Retailers use a variety of tactics to battle this epidemic, from low-tech options such as offering rewards to employees who turn in thieves, to high-tech systems that can, for instance, monitor transactions to reveal issues that managers would normally be unable to detect. Yet unscrupulous employees remain undeterred, and will forever try to beat the system.

Even more upsetting is that catching an employee red-handed on video sliding product will not necessarily prevent them from bringing a wrongful termination claim against you. Many individuals, even guilty ones, feel compelled to try to clear their name through litigation. Although you would likely win such a suit in the end, the expense and time involved can be hundreds of times the amount of the theft, and might sway you to instead negotiate a frustratingly unfair settlement.

In order to maintain consistency, there is usually no choice but to terminate employees who engage in dishonest or even suspicious behavior. But if you or your managers were to make innocent mistakes during what should be a legitimate termination, you could find yourself facing a lawsuit. Worse, you could learn that your mistakes gave the lawsuit legs because it opened you up to exposure to an individual who stole from your company.

In this issue, we’ll look at some common mistakes that have resulted in otherwise unassailable terminations going south in court, and step-by-step solutions to prevent the worst-case scenario from unfolding.

The Investigation

In virtually every employment lawsuit arising from a termination for wrongdoing, the first step of the termination process—the investigation—becomes the most critical when scrutinized in front of a jury. It’s even more important when theft is involved. An allegation of theft is a powerful accusation and one that should never be taken lightly. While ordinarily you bear no burden of proof at trial, the jury will often look to you to prove theft beyond a reasonable doubt. Thus, the employee’s first tack in a trial will be to attack the quality of your investigation.

The Appropriate People Should Conduct The Investigation

There are many important missteps to avoid. First, at least two individuals should be involved in your investigation and, optimally, one should not be personally acquainted with the subject. This will help avoid claims that the allegation was trumped-up against an employee by a hostile or biased investigator. For example, an employee might claim that they were framed for theft by a manager for refusing earlier sexual advances. Using several investigators might shield such an accusation from gaining traction.

Make Sure The Accused Tells Their Tale

You must allow any employee being investigated to tell their story and include the account in your record of the investigation. Otherwise, a jury may think the employee was railroaded. The investigation must be thorough, and your investigator should never limit questioning to the witnesses identified by the accused when there may be other individuals with relevant knowledge.

Follow Your Own Internal Policies

If your company has a protocol for investigations, it must be followed to the letter. Juries demand that employers follow written procedures. Failure to do so can serve as evidence of “pretext” (a justification for a course of action that is found to be false) and could defeat your efforts at winning the case on written motions, rather than going all the way to trial.

Make Sure Your Witnesses Provide Their Own Testimony

It is important for witnesses to write their statements in their own handwriting and using their own words. Nothing tanks the credibility of a witness faster than when they don’t understand the meaning of words used in “their” written statement when testifying on the stand.

Preserve Records And Recordings

Another concern arises when a company acts as if it will never hear from the employee again once they depart the workplace following a termination. Even if you obtain a written confession of theft, it will be no substitute for a complete investigative file. Your investigator must organize and store all the records of the investigation for future use. Nothing should be destroyed.

If you plan to use business records or recordings that are ordinarily destroyed in accordance with your company’s record retention and destruction protocol, they should be moved from their usual location and preserved. Just as video footage of an employee pocketing a twenty is solid gold in a court, not having that video footage is solid gold for the plaintiff in an employment trial. If the video is missing, no explanation will overcome a jury’s assumption that you did not want them to see the video for some nefarious reason. Likewise, if an investigator reviews evidence, such as financial reports, stored on a computer, they should create copies of these records to be included in the investigation file.

Catching The Thief

The method used to catch thieves is another aspect that can result in liability. For example:

• It is common for retail managers to hide baby monitors or other electronic listening devices in break rooms to try to catch employees talking about stealing. While the idea seems perfectly logical, it could also be illegal under federal anti-wiretapping laws and state privacy statutes.
• During an investigatory meeting with an employee who is suspected of theft, if you have the employee in a position where they cannot leave the room or area without “going through” one of your managers, it could lead to a false imprisonment claim.
• Digging through an employee’s purse or other personal belongings looking for stolen merchandise without consent to search could generate an invasion of privacy claim.
• Using a lie detector during an investigation of monetary loss could open you up to legal claims given strict federal regulations on the subject.

