Credit and debit cards belonging to businesses or non-profit organizations are inherently vulnerable to fraudsters and embezzlers. Several recent cases highlight the importance of safeguarding them and ensuring proper oversight. In addition to the examples below, the following will also touch on how to properly reconcile and review debit or credit cards to ensure schemes such as these are prevented or detected before it is too late.

Stealing from the Poor

In July 2016, Floyd Middleton of Washington, D.C. pleaded guilty to one count of transportation of stolen property across state lines. Middleton was an administrative employee of a large religious charity and was responsible for purchasing items and other program-related tasks for the group. While he did not have a corporate credit card in his possession, he was authorized to use another employee’s corporate card to accomplish his work.

Middleton, according to his LinkedIn account, was the Office Manager for Catholic Charities of the Archdiocese of Washington. His fraud scheme included two distinct prongs. First, his landlord was a rental management company based in Virginia (hence the “interstate transportation”). In December 2008, the rental company received a one-time charitable assistance payment from Catholic Charities. Middleton, knowing the group’s computer and accounting system, then noted the rental company as a reoccurring vendor. He drafted and submitted false invoices that enabled him to induce Catholic Charities to pay his rent. Transpiring from 2009 to 2014, this fraud cost the religious group over $60,000. But his second plot was even more costly.

Middleton’s credit card scheme began in June 2009 and continued through March 2011. He purchased legitimate items on the cards which were paid directly by the financial office of Catholic Charities. However, he then submitted false reimbursement claims by retaining the receipts from the purchases and submitting them back to the charity as if he purchased them with his own funds. He received checks totaling just over $84,000 during this scheme.

Union Blues: ATM Puts them in the Red

William Davis was the president of the 300-member local Union that represented employees at the Department of Veterans Affairs medical center in Montrose, New York. He was indicted in October 2015, by a Federal Grand Jury in New York for one count of wire fraud and two counts of making false statements on official forms. In April 2016, the 56-year-old pleaded guilty and on July 20, 2016, he was sentenced to 15 months in prison. The scheme involved Davis’ misuse of a Union debit card and usage of the Union funds for his own benefit.

The card had initially been issued to an officer of the Union who eventually died; however, neither the Union nor the bank ever changed the card name or had it re-issued in Davis’ name. Davis was able to use the card to make purchases and ATM withdrawals for personal gain without the Union’s approval.

The debit card was used for purchasing high-end electronics, online retail items, clothing, gas, and cigarettes. Davis purchased money orders valued at $30,000 that he used to pay his rent. In addition, because of his unchecked spending and unauthorized cash withdrawals (over 900 separate transactions), Davis spiraled the Union’s bank account down to zero. He even incurred thousands of dollars in non-network ATM fees and insufficient funds fees. To conceal his theft, Davis then submitted false reports to the U.S. Department of Labor. This fraud totaled $120,000.

How to Protect Small Businesses & Non-Profits from Fraud

Small businesses and non-profit organizations often do not have proper financial record-keeping efforts in place and simply utilize a checkbook, ATM or debit card, or a bank account. They do not have the staff, volume of business, or sophisticated accounting software or audited financial statements. Debit and credit cards are tremendously easy to use but unfortunately are very open to misuse and abuse without proper supervision.

In many cases, such as the examples above, a simple and cost-effective control may have prevented or at least minimized the fraud losses: the reconciliation. Sometimes called account statement reconciliation or bank statement reconciliation, the process includes nothing more than reviewing the raw statements of every credit or debit/ATM transaction.

A manager or other official (board member or treasurer) should do a cursory review of each monthly statement. Some things that may stand out could include:

  • The date of the transaction – Did it occur while they were on vacation?
  • The time of the transaction – Did it occur at an odd time, i.e. 11 p.m.?
  • The size of the withdrawal or purchase
  • The location of the ATM – Did the transaction take place near a mall or casino?
  • The retailer or location of purchase – Did the items include electronics or luxury items?
  • Correlating the activity to a known event or business activity

If any suspicious or questionable charges appear, the official can inquire with the individual responsible and if they are not satisfied, they should go directly to the bank to obtain the official information.

Another avenue to prevent debit card misuse is to ask the bank to assist in monitoring the account. When the banks notice transactions that are large or unusual, they can alert the appropriate parties. By having the bank detect anomalous transaction or patterns, they are more likely to be able to effectively recover some of the funds through normal banking channels. Some larger financial institutions may not be able to identify these transactions because of their focus on other compliance issues, but working with a local branch manager could be helpful.

An additional precaution could also include having any card holders or card users sign a specific statement of expectations regarding the authorized use of the card. The letter could be specific as to what constitutes legitimate transactions and should inform the user that misuse of the card will result in the reporting and pressing criminal charges to the proper authorities. This statement should be signed every year.

Finally, it is best to know where the bank account is and identify two types of persons: 1) individuals with signatory control over the account and 2) individuals with access to review and verify the account information, but not able to make withdrawals.


Credit and debit cards represent an easy way to obtain cash or property. They are property of the organization and must be used in a manner consistent with the business activity and mission of the small business or non-profit group. Because credit and debit cards represent a significant risk, managers and leaders should be careful about how many cards are issued, to whom they are issued to, the expectations of use, and continuous monitoring and oversight to identify and detect potential problems before they become catastrophic.

Forensics, Law, & Criminal Justice