacks continue to evolve and increase, with losses in the billions of dollars over the
It is estimated that Christian churches are losing approximately $60 billion per year to fraud and embezzlement. And Adventist churches are not immune. Preventing fraud is not about trust or mistrust. In fact, it has been proven over and over that trust is not an adequate barrier against fraud. People who are known and trusted have betrayed their church family, some continuing for years until the theft was uncovered.
course of a year. And yes, it happens to our churches. Just about every month we are hearing about a church that has discovered charges on their statement that they did not authorize. Some churches have lost hundreds and even thousands of dollars. Fraud may be inevitable, but financial loss is not, and here are tips that, if followed, can help you ensure the safety of your church's money.''


'''Important: If any of the following has happened or is happening to you, your computer or your bank
Fortunately, there are a number of things that you, as your church’s treasurer, can do to lessen your church's chances of being affected by financial fraud.
account, contact your conference or Jewel tech support. Right then. Putting it off is inviting loss.'''
 
'''Important: If fraud has happened or is happening to you, your computer or your bank account, contact your conference auditing or treasury department. Right then. Putting it off is inviting loss.'''
 
==Treasurer and Church Board Involvement and Education==
* '''Promote and lead out in transparency and accountability.''' If you, as treasurer, are grumpy and complain about having to count with two people or follow other guidelines, that attitude will affect others, and careless attitudes will result in opportunities for theft.
* '''Follow the money'''. Learn about the journey that your offerings take - all the steps from donor wallet to bank deposit. Are there any places where theft could easily occur? Encourage and lead out in better practices in those areas. Use the available [[Media:1050 - Cash Count Sheet - Simple 2.pdf|Cash Count Sheet - Simple]] or [[Media:1040 - Cash Count Sheet - Multiple.pdf|Cash Count Sheet - Multiple]]]] and [[Media:1130 - Tithe Envelope Verification Sheet.pdf|Tithe Envelope Verification Sheet]] to [[Dual Counting - Why and How|dual count]] and document all offerings.
* '''Encourage the use of AdventistGiving among your donors'''. Teach potential donors how to download and use the app. With [[AdventistGiving Offerings|AdventistGiving]], the route from donor to bank is completely secure.
* '''If your church has [[Do We Need a Credit or Debit Card? Which One?|credit or debit cards]], evaluate them for weaknesses and opportunities for fraud'''. If you have concerns about how they are being used, talk to an auditor. All holders of Debit of Credit cards should be required to read and sign the “[[Media:4520 - Debit or Credit Card User Agreement.pdf|Debit or Credit Card User Agreement]]” before receiving their card. If this is required and there is follow up on what they agreed to, users will have less leeway to claim ignorance or privilege.
* '''Maintain timely and accurate reporting'''. Deposit the offerings by Tuesday at the latest every week. Don't leave unattended offerings sitting around in public or even private places, where they can be a temptation.
* '''Supply the board with up-to-date, clear and accurate Jewel monthly reports'''. Learn how to present the reports to the church board in such a way that they understand them. Simple, clear and to the point.
* '''Ask the board to appoint someone to [[Bank Rec Comparison for Monthly Oversight|compare the bank statement with the Jewel reports]] at the board meeting'''. This is the very best way to prove that the reports are accurate. Train this person so they know what they are looking for.


