How to Protect Your Business Bank Account from Fraud
How to Protect Your Business Bank Account from Fraud
From corporate account takeover, to compromised email, fraudulent checks, and unauthorized ACH debits, there are ample gateways for a fraudster to try to get their hands on the money in your business bank account. Following these best practices will help you mitigate the risk of fraud on your business bank account.
Steps

Protecting Your Account from Corporate Account Takeover

Keep access to your online business banking accounts limited to those who absolutely need the access. It can be tempting to provide online access to your accounts to the multitude of people who assist with your company’s finances, such as accountants, payroll staff, and other financial professionals in your organization. Keep in mind that the more access you grant to your accounts, the more likely that your account information is going to fall into the wrong hands. While ensuring you don’t over-grant access to your accounts is essential, it’s also important to make sure that more than one person regularly monitors your accounts. Daily monitoring of your accounts by at least 2 individuals will help avoid cases of embezzlement or other shady activity you may not otherwise find out about until your account has been drained.

Maintain secure workstations that are devoted for online banking activity only. This is especially crucial if your company utilizes treasury management-related services, such as the ability to initiate wire transfers and/or submit ACH files to your bank for processing. By restricting all internet usage to online banking only, you can greatly reduce the risk of your computer being infected with malware or viruses that can infiltrate your computer and steal your account login information through key-logging or other malicious means.

Keep your computer operating system and virus protection up to date. Hackers are quick to find vulnerabilities with operating systems, so making sure you always have the latest version of these systems and virus protection will help reduce the possibility that fraudsters will be able to compromise your computer.

Be very leery of requests received by email to send wire or ACH transfers, even if you trust the email address that sent you the request. Businesses around the world lose hundreds of millions of dollars every year from these types of email requests, and you as the business will often assume the fraud loss related to sending out fraudulent wire transfers or ACH credits, not your bank. Utilize out of band authentication to verify the legitimacy of all requests you receive to send funds. Out of band authentication is simply verifying through another means than how you received the request with the submitter of the request. Examples of out of band authentication could include following up with a phone call, text message, instant message, fax, or any other type of secure verification available to your organization. Although it may seem like overkill, the first time you avoid sending a fraudulent wire transfer for tens of thousands of dollars, you’ll be reminded of the worth of taking these extra security steps.

Protecting Your Account from Fraudulent Funds Transfers

Utilize dual verification/approval for all funds transfer requests, including wire transfer requests and ACH transfers. Dual verification is offered by nearly all banks and restricts users of your online banking accounts from submitting funds transfers on their own without obtaining an approval from another user with sufficient authority to approve the request. Even if you’re not concerned with an employee going rogue, requiring dual verification can catch instances of an employee’s online login credentials being compromised by fraudsters.

Request tokenized access to your account, if available. Tokenized access is generally given to business customers who utilize more advanced treasury management services, such as wire and ACH transfers, and it requires that a token (similar to a USB flash drive) be entered each time that you log into your account. The token will provide a new one-time passcode for each login.

Request out of band authentication from your bank for submitted wire transfers and ACH file submissions. If your bank offers this service, they will not release any wire transfer or ACH file submissions they receive from you until you’ve confirmed through another means that the transfers are okay to be sent. Out of band authentication is commonly performed by means of a call-back, call-in, fax, or secure message submission in which you verify the dollar amount of the transfer, number of items in the file (for ACH files), and other applicable information.

Protecting Your Account from Fraudulent Checks and ACH Debits

Utilize Positive Pay. Nearly all banks offer a service called Positive Pay, which is one of the best means of defense against fraudulent debits posting to your account. There are many different variations of Positive Pay, but the service essentially allows an authorized user at your business to review the checks, ACH debits, and other transactions posting to your account to verify they are indeed authorized. If there are unauthorized debits, they can be marked to return and your bank will be able to return the fraudulent debit back to the sender. All business-to-business ACH debits have very limited turnaround times to file fraud claims against, and if you are only reviewing your business account bank statements monthly, you are potentially going to find yourself liable for up to a month worth of fraudulent transactions. You must report fraudulent business-to-business ACH transactions to your bank no later than the business day after they are presented for payment to avoid liability in most cases. Check with your bank or review your account terms and conditions to verify any additional stipulations or requirements for reporting fraud.

Avoid writing checks, if possible. Each time a check is written off your business account, you are handing over access to your business name, address, bank name, bank routing number, and business bank account number - all the tools needed for fraudsters to send unauthorized debits to your account or create fraudulent checks. If your business must issue checks, make sure you utilize additional fraud prevention tools like Positive Pay to monitor your account on a daily basis.

Utilize ACH origination for payroll and other receivables and payables. ACH origination for payroll and other payables will help keep your account number and account information secure and also reduce float time. Check with your bank’s Treasury Management or Cash Management teams to find more information on how your business can best utilize ACH origination.

What's your reaction?

Comments

https://rawisda.com/assets/images/user-avatar-s.jpg

0 comment

Write the first comment for this!