The OIG used data analytics to identify offices with a surge of potentially fraudulent Voyager credit card activity. We identified seven potentially fraudulent transactions totaling $1,229, made in Florida with a Voyager card assigned to the Loch Raven Branch, in July 2017. Loch Raven is located in the Baltimore District of the Capital Metro Area.
U.S. Bank manages the Voyager Fleet Systems credit card program for the U.S. Postal Service, and actively monitors transactions to identify potentially fraudulent use of credit cards.
The OIG’s Office of Investigations (OI) is included on notices from U.S. Bank to the Postal Service when fraud is suspected and when U.S. Bank has accepted a fraud dispute claim filed by the Postal Service. As a result of the volume of notifications related to Voyager cards assigned to the Baltimore District, OI contacted U.S. Bank and confirmed there was a surge in fraudulent Voyager credit card activity in the area. OI suspected that data copied from Voyager cards issued to the Baltimore District had been duplicated, with the counterfeit copies used for purchases in Florida.
Every Postal Service-owned vehicle is assigned a Voyager card. The card is used to pay for fuel, oil, and routine vehicle maintenance. As U.S. Bank detects potential fraudulent activity, alert notifications are sent to Vehicle Maintenance Facility (VMF) managers. Each month, site managers are responsible for reconciling the Voyager card transactions identified as high-risk, such as purchases that exceed the fuel purchase limit.
The objective of this audit was to determine whether internal controls were in place and effective over the reconciliation of Voyager card transactions for detecting and disputing potentially fraudulent activity at the Loch Raven Branch.
What the OIG Found
The site manager performed regular reconciliations of the high-risk Voyager card transactions and disputed the seven potentially fraudulent transactions we identified for the period reviewed. Despite the ongoing reconciliations, controls over the Voyager card dispute process could be improved.
- The site manager did not obtain a copy of dispute documentation submitted by the VMF manager or forward fraud alert notifications provided by the U.S. Bank.
- Neither the site manager nor VMF manager notified the OIG of suspicious Voyager card activity.
- Voyager card receipts were kept on file for only one year.
This occurred because the site manager did not complete the required online Voyager certification training and, thus, was unaware of these specific responsibilities.
During the audit, we also noted that the Postal Service’s written guidance was not consistent regarding the timeframe when Voyager card disputes must be filed with the U.S. Bank. One section of the policy states the site manager has 60 days from the transaction posting date to file the dispute. Another section of the policy indicates the dispute must be filed within 30 days of when the charge first appears. Management was not aware of the inconsistencies.
Management oversight is needed to ensure site managers complete required training and comply with document retention policy to support disputes, future verifications, and research of fraudulent activity. In addition, without clear and consistent guidance, potentially fraudulent activity may not be disputed, timely.
What the OIG Recommended
We recommended district management instruct the branch manager to provide the site manager Voyager card training.
In addition, we recommended district management require VMF management forward U.S. Bank notices of suspicious activity correspondence to responsible site managers.
We also recommended headquarter’s management revise the procedures to provide clear and concise guidance to site managers for timely reporting of fraudulent Voyager activity.