The employee was Volodymyr Kvashuk, 26-year-old Ukrainian, who worked as an engineer for the giant. His daily job was to test Microsoft products, placing mock online orders to make sure the system was running as designed.
Kvashuk, ofcourse, could not receive any fake orders he placed for testing purposes. But there was a flaw: He was able to place a real order for a virtual gift card, then that gift card would be sent to his test account. The gift card then would be used to buy Microsoft products as real money.
Kvashuk really purchased many things. He used his sotre credit to buy software subscriptions and other items, such as harware, from Microsoft. But this was not enough for the Ukrainian man. He began to figure out how to cash out his store credit into Bitcoin, which Microsoft’s online store accepts, then convert Bitcoin into real cash using online exchange service Coinbase. It was simple enough.
Kvashuk was happy with the dirty money he earned and used them to buy property, then a Tesla car.
So how was his scheme blown up? According to court documents, it appeared that Kvashuk used the credentials of fellow employees that he could access from a shared worksheet to move money out anf around to his own account. All of these was to try to cover his illegal acts.
Then his Tesla car and waterfront property attracted great attention. Many people around him noticed that with the salary of a typical engineer, he could not afford that. Then an investigation. In the end, Kvashuk was sentenced up to 9 years and ordered to make restitution.
Many may question that, how this could happen to one of the most biggest technology companies in the world, which employs thousands of the best and brightest and clearly able to implement tools necessary to avoid being embezzled. Not mentioning that there are for certain a few internal auditors at Microsoft. That’s a good question.
So, even a tech giant like Microsoft can be embezzled out $10M that easily by a guy working out of a cubicle in Washington state, what about your business?
Now, after you read this, may be it is the time to review you company’s internal controls. Maybe it is the time to check key duties over your money – receiving, paying and recording. And importantly, do not put your focus on one person only.
You should read closely your financials and ledgers monthly and keep a lookout for any anomalies. Also you should consider to have an outsider do your bank reconciliation, and believe in yourself if you see an employee, especially ones in finance or IT, living beyond their means, like Kvashuk.
And one more recommendation for you: You should apply a rule that acquires employees to take vacations twice a year and get other people to cover their job. Do not take the answer “No” and do not be fooled by the “hard working” employee who never take a day off. Sometimes, a theft is discover by someone who is taking somone else’s job.
And what about Micosoft after the incident? Well, they will just be fine. $10M is a big sum to most of us, but just a petty cash to the giant.