The Charity Commission has warned charities about the risks of “mandate fraud” - when fraudsters impersonate a genuine supplier to gain money.
Typically, the fraudster emails or calls a charity impersonating a supplier that regularly used by the charity. The fraudster asks the charity to change the bank sort code and account for payments, diverting payments to an account they control. It could also include changing of bank details in a direct debit, manipulation of credit card activity, or changing of an employee’s bank account details for their salary. Liability for any financial loss normally falls to the charity.
The Charity Commission’s December 2015 (pdf) newsletter advises charities to contact the Fraud and Linked Crime Online (FALCON) team at the Metropolitan Police for advice on how to combat this type of fraud.
The FALCON advisory page on mandate fraud says changing bank accounts is an unusual occurrence and any request to update records should be treated with suspicion. Any requests to change payment details should require authorisation at a senior level.
The FALCON unit also offers advice on i.t. security, social networking and other types of fraud. Fraud prevention officers will provide charities with guidance on fraud reduction strategies.