==Bank Fraud==
==Bank Fraud==
Line 9: Line 18:
* '''Reconcile your bank accounts every month without fail''', so that any fraudulent charges are quickly discovered, reported and reversed. If reported after the grace period that your bank gives (which varies, but can be as little as 30 days), full recovery of the stolen funds may not be possible, which means your church has lost that money.
* '''Reconcile your bank accounts every month without fail''', so that any fraudulent charges are quickly discovered, reported and reversed. If reported after the grace period that your bank gives (which varies, but can be as little as 30 days), full recovery of the stolen funds may not be possible, which means your church has lost that money.
:The days of consistently being one, two or three months behind in your church's financial recordkeeping with no risk to your church, are gone. If you are a month or more behind, even if you eventually reconcile, your church's money is at risk. Checking accounts, debit accounts, credit card accounts, whatever you have, reconcile it. As soon after the first of the next month as possible. Report any unauthorized entries immediately. Don't wait days or weeks. The money that is lost may be your church's.
:The days of consistently being one, two or three months behind in your church's financial recordkeeping with no risk to your church, are gone. If you are a month or more behind, even if you eventually reconcile, your church's money is at risk. Checking accounts, debit accounts, credit card accounts, whatever you have, reconcile it. As soon after the first of the next month as possible. Report any unauthorized entries immediately. Don't wait days or weeks. The money that is lost may be your church's.
* '''If your bank offers them, ask that bank statements include check images''', even if there is a monthly fee.
* '''Use strong passwords for your bank account logins'''. Don’t use the same password for all logins, and keep your list of passwords in a safe place, not on a sticky note on or next to the computer itself.
* '''Use strong passwords for your bank account logins'''. Don’t use the same password for all logins, and keep your list of passwords in a safe place, not on a sticky note on or next to the computer itself.
* '''Don't click on or reply to unsolicited texts or emails that are asking for information about you or your bank account(s)'''. Period. Especially if they are telling you to click something or call a number or do something "'''RIGHT NOW'''" to save you from something awful. If you have any question about a text or email, or even a call from "your bank" asking for account number or login information, don't tell them anything. No matter how legitimate they sound. Hang up and call your bank directly, using an official bank phone number. Or contact an auditor and they can help you verify it.
* '''Don't click on or reply to unsolicited texts or emails that are asking for information about you or your bank account(s)'''. Period. Especially if they are telling you to click something or call a number or do something "'''RIGHT NOW'''" to save you from something awful. If you have any question about a text or email, or even a call from "your bank" asking for account number or login information, don't tell them anything. No matter how legitimate they sound. Hang up and call your bank directly, using an official bank phone number. Or contact an auditor and they can help you verify it.
Line 14: Line 24:


==Protecting the Treasury Computer==
==Protecting the Treasury Computer==
* '''Password the computer''': We recommend that the computer have an access password, to keep the private
* '''Password the computer''': We recommend that the computer have an access password, to keep the private information safe if the computer is stolen. If you create a new password for your computer, make sure that an auditor and/or someone in your church knows what it is. Because if you pass away suddenly and no one knows the password, all church data will be lost. A [[Properties Quick Start#Church Info|password on Jewel]] is a good idea too.
information safe if the computer is stolen. If you create a new password for your computer, make sure that an
auditor and/or someone in your church knows what it is. Because if you pass away suddenly and no one knows
the password, all church data will be lost. A [[Properties#Church Info|password on Jewel]] is a good idea too.
* '''Use the treasury computer for treasury use only.''' The more time the treasury computer spends online, whether browsing, streaming, gaming, school or personal finances and emails, the more chance of cyber fraud. [[Personal Use of Treasury Computer|Limit online exposure by using it only for church related tasks]] like Jewel, bank transfers, paying online bills and for AdventistGiving. You may need to access your personal email if treasury emails are being sent to it, but don’t use the treasury computer for the rest of your personal correspondence.
* '''Use the treasury computer for treasury use only.''' The more time the treasury computer spends online, whether browsing, streaming, gaming, school or personal finances and emails, the more chance of cyber fraud. [[Personal Use of Treasury Computer|Limit online exposure by using it only for church related tasks]] like Jewel, bank transfers, paying online bills and for AdventistGiving. You may need to access your personal email if treasury emails are being sent to it, but don’t use the treasury computer for the rest of your personal correspondence.
* '''Make sure the computer is updating Windows when it needs to'''. Restarting your computer when you get a
* '''Make sure the computer is updating Windows when it needs to'''. Restarting your computer when you get a message that a restart is needed, or powering it all the way off at least once a week will give Windows time to install important updates, including anti-virus updates. If you are not sure you know how to do this, ask a tech-savvy person at your church for a demonstration.
message that a restart is needed, or powering it all the way off at least once a week will give Windows time to install important updates, including anti-virus updates. If you are not sure you know how to do this, ask a tech-savvy person at your church for a demonstration.
* '''Virus Protection options''': Defender Antivirus is free and comes already loaded on your computer. You will not need to purchase an additional virus protection software. Purchased software sometimes blocks Jewel.
* '''Virus Protection options''': Defender Antivirus is free and comes already loaded on your computer. You will not need to purchase an additional virus protection software.
* '''Backup your data regularly'''. Whether from fraud or power loss or computer malfunction, losing data is always traumatic. If you enter offerings and checks into Jewel once a month, a monthly backup is fine. But if you enter data all month long, backup on a USB drive after every use so that if something happens, your data is not lost. And store that USB drive in a safe place. Don’t leave it in or next to the computer.
* '''Backup your data regularly'''. Whether from fraud or power loss or computer malfunction, losing data is always traumatic. If you enter offerings and checks into Jewel once a month, a monthly backup is fine. But if you enter data all month long, backup on a USB drive after every use so that if something happens, your data is not lost. And store that USB drive in a safe place. Don’t leave it in or next to the computer.
==Email Address Management==
* '''Create a church treasury email account'''. (Gmail is the best.) Example: athenstreasurer@gmail.com
:* Use it for online bank account access, Adventist Giving, Local Payroll, etc.
:* Make sure to give it to your auditor so you can receive information and updates.
:* Set it up on the treasury computer so it is easy for you to find
:* Check it regularly. At LEAST once a week, preferable more.
* '''Do not use your personal email address for church business'''.


