A growing risk
The number of payment fraud incidents—ranging from email scams to the hacking of accounts payable departments and employee embezzlement—continues to grow at an alarming rate. The cost to US businesses and their customers totals billions of dollars annually.
Here are some best practices for protecting your business.
Computer systems and online transactions
- Install a dedicated, actively managed firewall
- Use and regularly update antivirus and spyware-detection software and security patches on all computer systems
- Conduct online banking activities from a stand-alone, hardened and locked-down computer system
- Limit administrative computer rights
- Access only trusted business websites during online banking to avoid accidentally downloading malware or viruses
- Avoid all social media channels from company computers
- Establish procedures to identify and isolate network computers infected with malware, and make certain infected computers are fully remediated before using them again for online transactions
- Require two or more users to create, review and release payments, and set account limits
- Set individual payment limits appropriate for the user, and use a maximum dollar amount per transaction for initiating and approving wires and other funds transfers
- Review Automated Clearing House (ACH) and wire transfer procedures regularly to ensure user entitlements support appropriate needs
- Use ACH Positive Pay, a cash management service that allows a user to review ACH exceptions and make decisions to pay or return items
- Consider receiving ACH payments through a masked virtual UPIC bank account number and consider paying employees by reloadable debit cards
- Implement the segregation of accounts, reconcile accounts daily and sign up for payment alerts
Business Email Compromise, or BEC, is a popular vehicle for fraud. It's important to authenticate all suspicious email requests from superiors, agencies, vendors and colleagues through another communication channel. Curb faxing or emailing wire instructions to anyone.
Restrict access to personal email accounts, and match requests with known invoices. Ask: "Do I know the sender? Am I expecting a message from this company? Did I initiate action that would result in a response from the organization? What kind of change is the email suggesting?"
Check fraud is both the oldest and most widespread form of financing fraud. Checks may be stolen, copied or altered. Here are some protective actions:
- Reconcile accounts daily
- Segregate internal audit from controller duties
- Consider switching to electronic payment only
- Verify with other institutions the legitimacy of checks
- Safeguard check stock and use security features
- Consider outsourcing check processing to a secured vendor
- Use Payee Positive Pay or Positive Pay to compare presented checks against issued checks, with immediate alerts for exceptions
Educate your staff
It's critical to educate everyone in your organization to the signs of fraud. They must understand the purpose of security protocols, how to identify suspicious situations and what to do when anomalies arise.