If you run a small business or a nonprofit, you’ve poured your heart and soul into making it succeed. It may have taken years for you to start turning a profit, but now you’re in a place where your business is growing, there’s money in the bank, and you’re able to relax and enjoy life a little.
But, did you know that if you’re a victim of business fraud, that growing bank account could be cleaned out in minutes by scammers? From corporate account takeover to compromised email, fraudulent checks, and unauthorized ACH debits, there are many avenues for criminals to try to get their hands on the money in your business bank account.
Check fraud is one of the biggest challenges facing businesses today. Seventy-four percent of organizations experienced check fraud last year (2018 AFP Payments Fraud and Control Survey Report J.P. Morgan, April 2018) with no sign of decline. That means businesses need to be more proactive to help prevent loss before it occurs.
Also, did you know that not all bank accounts are equally protected? Business and commercial bank accounts do not offer the same protections as consumer bank accounts. With a consumer bank account, Federal Reserve Regulation E requires banks to provide reimbursement for certain fraud losses. Because of this, if your personal bank account is hit by fraud, it’s likely the bank will reimburse the stolen funds as long as it’s reported in a timely fashion. However, Regulation E doesn’t apply to business accounts – those are instead covered by the Uniform Commercial Code (UCC).
Under the UCC, business account holders have a much shorter timeline in which to report fraud, less protection, and greater fraud liability than consumer accounts. As a business owner, it’s crucial that you monitor and frequently review your business banks, but also make sure you know your bank’s policies, timelines and reporting requirements for fraud losses before an incident occurs.
Tools for Preventing Fraud
There are a few fraud prevention services your business banker and treasury management team can set you up with to help mitigate bank account fraud and provide you with peace of mind.
Positive Pay – Check is a check verification service designed to help reduce check fraud for your business. You provide your bank information about checks you’ve written; the bank will then compare the information you provided with the physical check that’s trying to clear your account. If the information doesn’t match, the check will be flagged for review before the item is paid.
Positive Pay – ACH helps you protect your money by only allowing ACH transactions from businesses you authorize to debit your account. You’ll provide your bank the names of the businesses you authorize to debit your account, as well as the dollar limits for each. If someone who isn’t on the list tries to withdraw funds, they’ll be blocked and the bank will alert you.
General Tips for Preventing Fraud
Here are some additional tips for keeping your business accounts safe:
- Monitor bank accounts regularly. Set up e-mail alerts on your account to be notified when balances hit a certain threshold from your business account. The faster you are made aware of any fraudulent charges, the better your chances are of stopping the hacker.
- Avoid Schemes. An example of this is the vendor scheme. In this scheme, an employee of a business has his/her email hacked. Requests for invoice payments to fraudulent bank accounts are sent from this employee’s email account to multiple vendors identified from this employee’s contact list. The business may not become aware of the fraudulent requests until they’re contacted by their vendors to follow up on the status of their invoice payment. Before making changes to any vendor emails or bank accounts, speak with the vendor to verify the change. If something seems “off,” don’t be afraid to question it.
- Maintain security software. You can help protect your system and data by regularly running the latest version of antivirus software. Make sure to update often. These programs will also fix bugs and improve performance of the operating system, and with the rising number of third-party apps being used by businesses, this step becomes more critical.
- Manage access to sensitive data. Only grant access to confidential information (like accounts and passwords) to those in the company who absolutely require it. This minimizes the likelihood of intentional or unintentional misuse from within the company.
- Implement software restriction policies or other controls to prevent malware programs from executing from locations they commonly access, like temporary folders that support your internet browsers.
- Have clear policies regarding use of business computers. Think about your average employee for a moment: Does he or she use a business computer for non-business purposes? Do they know and understand the importance (and your obligation) to protect sensitive business and customer information? Would they know how to recognize a phishing email or bogus website or would they blindly click? The national business identity theft resource website businessidtheft.org offers a wealth of free information, resources and tips to help you educate your employees and protect your business from cybercrime.
Business identity thieves and cyber criminals are cunning and determined, but if you take the proper precautions you can minimize the risk, or even repel a cyber-attack. Your banker or treasury management team can answer any questions you have or help you put a fraud prevention plan in place.