==Cyber Fraud Awareness==
==Cyber Fraud Awareness==
* '''Be on the lookout for suspicious links, attachments and downloads'''. If an email comes from a source you don’t recognize, or asks you to do something right away, offers something that sounds too good to be true, or needs personal information, think before you click. And when in doubt, do NOT click. Ask an auditor for assistance if you are not sure.
* '''Be on the lookout for suspicious links, attachments and downloads'''. If an email comes from a source you don’t recognize, or asks you to do something right away, offers something that sounds too good to be true, or needs personal information, think before you click. And when in doubt, do NOT click. Ask an auditor for assistance if you are not sure.
* '''If a scary, weird or loud screen pops up on your computer''', telling you that you have a virus and that you need to click on a link to get help, immediately hold the power button down for at least 30 seconds and don’t restart the computer until you have contacted someone who knows how to deal with viruses, like a tech-savvy person at your church, a computer repair shop, or your conference office. They can make sure you get the help needed to ensure that everything is cleaned up before you use the computer again.
* '''If a scary, weird or loud screen pops up on your computer''', telling you that you have a virus and that you need to click on a link to get help, immediately hold the power button down for at least 30 seconds and don’t restart the computer until you have contacted someone who knows how to deal with viruses, like a tech-savvy person at your church, a computer repair shop, or your conference office. They can make sure you get the help needed to ensure that everything is cleaned up before you use the computer again.
* '''Email safety'''. For multiple reasons, we suggest [[21st Century Safety and Security Issues|having a church Gmail address]] for all treasury email rather than using your personal email address.
* '''Password Management''': Password breaches and leaks happen frequently. If your passwords are written and posted next to or on the computer, or if you are using the same username and password over and over, please reconsider your approach.
* Password Management: Password breaches and leaks happen frequently. If your passwords are written and posted next to or on the computer, or if you are using the same username and password over and over, please
* '''Keep a copy of your password list on the USB drive you use for backing up Jewel''', if you know how to do it. Or choose one or more of the following:
reconsider your approach. For password management tips, [[21st Century Safety and Security Issues|click here]].
:* Get a smartphone app that safeguards passwords
* If you know how to do it, keep a copy of your password list on the USB drive you use for backing up Jewel. If you do not, [[21st Century Safety and Security Issues|click here]] for password storage tips.
:* Write them down on paper without identifying what they are, and store them in a safe place such as the misc folder in your file box
:* File a well-labelled copy in the locked cabinet at church, and tell one or two leaders in the church where to find it
*'''Challenge Questions or Secret Questions''' should be written down (both question and answer) and stored securely with the password. Ask yourself: Would an authorized person be able to access this account if I was not able to?
* '''“Tech Support” Fraud'''. "Tech Support" phone numbers or websites can look legitimate but can be scammers in disguise, trying to gain access to your information and bank accounts. If you are having trouble with the computer or a printer, and you do an internet search and click on a link where some online person volunteers to link with your computer to "help" you, stop, hang up the phone, shut down your computer, and call your computer tech support (not Jewel tech support). Right then. Sharing information with a faceless "help" person can end with them loading malware onto your computer, which could give them access to the church's bank account. A good rule of thumb is: Do not give anyone other than conference auditors or conference IT personnel access to the treasury computer. (Or in cases of the need for computer repair, a legitimate repair person like the Geek Squad.)
* '''“Tech Support” Fraud'''. "Tech Support" phone numbers or websites can look legitimate but can be scammers in disguise, trying to gain access to your information and bank accounts. If you are having trouble with the computer or a printer, and you do an internet search and click on a link where some online person volunteers to link with your computer to "help" you, stop, hang up the phone, shut down your computer, and call your computer tech support (not Jewel tech support). Right then. Sharing information with a faceless "help" person can end with them loading malware onto your computer, which could give them access to the church's bank account. A good rule of thumb is: Do not give anyone other than conference auditors or conference IT personnel access to the treasury computer. (Or in cases of the need for computer repair, a legitimate repair person like the Geek Squad.)