Because of factors like these, it’s important that you take several steps while attempting to catch an employee on suspicion they are stealing.

Destroy The Expectation Of Privacy

First, every employee should sign an acknowledgment that they understand they have no privacy rights in regard to those items they choose to bring on the premises. While not required by federal law, you should also have your employees acknowledge and consent in writing that they are under video surveillance while in all public and employee-only spaces at your store (not bathrooms or other private spaces). This will prevent them from bringing a successful invasion of privacy claim in the future.

Set Expectations For Investigations

At the outset of any investigation into alleged theft, the accused employee should be made aware that participating in company investigations is mandatory. Provide them a written notice that refusal to cooperate may result in termination.

Create And Enforce Policies Related To Company Assets

Finally, you should expressly advise all of your employees regarding your policies pertaining to the protection of company assets. Instruct them that violations of the policy may lead to their immediate termination without any finding of intentional wrongdoing.

The Termination Meeting

The termination meeting should not be the first time the accused is informed that they are suspected of malfeasance. However, even if you have done some legwork into the matter and feel like you have a rock solid case before talking with the suspected thief, you should still consider your plan for carrying out the disciplinary action.

Consider A “Suspension Pending Investigation”

Regardless of any benefit to keeping the employee in the dark about your suspicion while you conduct a covert investigation, and even if termination is essentially a foregone conclusion at the time of your interview with the accused, you should still hold off on making a termination decision and from communicating that sort of message during that first interview. It is far better to suspend the employee pending the outcome of the investigation. Many times the employee will not return for a follow-up meeting and can be terminated as having abandoned their job. There are far fewer facts to argue when an employee is terminated on these grounds.

Your Words Matter

How the termination meeting is to be conducted depends heavily on the strength of your evidence. If all the signs point to theft but you don’t necessarily have anything that is conclusive, you should not use terms like “theft,” “dishonesty,” or even “suspicion of theft” as reasons the employee is being terminated. This does not mean you cannot terminate the employee, but accusing an individual of a crime is per se defamatory in many jurisdictions, and you may be required to prove in court that the employee did, in fact, commit a crime. Instead, language centering on your lack of trust in the employee—“we are terminating you because we have lost confidence in your ability to perform your job up to our expectations”—is much less likely to be considered defamatory.

Focus On Your Policies, Not The Criminal Code

Another way to couch your justification for termination if you are less than 100 percent certain of the employee’s guilt is to cite a violation of your company policies and not any allegation of criminalwrongdoing. In this scenario, you should tell the employee that you have not reached a conclusion as to their culpability for a crime, but that the termination is because proper store procedures were not followed.

Stay Tuned For Part Two

Terminating employees for the reasons stated in this article may not prevent the employee from securing unemployment compensation, but as we’ll discuss in Part Two of this article, fighting unemployment compensation is overrated. In the next issue of the Retail Update, we’ll look at other problem areas in terminating for theft, including when—and when not—to call the police.

For more information, contact the author at EHarold@fisherphillips.com or 504.522.3303.

So, what is a spoofed website? In this scheme, a fraudster creates a fake website and/or email domain that looks legitimate, often copying a real website using logos, images and even the layout/content of the site. This phishing tactic usually asks the visitor to enter log-in credentials or personal details in an attempt to collect information used for identity theft. This tactic can also be used for other fraudulent activity. In the case reported by ARC, the fraudster used the fake website to appear legitimate to hotels and book stays using compromised credit cards.

Unfortunately, it can be difficult to spot a spoofed website, but there are a few signs to be weary of. First, check the web address. A spoofed website usually contains a misspelled word, extra punctuation or is excessively long. You should not only check for these signs in a web browser, but also any text linked to hyperlinks—hover over hyperlinked text to see the full URL before clicking. Another sign of a spoofed website is pop-ups. Sometimes spoofers direct victims to legitimate sites and use a pop-up window to collect personal information. Always use the website you are familiar with, have used previously without issues and have bookmarked. Don’t rely on a Google search. Review any results returned by searches and compare the URLs.

