Many businesses are finding new ways to operate during the pandemic. As expected, fraud is on the rise and additional measures are being taken to protect the payments process.
Maintaining payments processes while employees are working from home might be difficult and potentially exposing your businesses to fraud.
According to the Association of Financial Professionals (AFP), 81% of companies report they were targets of payments fraud. Fraud comes in many forms, with the most common types being internal, external and online.
Internal fraud generally occurs when an employee commits fraud by using his or her role for personal gain, whereas external fraud typically involves a vendor colluding with someone inside the business. Lastly, online fraud is where hackers compromise business email addresses, computers and more with information they obtain via an internet search.
You can’t prevent fraud attempts, but you can reduce the risk. In this case “an ounce of prevention is worth a pound of cure,” because dealing with fraud after the fact often is fruitless. Even if the perpetrator is caught, you might never get your money back.
Smaller businesses might not be able to afford sophisticated fraud-detection systems, but the good news is that basic anti-fraud controls can significantly reduce their vulnerability.
Starting with educating and training employees to identify fraudulent activities, here are some other important ways you can protect your business, from our vantage point as bankers:
Protecting against internal fraud
• Enforce “dual controls” for all payment methods and segregate employee duties.
• Set payment limits by account and/or employee based on payment history.
• Never store sensitive information on portable devices.
• Be sure that corporate controllers aren’t compensated based on the financial results of the business.
• Establish a point of contact with the vendor, and if suspicious issues arise, only contact this individual by phone with the established phone number on file.
• Do not provide information to an incoming caller that is inconsistent with the relationship.
• Reconcile accounts daily to identify suspicious payments, leading to a better process of stopping or recovering fraudulent payments.
• Complete background check on new hires.
Protecting against check fraud
• Move to electronic methods, such as EAP (Electronic Accounts Payable), credit card or ACH, when possible for vendor payments.
• Use Check Positive Pay (an electronic system for comparing cleared items with a file of known issues).
• Work with your bank or vendor for fraud mitigation.
• Establish separation of duties between check creation and reconciliation.
• Use secure check writing software and signature stamps and limit access.
• Purchase check stock from known vendors that include built-in security features.
• Store checks, deposit slips and statements securely.
• Establish a policy for employee check orders and reorders.
• Monitor changes to payment workflow.
• Reconcile accounts daily using online banking.
Protecting against electronic payments fraud
• Be aware of latest scams: Fake vendor invoices, wire transfer requests and business email compromise (BEC) — now the most common type of payments fraud.
• Require two computers and users/passwords to send money out of your account.
• Block plugins and pop-ups on computers used for banking.
• Use ACH Positive Pay to identify suspicious transactions.
• Keep your computer up to date with anti-virus and anti-spyware software.
• Confirm all bank change notifications from vendors and employees verbally — be sure to call your vendor or employee back on a known phone number. We are seeing an uptick in payroll-related fraud.
• Change employee passwords frequently.
• And — same as in preventing check fraud — reconcile your accounts daily online.
More generally, establish robust policies and procedures that govern your entire payments process — including prompt reporting of any suspicious transactions. It’s important to identify suspicious activity quickly; many bank account agreements include time limits on fraud reporting.
To help keep your business safe, work with your financial institution’s treasury management department to ensure appropriate fraud-prevention methods are in place.
Also, work with your bankers and insurance providers to explore whether a cyber insurance policy, which protects against electronic fraud damages, is a fit for your business. While these policies represent an additional cost, we have seen their value in recouping losses after fraud.
Ask an experienced banker about his or her exposure to fraud cases during the past year, especially during this turbulent time. What you hear might scare you — and that’s a good thing. By understanding the all-too-real risks to your business, you can help prevent losses for your business. At a time when scammers are taking advantage of unprecedented weaknesses, just a few precautions can make all the difference.