==Mail Fraud Avoidance Tips==
==Mail Fraud Avoidance Tips==
* Invoices or bills that come to a church in the mail can be hoaxes, designed to scare you into sending them a payment. If you don’t recognize the sender, even if it looks official, don’t pay it. Ask for help to know if it is legitimate.
* '''Invoices or bills that come to a church in the mail can be hoaxes''', designed to scare you into sending them a payment. If you don’t recognize the sender, even if it looks official, don’t pay it. Ask for help to know if it is legitimate.
* Charges for yellow page ads are fraudulent. Invoices for domain registration with search engines are fraudulent unless you are paying the search engine (such as Google) for a preferred listing. Any charge for Web hosting should be checked with your Web master to make sure you are actually using that hosting service.
* '''Charges for yellow page ads are fraudulent. Invoices for domain registration with search engines are fraudulent''' unless you are paying the search engine (such as Google) for a preferred listing. Any charge for Web hosting should be checked with your Web master to make sure you are actually using that hosting service.
* Church directories, whether printed or online, should not be available to strangers – casual visitors to your lobby or website. They contain phone numbers and email addresses that scammers can use.
* '''Church directories, whether printed or online, should not be available to strangers''' – casual visitors to your lobby or website. They contain phone numbers and email addresses that scammers can use.
* Set up auto-pay on utility and other monthly payments. It is more secure than snail mail and also saves you time.
* '''Set up auto-pay on utility and other monthly payments'''. It is more secure than snail mail and also saves you time.
* If you mail payment checks, mail them in security envelopes that conceal the contents, and taking them to the slot inside the post office rather than putting them in your own mailbox for pickup is considered to be safer as well.
* '''If you mail payment checks, mail them in security envelopes''' that conceal the contents, and taking them to the slot inside the post office rather than putting them in your own mailbox for pickup is considered to be safer as well.
 
==Church Financial Record Storage Recommendations==
* '''Do not store records for previous years at your home''' (unless you rent a facility)
* '''Create or find a secure place at your church''', such as a locked file cabinet.
 
 
-----
[[Fraud Prevention for Churches|Click here for more topics related to  Fraud Prevention for Churches]]

Latest revision as of 02:04, 6 January 2026

It is estimated that Christian churches are losing approximately $60 billion per year to fraud and embezzlement. And Adventist churches are not immune. Preventing fraud is not about trust or mistrust. In fact, it has been proven over and over that trust is not an adequate barrier against fraud. People who are known and trusted have betrayed their church family, some continuing for years until the theft was uncovered.

Fortunately, there are a number of things that you, as your church’s treasurer, can do to lessen your church's chances of being affected by financial fraud.

Important: If fraud has happened or is happening to you, your computer or your bank account, contact your conference auditing or treasury department. Right then. Putting it off is inviting loss.