Now that you know how to spot a spoofed site, here are some tips to protect yourself if you feel like you may have landed on one:

• If you think you have found yourself on a spoofed site, scan the page for a Trust Seal. Many authentic sites use these badges issued by third-party security companies to show the site is verified, secure and safe. Please keep in mind that not every secure and authentic website, including Travel and Transport’s, marks their site with any type of “Trust Seal.” This is just one indicator of authenticity.
• Check the address bar for more details on the site. Oftentimes the company name is shown alongside the URL in the address bar. Another item to look for is a lock showing the site is secure as well as “https” in the URL. This is a good first step, but not always a complete indicator of a “trusted site.” HTTPS certificates are relatively easy for an advanced hacker to obtain.
• Anti-phishing software is another way to arm yourself against scammers. Many browsers have add-ons or plug-ins to help detect phishing sites. You can also utilize the site whois.com to determine when the website was created. This site helps determine if your own site has been spoofed.
• If you are unsure if you are on a spoofed website asking for login information, give a fake password. If you use a fake password and appear to be logged in, you are most likely on a spoofed site. If you’re fake password is rejected, you should still be leery and take some of the other precautions mentioned in this list.
• When in doubt, contact the company directly to verify the website.
• Lastly, if you think you have fallen victim to a phishing site, immediately contact your IT team and report the site to the local police.

With processes becoming more and more automated through digital and web processes, it is important to take a comprehensive look at risk management to include crime and corruption that takes place on the web. As Travel and Transport’s Chief Technology Officer, Tim Krueger, puts it, “In today’s world of an ever changing and increasing threat landscape, user awareness and training are essential elements to any modern security program. Individual diligence in identifying and avoiding potential scams and threats is often the first and last line of defense.” We hope you never have to use these tips, but keep them in your back pocket in case you ever happen upon a fraudster.

Sources:
https://archives.fbi.gov/archives/news/pressrel/press-releases/fbi-says-web-spoofing-scams-are-a-growing-problem
https://www.globalsign.com/en/blog/how-to-spot-a-fake-website/
https://www2.arccorp.com/support-training/fraud-prevention/fraud-alerts/fa01262018/
https://safety.yahoo.com/Security/PHISHING-SITE.html

Outside the U.S., the story is different. In Asia, Europe, and now in Canada, the payment industry technical standard is “EMV,” which uses a “smart” microchip embedded in the card, and acceptance devices designed to support the chip-based standard. Although the U.S. is the largest user of payment cards in the world, it has been nearly the last country to adopt and implement EMV in payment card transactions.

Because the EMV standard (developed by three major global credit card issuers – Europay, MasterCard, Visa – specifically to combat fraud) is inherently more secure, the U.S. is now the “weak link.” Experts predict credit card fraud “migration” to the U.S.  Statistics bear this out. According to a recent Accenture study, in countries (such as the U.K.) where EMV has been implemented, rates are declining, while in the U.S., they continue to rise. Part of the EMV business case is that chip-based payment technology enables “dual-interface” combinations of cards and contactless mobile payment. The need to replace the old magnetic-based point-of- sale acceptance devices in order to implement EMV also presents an opportunity to enable contactless and mobile-ready technology at the POS.

The estimated nationwide costs of converting to chip-based cards and POS acceptance devices are about $8 billion. That has been the primary obstacle to implementation of EMV in the U.S. But major credit card issuers, facing mounting fraud losses, are forcing processing banks and merchants to implement the switchover.

The first step in that forcing process occurred in 2013. As of April 2013, all major U.S. credit card associations, Visa, MasterCard, Discover and American Express, require “acquirers” (banks that contract with merchants to accept or acquire credit card payments from card-issuing banks), service providers, and sub-processors to have the capability to process any EMV POS transaction, both contact and contactless. These entities must adhere to payment network rules and complete approvals, in order to begin processing and passing additional authorization data for EMV transactions.

