Cribmed Limited (The Company) and ‘the Crib Med online marketplace platform’ (The Platform), takes a zero-tolerance approach to fraud, bribery, and corruption and will uphold all applicable laws relevant to countering and investigating such activities. The company believes the cornerstone in preventing fraud is the creation of an environment that fosters morality, integrity and business conduct.
- FRAUD DEFINITION
Fraud can be defined as: “Any illegal acts characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the application or threat of violence or of physical force. Fraud is perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.”
Fraud may involve:
- falsification or alteration of accounting records,
- misleading instructions for the collection and submission of Know Your Client (KYC) information,
- misappropriation of assets or theft,
- suppression or omission of the effects of transactions from records or recording of transactions without substance,
- intentional misapplication of accounting policies or wilful misrepresentation of transactions or of the entity’s state of affairs,
- misappropriation of corporate or bank funds
- misleading property assessment and representation
Fraud may also involve manipulation of information system applications and data for personal advantage.
- PURPOSE & SCOPE
The purpose of this document is to;
- understand The Platform system flow,
- outline the risks for fraud,
- name actions to prevent and limit these risks.
USE OF PLATFORM
The Platform aids two types of users to meet and exchange in a business deal, Tenants and Landlords. Tenants can find, book and confirm a monthly rental property and Landlords can find a monthly Tenant for their property rental. At the time of booking the Tenant must pay a Down-Payment (1st month Rent + Crib Med Service Fee) to secure the property. This Down-Payment is held in escrow until 48 hours post check-in when the funds are then transferred to the Landlord and Crib Med Limited respectively. Future rent payments are made directly between the Tenant and Landlord via their own independent means of funds transfer.
RISKS OF FRAUD
- Fake Listings
A listing is created with fake images and in effect does not exist. The fraudster hopes to scam a potential Tenant and gain funds by renting a non existent property.
A Crib Med representative verifies the property and meets the Landlord of each and every listing before it goes live.
Payout payments are not transferred to Landlords until 48 hours after check-in as a double security measure.
- Fake Buyer and Seller Closed Loop Account Fraud
A fraudster creates multiple fake buyer and seller accounts created. The fake buyers pay the fake seller for nonexistent items or services using stolen credit cards.
The Platform uses www.mangopay.com to process payments and verify both types of users before payments or payouts. Any payments made over €50 triggers the 3DS authentification protocol which highly reduces the number of disputed payment due to unauthorized transactions.
Payouts are delayed for at least 48 hours from the time of payment allowing time for fraud detection.
- User Account Hijacked
Unauthorised person takes over another User’s account to gain access to confidential User information.
Hosting security, Recaptcha, Anti-Spam software and user sign in notifications help minimise the risk of unauthorised access to The Platform.
The Platform does not store payment details such as credit card details, bank details, photo ID copies on The Platform’s hosting server. This information is collected via the payment provider’s api.
The management personnel of the Company constitute the front line of monitoring and preventing fraud. Managers are responsible to monitor business activities of staff and be aware of and alert to potential signs of fraud.
EMPLOYEES, CONSULTANTS OR CONTRACTORS (STAFF)
Staff are responsible to act at all times with the highest degree of honesty, integrity, accountability, and propriety. Staff should conduct their duties in a manner the does not jeopardize, to the contrary, safeguards the Company’s resources and assets.
As a platform, using software technologies and our technical support team we aim to do our due diligence in preventing fraud by;
- maintaining a secure platform,
- supervising the behaviour of our clients on our platform,
- analysing the refusal codes: a short message is associated with refusal codes to provide more details of the reason for the refusal,
- creating alerts and/or trigger the 3DS according to your activity and users’ regular behaviours, for example: if a first-time user is paying more than the average payment basket,
- Per default, only allow pay-outs after 48 hours,
- from 8PM to 8AM and weekends, try not to process or validate any pay-outs for clients who are not KYC approved and who request an amount exceeding a limit defined by you,
- accepting the standard 3DS Secure trigger which will ensure ALL 100% of our clients will be redirected to the issuing bank’s dedicated page to complete an extra security step.
- Notifying firstname.lastname@example.org upon detection of unusual behaviour or transactions.
Anyone with information regarding fraud or other corrupt practices against the company or involving the company staff, is strongly encouraged to report this information by emailing any complaints to email@example.com and will not be retaliated against for submitting such claim in good faith.
Depending on the nature, magnitude and the complexity of the fraud, investigations will be carried out by either the company’s counsel or by an external firm with specific expertise to deal with the particular allegation. Investigations will be conducted without regard to any person’s relationship to the organization, position or length of service. The investigating party will have full access to any files, information or witnesses to conduct the investigation and will keep records of all actions in the investigation, to ensure success in any future criminal, civil or disciplinary action. The investigating party will issue a report detailing the finding and conclusion of the investigation, including recommendations for future action. The company will inform other parties, including affected staff or external partners. In cases of substantiated fraud, CI will pursue disciplinary or criminal sanctions where appropriate and possible and will attempt to recover losses by any lawful means.