Treasurer and Church Board Involvement and Education

  • Promote and lead out in transparency and accountability. If you, as treasurer, are grumpy and complain about having to count with two people or follow other guidelines, that attitude will affect others, and careless attitudes will result in opportunities for theft.
  • Follow the money. Learn about the journey that your offerings take - all the steps from donor wallet to bank deposit. Are there any places where theft could easily occur? Encourage and lead out in better practices in those areas. Use the available Cash Count Sheet - Simple or Cash Count Sheet - Multiple]] and Tithe Envelope Verification Sheet to dual count and document all offerings.
  • Encourage the use of AdventistGiving among your donors. Teach potential donors how to download and use the app. With AdventistGiving, the route from donor to bank is completely secure.
  • If your church has credit or debit cards, evaluate them for weaknesses and opportunities for fraud. If you have concerns about how they are being used, talk to an auditor. All holders of Debit of Credit cards should be required to read and sign the “Debit or Credit Card User Agreement” before receiving their card. If this is required and there is follow up on what they agreed to, users will have less leeway to claim ignorance or privilege.
  • Maintain timely and accurate reporting. Deposit the offerings by Tuesday at the latest every week. Don't leave unattended offerings sitting around in public or even private places, where they can be a temptation.
  • Supply the board with up-to-date, clear and accurate Jewel monthly reports. Learn how to present the reports to the church board in such a way that they understand them. Simple, clear and to the point.
  • Ask the board to appoint someone to compare the bank statement with the Jewel reports at the board meeting. This is the very best way to prove that the reports are accurate. Train this person so they know what they are looking for.

Bank Fraud

The most effective tool in the fight against bank fraud is monthly Bank Reconciliation.

  • Reconcile your bank accounts every month without fail, so that any fraudulent charges are quickly discovered, reported and reversed. If reported after the grace period that your bank gives (which varies, but can be as little as 30 days), full recovery of the stolen funds may not be possible, which means your church has lost that money.
The days of consistently being one, two or three months behind in your church's financial recordkeeping with no risk to your church, are gone. If you are a month or more behind, even if you eventually reconcile, your church's money is at risk. Checking accounts, debit accounts, credit card accounts, whatever you have, reconcile it. As soon after the first of the next month as possible. Report any unauthorized entries immediately. Don't wait days or weeks. The money that is lost may be your church's.
  • If your bank offers them, ask that bank statements include check images, even if there is a monthly fee.
  • Use strong passwords for your bank account logins. Don’t use the same password for all logins, and keep your list of passwords in a safe place, not on a sticky note on or next to the computer itself.
  • Don't click on or reply to unsolicited texts or emails that are asking for information about you or your bank account(s). Period. Especially if they are telling you to click something or call a number or do something "RIGHT NOW" to save you from something awful. If you have any question about a text or email, or even a call from "your bank" asking for account number or login information, don't tell them anything. No matter how legitimate they sound. Hang up and call your bank directly, using an official bank phone number. Or contact an auditor and they can help you verify it.
  • Church bank accounts should not be accessed or registered on your personal computer. If a personal computer is compromised, church assets can be lost.

Protecting the Treasury Computer

  • Password the computer: We recommend that the computer have an access password, to keep the private information safe if the computer is stolen. If you create a new password for your computer, make sure that an auditor and/or someone in your church knows what it is. Because if you pass away suddenly and no one knows the password, all church data will be lost. A password on Jewel is a good idea too.
  • Use the treasury computer for treasury use only. The more time the treasury computer spends online, whether browsing, streaming, gaming, school or personal finances and emails, the more chance of cyber fraud. Limit online exposure by using it only for church related tasks like Jewel, bank transfers, paying online bills and for AdventistGiving. You may need to access your personal email if treasury emails are being sent to it, but don’t use the treasury computer for the rest of your personal correspondence.
  • Make sure the computer is updating Windows when it needs to. Restarting your computer when you get a message that a restart is needed, or powering it all the way off at least once a week will give Windows time to install important updates, including anti-virus updates. If you are not sure you know how to do this, ask a tech-savvy person at your church for a demonstration.
  • Virus Protection options: Defender Antivirus is free and comes already loaded on your computer. You will not need to purchase an additional virus protection software. Purchased software sometimes blocks Jewel.
  • Backup your data regularly. Whether from fraud or power loss or computer malfunction, losing data is always traumatic. If you enter offerings and checks into Jewel once a month, a monthly backup is fine. But if you enter data all month long, backup on a USB drive after every use so that if something happens, your data is not lost. And store that USB drive in a safe place. Don’t leave it in or next to the computer.