October 1, 2015 Liability Shift

The next step is much more significant, and is now upon us. It directly affects any merchant who accepts credit or debit cards. Beginning today, on Oct. 1, 2015, MasterCard and Visa will shift liability for fraudulent counterfeit card transactions to the “non-EMV compliant” party. This means that, if a fraudulent transaction is made on a counterfeit card, and the merchant does not have EMV-compliant POS terminals, the merchant will be liable. If the merchant does have an EMV-compliant terminal, and the bank that issued the card issued a magnetic stripe card without an EMV chip, then the issuing bank will be liable.

Although most cards issued in the past couple of years in the U.S. are now chipped, according to most industry observers, many of America’s businesses, particularly small businesses, are not ready for the shift to EMV, at the point of sale. Reasons include a lack of awareness, and a complex technical validation and certification process that is backlogged, and taking longer than expected.

There is a fair amount of fear and confusion about the Oct. 1 “liability shift.”  Practically speaking, the circumstances under which a merchant will be liable for a fraudulent transaction are fairly limited. First, the card must be a particular type of counterfeit: a phony magnetic strip type card, with tracking data copied onto the strip from a genuine chip card. Second, the merchant’s POS terminal device must be incapable of reading a contact chip. That is the only situation a merchant can be liable when it has done nothing wrong other than not having the right type of terminal equipment. On the other hand, if a counterfeit card has a chip, and the merchant does not have a terminal capable of reading the chip, but authorizes the transaction anyway, it will be liable for that poor decision. In most other counterfeit card situations, the issuer remains liable. Furthermore, the “liability shift” applies only to “card present” types of transactions, where a customer presents a card at the point of sale. In fact, many observers think this will drive fraud to “card not present” exchanges, i.e. online transactions. Still, the risk is real, and for certain types of merchants (ones who depend heavily on face-to-face card transactions), could be significant.

Steps to Consider

While hardware upgrades can be expensive, and complicated in large organizations, the liability shift will make conversion to EMV-ready POS devices inevitable. Hospitality industry businesses would be well advised to:

• Begin implementing EMV now, if you haven’t already begun;
• Ensure that your processing and POS equipment providers meet applicable EMV security and certification requirements; and if not, review contracts to determine if they can be terminated in favor of an EMV-ready vendor;
• While upgrading to EMV, plan ahead, and consider deploying an integrated solution that will support some form of contactless mobile payment;
• Work with the banks that handle your merchant accounts and their POS device providers to find out how and when they are implementing EMV;
• Once EMV-ready terminals and related software are deployed, train front-office personnel on how “chip and pin” or “chip and sign” transactions work, and back office and IT personnel on configuration and validation requirements necessary to integrate EMV with legacy systems and work flows.

Larger organizations face a more complex CIO-level technology procurement and payments systems challenge, but there is no shortage of consultants and vendors focused on EMV implementation. Large or small, the change to EMV is already well underway.

Fraudulent sites may be built to resemble legitimate booking sites, going as far as using the logos and color schemes of hotels and reputable online sites. They will collect deposits from bookers or a “commission” without ever booking the reservation.

It has become harder and harder to notice the fakes as more people book via their mobile devices. Maryam Cope, Vice President for Government Affairs for the AH&LA told the LA Times that travelers may not even realize they’ve been scammed until it’s too late. “If you book the room online you may not find out there is a problem until you show up at the front desk,” said Cope.

The AH&LA has worked with members of Congress to reach out to the US Attorney General’s office, educating them on the issue and asking them to spread the word about these scams. Until these fraudsters are cracked down upon, here are some things you can do to protect your money and enjoy your upcoming trip:

• If you’re a business traveler and your company has a managed travel program, booking through company-approved channels is always the best option.
• Don’t click links from emails or other websites that lead you to a hotel booking site. Access sites directly via their URL or their official mobile app.
• If you aren’t familiar with the hotel booking site, do some research. A few searches of Google and social media sites can save you from a ruined trip.
• Use your instinct. If it doesn’t look or feel right, it probably isn’t. Call your travel management company or reach out to the hotel directly to be sure.

