If you run a small business or a nonprofit, you’ve poured your heart and soul into making your organization succeed. It may have taken years to start turning a profit, but now you’re in a place where your business is growing, there’s money in the bank, and you can relax and enjoy life a little.
But you might be surprised to learn that if you’re a victim of business fraud, your growing bank account could be cleaned out in just minutes by scammers? From corporate account takeover to compromised email, fraudulent checks, and unauthorized ACH debits, there are several avenues for criminals to try to get their hands on the money in your business bank account.
Check fraud is one of the biggest challenges facing businesses today. In 2018, seventy-four percent of organizations experienced check fraud (2018 AFP Payments Fraud and Control Survey Report J.P. Morgan, April 2018) with no sign of decline, meaning businesses need to be more proactive to help prevent loss before it occurs.
Also, did you know that not all bank accounts are equally protected? Business and commercial bank accounts do not offer the same protections as consumer bank accounts. With a consumer bank account, Federal Reserve Regulation E requires banks to reimburse for certain fraud losses. Because of this, if your personal bank account is hit by fraud, the bank will likely reimburse the stolen funds as long as it’s reported in a timely fashion. However, Regulation E doesn’t apply to business accounts – those are instead covered by the Uniform Commercial Code (UCC).
Under the UCC, business account holders have a much shorter timeline to report fraud, less protection, and greater fraud liability than consumer accounts. As a business owner, you must monitor and frequently review your business banks while understanding the bank’s policies, timelines and reporting requirements for fraud losses before an incident occurs.
Available Fraud Prevention Tools
There are a few fraud prevention services your business banker and treasury management team can set you up with to help mitigate bank account fraud and provide you with peace of mind.
Check Positive Pay is a check verification service designed to help reduce check fraud for your business. You provide your bank information about checks you’ve written; the bank will then compare the information you provided with the physical check that’s trying to clear your account. If the information doesn’t match, the check will be flagged for review before the item is paid.
ACH Positive Pay helps you protect your money by only allowing ACH transactions from businesses you authorize to debit your account. You’ll provide your bank the names of the businesses you authorize to debit your account and the dollar limits for each. If someone who isn’t on the list tries to withdraw funds, they’ll be blocked and the bank will alert you.
Small Business Fraud Protection Tips
Here are some additional fraud protection tips for keeping your business accounts safe:
- Monitor bank accounts regularly. Set up e-mail alerts on your account to be notified when balances hit a certain threshold from your business account. The faster you are made aware of any fraudulent charges, the better your chances are of stopping the hacker.
- Avoid Schemes. An example of this is the vendor scheme. In this scheme, an employee of a business has his/her email hacked. Requests for invoice payments to fraudulent bank accounts are sent from this employee’s email account to multiple vendors identified from this employee’s contact list. The business may not become aware of the fraudulent requests until they’re contacted by their vendors to follow up on the invoice payment status. Before making updates to any vendor emails or bank accounts, speak with the vendor to verify the change. If something seems “off,” don’t be afraid to ask questions before proceeding.
- Maintain security software. You can help protect your system and data by regularly running the latest version of antivirus software. Make sure to update often. These programs will also fix bugs and improve the performance of the operating system. With the rising number of third-party apps being used by businesses, this step becomes more critical.
- Manage access to sensitive data. Only grant access to confidential information (like accounts and passwords) to those in the company who absolutely require it. Providing only necessary accesses minimize the likelihood of intentional or unintentional misuse from within the company.
- Implement software restriction policies or other controls to prevent malware programs from executing from locations they commonly access, like temporary folders that support your internet browsers.
- Have clear policies regarding the use of business computers. Think about your average employee for a moment: Does he or she use a business computer for non-business purposes? Do they know and understand the importance (and your obligation) to protect sensitive business and customer information? Would they know how to recognize a phishing email or bogus website or would they blindly click? The national business identity theft resource website, businessidtheft.org, offers a wealth of free information, resources and tips to help you educate your employees and protect your business from cybercrime.
Business identity thieves and cybercriminals are cunning and determined, but if you take the proper precautions, you can minimize the risk, or even repel a cyber-attack. Your banker or treasury management team can answer any questions you have or help you put a fraud prevention plan in place.