Account Fraud and How to Protect Your Business

How often does account fraud really happen?

Fraud can happen anywhere with any business; however, small businesses, can be especially vulnerable. This is because they usually lack the resources to implement internal controls, IT security, or properly segregate duties amongst limited staff. Historically, periods of economic misfortune or uncertainty drive higher rates of fraud as people may become desperate for money or have more opportunities take advantage of distracted employees. The banking industry has seen a rise in “phishing” schemes, which are often e-mails sent to solicit account information or online banking login credentials. They are cunning and camouflage in your inbox. Phishing schemes are very popular because they are so easy and inexpensive to deploy. Thieves can also “phish” for information in a multitude of other ways including impersonation phone calls or simple in-person casual conversation. However, “phishing” is only one example of fraud attempted on all businesses. There are other schemes to be aware of including: wire transfer schemes, check tampering, payroll or expense reimbursement schemes, and third-party hacking attempts.

 

Ok, I’m vulnerable. Now what? How can I protect my business?

There are avenues that open your business up to fraud: internal and external. We will look at each avenue individually:

Mitigating Internal Fraud
When a small business owner does not have the proper tools or training to prevent fraud from occurring within their business, internal corruption becomes the most common internal fraud scenario. Entrusting a single employee with all aspects of bookkeeping (i.e. accounts payable, accounts receivable, payroll, bank reconciliations, check signing, etc.) exposes the business to higher fraud risk. Unfortunately, individuals under extreme financial pressure are more likely to resort to desperate measures, even if they are long-time trusted employees or even family members who are involved in the business.

One easy way to protect your business from internal fraud is by implementing dual control on any ACH payment, wire transfer, bill payment, or external account transfer. Dual control means you need two employees for a transaction to occur. One person to initiate and one to send or approve. This will ensure that at least one other person is looking at the transaction before your business’ money leaves the bank account. Aside from an annual audit, it is recommended that you also monitor any company credit card usage and expense reimbursement on a more frequent basis to help notice any inconsistencies. Establishing individual access to business online banking and payroll functionalities also makes the segregation of duties and tracking of any transactions safer and easier (for example, don’t share passwords and login information!).

Mitigating External Fraud
In the age of e-mail driven workloads, it is very important to be diligent when responding to e-mail requests that include links from unfamiliar senders or actions/requests that are out-of-character from familiar sources. Remember our “phishing” scam listed earlier? Phishing attempts often replicate e-mail accounts of the CEO/President/etc. with an urgent tone in the hopes that the recipient will not notice an error in the spelling of the name or e-mail address. Hackers are also experts at cracking computer systems. The use of a robust firewall can help protect your company data, while antivirus software can help detect breaches early on. Consider backing up company files on regular basis, and store them offsite. If something were to happen to your system, you’ll be able to restore the files you need without much downtime. The use of an accountant or lawyer may also be helpful when setting up these protocols, but that will vary by business.

Something every person and business can do easily is monitor your account on a daily basis. This should be your first and most vital task. Monitoring account activity will alert you early to any potential fraudulent payments that were made from your bank accounts. Usually, in fraud attempts you will see a smaller transaction amount (think $4.25 to XYZ Industries) as the scammer tests to see if the account will allow an ACH debit to be pulled. Once they have confirmation of a completed payment, another much larger transaction will be processed ($3,500.00 to XYZ Industries). You may also see multiple transactions within a short time frame to keep the transaction amounts lower and less noticeable.

 

I have some safety measures in place, how can the bank help me further with Positive Pay?

Two of Standard Bank’s most popular services are Check Positive Pay and ACH Positive Pay, which reduce the risk of fraudulent account activity by identifying unauthorized transactions BEFORE they occur. These services allow the business to provide a list of acceptable or planned transactions to confirm before those transactions are actually paid. If the pending transaction is not on the list, it does not go through and communication between Standard Bank and the client occurs. Business owners may have the ability to approve the transaction from their mobile app or find out more details directly from a Standard Bank specialist.

 

So Positive Pay is easy and effective, but is it affordable for all businesses?

Absolutely! Positive Pay is a secure, practical, and cost effective solution for fraud prevention. The added layer of security on your hard-earned funds also allows for some peace of mind. The cost does vary by each business’ needs, but the cost can be as low as $30 a month. Although using Positive Pay requires a few extra steps, the advantages for your business are well worth the effort. By significantly reducing the potential for check or payments fraud, Positive Pay can save you time, effort, and real dollars. Learn more about how Standard Bank can help you protect your business finances or call our Treasury Management department directly at (412)  632-1347 to see how Positive Pay can benefit YOUR business!