A study by the Association of Certified Fraud Examiners (Association of Certified Fraud Examiners: 2012 Report to the Nations) found occupational fraud caused $3.5 trillion in losses. The typical fraud lasted two years. The median loss was $140,000 and one in five involved losses was $1 million or more.

However, the good news is that anti-fraud controls, including hotlines, surprise audits and anti-fraud training can significantly reduce a company’s exposure to loss.

With these crimes, literally anyone in an organization is a potential perpetrator. Criminals range from hourly employees all the way up to senior management, including the CEO. The size of loss correlates with annual income level, tenure, age, education, and the level of collusion involved in the crime.

Among perpetrators, 87% were first-time offenders; 36% were considered “living beyond their means,” and 27% had been experiencing financial difficulties. However, more often than not, the perpetrator has done the same thing at one or more former employers.

Perhaps the most significant potential  for occupational crime and fraud is crime insurance. If your company has insurance, review the adequacy of coverage and limits. In addition, see if you have “cost/fee coverage,” which can pay for the use of outside providers to help investigate a crime. Until they are victims, many businesses don’t realize they are woefully under-insured and lack cost/fee coverage

Fraud Risk Factors

To help organizations assess their potential exposure to occupational crime or fraud, the Association of Fraud Examiners has identified some key considerations, often called the “triangle” or “three legs of fraud.”

First, consider the impetus to perpetrate a fraud. The business driver having to “make a number” might lead one to manipulate transactions. And there’s the personal motivation, usually financial gain or desperation, to engage in theft against the employer.

Another factor is opportunity: Does a potential perpetrator have access to assets? Are controls inadequate or non-existent?

Corporate culture plays a part as well. Even in a strong outward culture of integrity, the feeling may be different within specific departments or functions. Is financial aggressiveness or risk-taking part of the organization’s culture or a desired attribute for a certain class of employees?

What to Do If Fraud is Suspected?

If occupational fraud is suspected, absent any exigent or life threatening issues, you might take the following measures:

1. Locate and read the company’s crime or fidelity insurance policy.

2. Conduct an investigation before notifying your insurer.

3. Give proper notice to your crime and  property insurers.

4. Note the time on your insurance policy to file “Proof of Loss.”

5. Note the time to file suit against your insurer for non-payment of a loss.

6. Conduct a thorough internal investigation.

7. Work with your human resources, communications, operations, finance and other functions, employment attorneys and outside counsel to address potential employee issues.

8. Consider civil litigation against perpetrators.

9. Consider criminal prosecution.

The Loss Adjustment Process

Crime claims are unlike other claims or property damage loss or business interruption loss, or simple accidental liability matters like car damage. They are conducted within guideline time restrictions. There is a frequently exercised provision for an extension, so, there’s no reason to rush. While claims may be paid as submitted, the norm is to be challenged and receive the carrier’s offer and negotiate. Here’s the typical sequence of events involved in filing an insurance claim:

1. Your company and its support team conduct a preliminary investigation.

2. You file a notice of a potential claim with your insurance company.

3. Establish the facts (liability) and the amount of damages.

4. File a sworn “Proof of Loss” with your insurer.

5. The insurer conducts its own investigation and audit.

6. Your team meets with that of your insurers to reconcile potential issues and differences that may arise with respect to your claim.

7. These elements are negotiated and ultimately settled. While some points of difference between you and your insurer are inevitable, it generally makes the most sense to pick spots carefully for arguing with your insurer. You may not want to stall the overall negotiation and potential settlement by disputing smaller points.

8. Understand potential subrogation, which typically takes place among insurers in situations involving overlapping coverages.

Managing the Internal Investigation: Who Does What?

The risk manager, who oversees the process and communicates directly with the firm’s insurance broker and/or insurance carrier(s).

The in-house counsel, who manages the internal audit, investigation, litigation, law enforcement activities, and controls costs.

The investigator and forensic accountant, who conduct the investigation under external counsel(privilege) umbrella, working with in-house resources, such as internal audit.