Email Address Management

  • Create a church treasury email account. (Gmail is the best.) Example: athenstreasurer@gmail.com
  • Use it for online bank account access, Adventist Giving, Local Payroll, etc.
  • Make sure to give it to your auditor so you can receive information and updates.
  • Set it up on the treasury computer so it is easy for you to find
  • Check it regularly. At LEAST once a week, preferable more.
  • Do not use your personal email address for church business.

Cyber Fraud Awareness

  • Be on the lookout for suspicious links, attachments and downloads. If an email comes from a source you don’t recognize, or asks you to do something right away, offers something that sounds too good to be true, or needs personal information, think before you click. And when in doubt, do NOT click. Ask an auditor for assistance if you are not sure.
  • If a scary, weird or loud screen pops up on your computer, telling you that you have a virus and that you need to click on a link to get help, immediately hold the power button down for at least 30 seconds and don’t restart the computer until you have contacted someone who knows how to deal with viruses, like a tech-savvy person at your church, a computer repair shop, or your conference office. They can make sure you get the help needed to ensure that everything is cleaned up before you use the computer again.
  • Password Management: Password breaches and leaks happen frequently. If your passwords are written and posted next to or on the computer, or if you are using the same username and password over and over, please reconsider your approach.
  • Keep a copy of your password list on the USB drive you use for backing up Jewel, if you know how to do it. Or choose one or more of the following:
  • Get a smartphone app that safeguards passwords
  • Write them down on paper without identifying what they are, and store them in a safe place such as the misc folder in your file box
  • File a well-labelled copy in the locked cabinet at church, and tell one or two leaders in the church where to find it
  • Challenge Questions or Secret Questions should be written down (both question and answer) and stored securely with the password. Ask yourself: Would an authorized person be able to access this account if I was not able to?
  • “Tech Support” Fraud. "Tech Support" phone numbers or websites can look legitimate but can be scammers in disguise, trying to gain access to your information and bank accounts. If you are having trouble with the computer or a printer, and you do an internet search and click on a link where some online person volunteers to link with your computer to "help" you, stop, hang up the phone, shut down your computer, and call your computer tech support (not Jewel tech support). Right then. Sharing information with a faceless "help" person can end with them loading malware onto your computer, which could give them access to the church's bank account. A good rule of thumb is: Do not give anyone other than conference auditors or conference IT personnel access to the treasury computer. (Or in cases of the need for computer repair, a legitimate repair person like the Geek Squad.)

Mail Fraud Avoidance Tips

  • Invoices or bills that come to a church in the mail can be hoaxes, designed to scare you into sending them a payment. If you don’t recognize the sender, even if it looks official, don’t pay it. Ask for help to know if it is legitimate.
  • Charges for yellow page ads are fraudulent. Invoices for domain registration with search engines are fraudulent unless you are paying the search engine (such as Google) for a preferred listing. Any charge for Web hosting should be checked with your Web master to make sure you are actually using that hosting service.
  • Church directories, whether printed or online, should not be available to strangers – casual visitors to your lobby or website. They contain phone numbers and email addresses that scammers can use.
  • Set up auto-pay on utility and other monthly payments. It is more secure than snail mail and also saves you time.
  • If you mail payment checks, mail them in security envelopes that conceal the contents, and taking them to the slot inside the post office rather than putting them in your own mailbox for pickup is considered to be safer as well.

Church Financial Record Storage Recommendations

  • Do not store records for previous years at your home (unless you rent a facility)
  • Create or find a secure place at your church, such as a locked file cabinet.


Click here for more topics related to Fraud Prevention for Churches

Retrieved from "https://www.jewelsda.com/wiki/index.php?title=Fraud_Prevention_Tips&oldid=3278"