Financial fraud, including check fraud, wire fraud and ACH fraud, is on the rise. If you are a victim of phishing, malware or account takeovers, your business could potentially suffer large financial losses. Cyber-criminals typically target small- and medium-sized businesses because these businesses often have less sophisticated security practices than larger corporations. Most companies are operating in an open-network online environment with the Web integrated into their daily work. In addition, employers and employees are changing how they communicate and are increasingly asked to trust Web networks and participate in social networking sites.

Because of these factors, financial fraud prevention requires a new level of collaboration between banks and their clients. Business owners may want to consider banks that have account monitoring capabilities and more sophisticated fraud monitoring solutions, because without additional protection electronic fraud is a very real risk. While early detection is important to minimizing the size of a loss, these tools are effective only if account holders are diligent in monitoring account activity, so they can immediately report suspicious transactions to their bank and authorities and act upon their recommendations. Electronic payment solutions also can streamline your payments and receivables, reduce costs and help eliminate paper-based fraud. Be sure to review your banking and insurance financial fraud protection solutions during your annual review with your providers.

Banking Solutions for Check and ACH Fraud

  • Smart Safe technologyis an evolving solution for secure cash handling. “Smart safes” allow funds to be electronically credited to the owner/operator’s bank account as soon as cash is deposited into the store’s depository safe. The secure, intelligent safe is equipped with a currency reader that detects denominations and identifies counterfeit or damaged currency.
  • Check positive pay is a banking solution for all accounts that disburse checks that allows users to view potentially fraudulent transactions before they impact their accounts. Items that do not match the check issue file are reported online as exceptions, and exception items are paid or returned upon the user’s direction. An enhanced level of check security with Payee Positive Pay service can be added, which also compares payee information on your checks to those on your check issue file
  • ACH blocks/filters/ACH positive pay solutions block or filter incoming ACH transactions posting to your account.
  • Migrate from check and paper payments to electronic payment products to pay as much as you can electronically. Consider using a commercial credit card program to replace check payments.
  • Move to 100 percent direct deposit for payroll with a combination of traditional ACH direct deposit and a pay card program for non-check employees to totally eliminate pay checks and reduce pay check fraud.
  • Insurance companies can advise on special insurance policies to protect you from financial risk. Make this a “must ask” question at your next insurance review.

Best Practices

  • Carry out all online banking and financial activities from a stand-alone computer. Be sure there are no social networking sites or generic email capability sites being used on this computer and do not allow plug-and-play software or flash drives on this computer.
  • Reduce the number of bank accounts you manage and monitor the activity in each account at least once each day.
  • Utilize multi-factor authentication for sign-ons. Use something you know (password) and something you have (token, one time PINs).
  • Implement dual control and dual administration within your payment applications.

An individual user should never have initiation and release capabilities for the same transaction.

Each application entitlement-related action should be approved by a second administrator.

  • Prohibit shared user names and passwords and avoid using automatic login features that save usernames and passwords.
  • Install and maintain operating system patches and anti-virus, anti-malware and spyware applications, and keep them up-to-date on a regular schedule.
  • Never access online banking via Internet cafes, public libraries, hotel PCs or open Wi-Fi hotspots.
  • Immediately report suspicious transaction activity to your bank and the authorities.
  • Don’t assume employees understand email and Internet risks. Show employees how to recognize threats and convey the consequences of those threats.
  • Schedule regular security policy assessments and training. Don’t solely rely on your company’s email or Intranet to inform employees of email and Internet policies and procedures.
  • Prohibit personal Internet use on company computers.
  • Never turn off security protection on your PC.
  • Keep passwords in a secure place.
  • DO NOT use your personal PC for company business.
  • DO NOT give your business email to an unknown website.
  • Open only identifiable attachments from known sources.
  • Never reveal personal data to unknown people or websites. Banks and legitimate agencies will never ask for your personal data via email.
  • Ensure that employees understand company policies on monitoring employee computer activity, and ensure employees are running virus scans and using anti-virus software updates on a regular basis.
  • Restrict the ability to load/download data, music and personal sites on company computers.
  • Fraud Advisory for Businesses: Corporate Account Take Over Publication

http://www.ic3.gov/media/2010/corporateaccounttakeover.pdf

Source:  Laura Gaythwaite, CTP, Franchise Finance (laura.gaythwaite@baml.com) Bank of America Merrill Lynch, April 2013