City Employee Stole More than $180,000

I have this rough theory that the first chance most organizations get to catch fraud is when the loss is in the $10-20k range. If they miss that the next chance is roughly $100-200k. After that, it’s about $1 million. Beyond a million, the sky is the limit.

Today we’ve got a garden variety fraud and after a couple of big company frauds, it’s fun to go back to the basics.

Allison Donaldson worked in the Public Works Department for the City of Covington, KY for 17 years as an administrative manager. As part of her job, she had a city-issued credit card for government-related expenses. Also as part of her job, Donaldson would log credit card purchases made by other employees and upload receipts and invoices into the city’s accounting system.

From 2020-2022 Donaldson used her city-issued credit card to buy personal luxury items like a Louis Vuitton agenda, a Channel tote, and repairs to her Mercedes. She also paid for furniture, a master bedroom remodel, and a garage remodel using her city-issued card.

Donaldson’s scheme was pretty basic. She would fabricate invoices and receipts, including approvals, and upload those into the accounting system. At some point, she got creative. Remember that Donaldson had access to everyone else’s credit card numbers. She was in charge of logging credit card expenses, so she had access to all the statements.

In a twist on her scheme, Donaldson used co-worker cards to purchase personal items. For example, she used a co-worker’s city-issued card to purchase 4 barstools totaling $4,600. I don’t know about you, but north of $1,000 for a single barstool feels expensive. She disguised this purchase as pool filtration equipment for the city pool.

Donaldson pled guilty to wire fraud and identity theft. Frustratingly, none of the articles indicate how the fraud was found. Using a P-Card or card controls to limit purchases to certain types of stores can help. Segregating card management from card users is critical. The number of credit card fraud cases where the perpetrator has access to both a card and management of the card payment process is extensive. Don’t let this happen. Card management applications can apply additional controls here, but if the person reviewing charges is the one committing fraud, software can only do so much.

%d bloggers like this: