Combating Fraud to Protect Your Business

With fraud taking many different forms, it is more important than ever to make sure you have the processes and training in place to protect your business and your employees. Here are two common scams businesses are facing today…

Check Fraud

Even with fewer checks in circulation, check fraud continues to rise, putting sensitive information at risk of exposure or tampering.

Often, criminals steal checks by going through garbage, breaking into mailboxes or, in some cases, by tricking a company employee. Fraudsters can alter the payment amount and payee name, or “wash” the check to make it completely blank and create counterfeit versions. The banking information lifted from the stolen checks also can be used to initiate ACH transfers or digital payments.

Business Email Compromise

According to the FBI, Business Email Compromise (BEC) is one of the most financially harmful forms of online crime. By impersonating a familiar source inside your organization (such as the CEO) or an external partner (perhaps a vendor), criminals use name recognition and the trust that comes with it to cause significant financial and reputational damage.

For example, an email may come from what appears to be a vendor, sharing a link to a new payment site. In this instance, there is a chance that a fraudster has created a very similar email address in the hope that you will overlook the subtle differences, click the link and upload your payment information.

…and some strategies to fight back!

Processes and Protocols

Be sure that you take time each day to reconcile your accounts. While it may seem cumbersome, it is an important step to quickly detect suspicious activity. A product like FNB’s Positive Pay can automate this process, as it is designed to identify, flag and report unauthorized check-based transactions.

Bolster your defenses by ensuring employees are well trained to recognize potential threats. In the BEC example, a telephone call to a trusted contact or phone number at the vendor would be a great way to confirm if they had changed payment platforms or if the message was attempted fraud.

Similarly, if an employee receives an email from a company executive requesting immediate financial action, it is recommended that you have internal controls and procedures in place to confirm the legitimacy of the email and determine if it is a case of BEC.

Separate Duties

Parsing out duties among multiple employees can help prevent fraud both internally (discovering cases of internal theft or deception) and externally (flagging suspicious activity or changes in payment information). One employee may be responsible for initiating a payment, but a different employee should have review and approval authority. Having multiple layers of authentication also may limit a criminal’s ability to initiate transactions if an employee’s credentials are compromised or stolen.

Additionally, utilizing an ACH debit filter product helps to ensure that only authorized transactions post to your accounts and also can improve efficiency and reporting.

On the receiving side, the employee(s) responsible for handling incoming checks should not have direct access to other parts of the accounting process where illegal activity could then be covered up. You might also consider lockbox solutions where your bank receives payments directly from vendors or customers via a designated post office box and then processes and deposits the checks in your business account(s).

Act Quickly and Maintain Transparency

If you suspect or experience fraud, you need to act quickly. Immediately contact your bank to notify them of the suspicious activity.

Continually educate your employees on the steps to take when fraud is suspected. Provide transparency into the mitigation process and cultivate an open, constructive environment where employees are comfortable taking necessary action, not afraid or embarrassed to admit a mistake.

REMEMBER! Your bank will never call you to ask for personally identifiable information, confirm account information or initiate a transfer.