Working with Law Enforcement

If there is any potential danger surrounding the circumstances of your loss, call the local police. In this context “police” refers to the appropriate law enforcement agency or the specificities of your loss. While some members of your firm may feel the police should investigate, it is not always in your best interest to call too soon.

Nonetheless, your insurance policy may contain a provision that dictates notifying law enforcement. Pay attention to whether it is simple notice or whether you must file a report and refer the matter. They are very different.

Remember: Once you refer your case, even though you may be the victim with certain rights, the investigators likely will make communication a one-way street. If the matter goes to a grand jury, you will be precluded from learning anything from law enforcement.

A crucial decision is when to call and, more importantly, whom to call. Mistakes in referring your investigation to the wrong agency or prosecutorial office can lead to significant frustration. Understand the complexity and reach of your loss. Consider that any investigation or search or assets may be outside the local jurisdiction. If all is in-state and you have a state police division with strong investigative acumen, they may be perfect. Some county sheriffs have excellent investigators. You need to know.

Often, the complexity and need to reach across state lines or outside the country will dictate that you seek federal assistance. The FBI, IRS, Secret Service,ICE, Marshal Service and the Postal Inspectors have different priorities, skill sets, thresholds and capacity. For example, the U.S. Attorneys’ Offices have different thresholds and priorities throughout the country. Know which agency best ts your loss.

Your forensic accounting and internal investigation will be important to law enforcement; it provides them with quantum of loss, witnesses, statements,evidence and a road map. A symbiotic rapport may develop between the investigators and your forensic team. A solid forensic investigation can also provide law enforcement with leads towards assets which may be vital towards alternative restitution.

Managing Civil Litigations

As a practical matter, investigative firms and risk advisors generally do not advocate law suits. However, there may come a time when those investigating the crime will need bank records and other financial information. Law enforcement will likely get them from search warrants and grand jury subpoenas. You will not be able to share in their good fortune.

The civil subpoena and civil discovery can be valuable tools used to establish the existence and amount of loss, including an examination of vendor business records, employee bank accounts, and shell company documents.

Typically, civil litigation follows the investigation in the form of a subrogation action by the carrier. If litigation is inevitable, getting the process started.

Sworn Proof of Loss

The proof of loss is a series of documents that will include a detailed narrative flow of what happened and who did what to whom. That is followed by a well-documented calculation of the loss. You will need to provide all source documents.

This is a standard insurance policy requirement. Note the time requirements or filing the proof of loss, as well as any possible suit against the insurance carrier. Also consider how much evidence is sufficient: Insurers will go to great lengths to validate and develop the facts.

When a loss occurs, insurance coverage attorney, David P. Bender, shareholder, Anderson Kill, Ventura, California, advises businesses to construct a team “consisting of forensic accountants with experience in these cases; an insurance coverage lawyer and other technical experts as necessary to prove proof of loss.

“Any insured that relies solely on the insurance company or even law enforcement to prove their loss will not get the full benefits due them under their insurance policy,” he warns.

Damages and Quantification of Proof

Keep in mind, proof of damages must be actual calculations and not estimates: Insurers have no incentive to pay “estimates.” You can use a variety of approaches to quantify damages, including historical trends or any statistical anomalies that you might be able to identify. In filing your claim, be prepared to defend any assumptions.

Conclusion

The hospitality industry finds itself constantly in the cross-hairs of employees and others who covet and criminally target the high volume of goods, foodstuff, liquor, valuables, and cash. The industry has incredible internal resources, such as security and audit, to fight fraud and theft. In spite of best practices, those who want to “take” and who have been in position to exploit flaws or openings or soft spots in the best controls will do so and you will sustain losses. Preparation is at least as important as prevention. Those responsible for risk management should recognize the potential of a loss due to employee malfeasance and external forces alike. There should be an exercise to quantify worst-case scenarios as is done typically for physical damage and business interruption losses. Then, spend the time to cultivate relationships within the organization and create a “go to” SWAT team for that moment when fraud is suspected or in fact substantiated. Be well read, provide proper notice, and recover your loss to the fullest extent.