By: Penny Foust, First Vice President, Signature Bank
If your business has not yet been a victim of fraud, there is a high probability it will. According to the 2023 AFP Payments Fraud and Control Survey Report, 65% of organizations experienced payment fraud attacks/attempts in 2022. This holds true for all companies regardless of size or type, from large corporations with deep pockets to the smallest, least-prepared nonprofits.
Companies that have not experienced fraud often think it won’t happen to them; unfortunately, it is no longer “if” but “when.” It can be daunting to consider the fallout, and overwhelming to think about establishing fraud preventative measures, but creating a business fraud prevention plan is necessary to reduce risk.
Business owners may assume they have the same fraud protection afforded to consumers by the Federal Reserve Board, allowing 60 days to report unauthorized electronic payments. The truth is, Regulation E, which implements the Electronic Fund Transfer Act (EFTA), is only a consumer protection law that does not provide businesses with the same safety net. Businesses need to notify their banks immediately to dispute unauthorized transactions, as after 24 hours the liability shifts from the bank to the business.
Now more than ever, it is imperative companies proactively work with their financial institutions to combat savvy, ever-evolving fraudsters. When companies sign bank documents, there are agreements to follow certain security protocols and bank disclosures that outline best practices for fraud protection. Dual control, which creates two layers of approvals for transactions by two users on two different devices, is a prime example. Businesses must accept and implement banks’ security offerings and not waive the right or ability to establish crucial checks and balances. If a company waives these options, the liability falls on them, emphasizing the need to have a plan in place to minimize losses when fraud occurs.
The following are tips to minimize risks associated with commercial fraud:
Keep Checks Out of the Mail and Implement Positive Pay
Checks are one of the most vulnerable payment methods businesses still use today. In fact, the 2023 AFP Payments Fraud and Control Survey Report revealed that 63% of companies surveyed say their organization experienced fraud through check use. Check fraud often begins with paper checks being stolen from the mail, like from a postal service mailbox or mail containing checks left out for postal worker pickup.
One way to minimize check fraud is to go digital. Fraud-conscious companies can keep paper checks out of the mail by automating payments through a trusted banking provider. For example, Signature Bank offers Finrails AP, which is a fully integrated payments platform that automates business-to-business payments in a seamless and secure online dashboard.
If a criminal intercepts a check, there are ways to fight fraud before it’s too late. Positive Pay is a standard, time-tested tool offered by banks to catch check fraud but it has been alarmingly underutilized by businesses. Positive pay matches the account number, check number and dollar amount of each check presented for payment against a list of checks previously authorized and issued by the company. Suspicious checks are reported to the customer for a pay/no pay decision before it becomes a loss.
Companies also should be aware of endorsement fraud, which happens when a legitimate check is intercepted and endorsed by someone other than the intended recipient. Unfortunately, positive pay does not thwart this type of fraud because nothing on the front of the check has changed. Companies can catch endorsement fraud by daily or weekly spot checking the backs of checks.
Implement Cyber Security
Cyber fraud is a growing threat, largely due to customers sending personal information, such as drivers licenses, social security numbers and account numbers through unsecured channels. Customers should set up strong passwords and only send confidential information via secure links banks provide. Additionally, businesses should use multi-factor authentication, such as key fobs and security tokens, and set up dual controls.
Educate and Engage Employees
Businesses should educate and engage their employees about fraud prevention, which could include daily monitoring and creating a plan for when fraud occurs. It also is important to ensure employees who access company finances have particularly secure systems, not just when they are in banking portals, but with all systems and applications, including social media, that they access from their work computer.
Fraud is an ongoing financial threat that all businesses must acknowledge and anticipate. When a business does experience fraud or an email breach it is critical to notify their bank immediately, as the bank could receive fraudulent emails that appear to be from the customer. Businesses should always report fraud to FTC.gov and, in cases of cyber fraud, the Internet Crime Complaint Center (ic3.gov).
Signature Bank highly values customer relationships and can help your business with strategies to prevent and respond to fraud and cyberthreats. Signature Bank is Chicago’s business bank, focused on serving the needs of privately-owned businesses and their owners. Learn more at www.signaturebank.bank or contact Penny Foust at 773.499.7157 or firstname.lastname@example.org.