Business owners face a myriad of challenges when it comes to running a successful enterprise. One of the most rapidly increasing challenges relates to that forbidden f-word: fraud.
With the number of fraud-related incidents on the rise and fraudsters becoming increasingly creative in their tactics, First National Bank has unfortunately been witness to its growing impact on local businesses.
To protect your business, your employees and customers, and your hard-earned capital, you should keep a diligent eye out for the following types of business fraud — and make sure to educate yourself on how to prevent them.
Check fraud
What to watch out for: All business owners are at risk for the creation of fraudulent checks.
In this instance of fraud, perpetrators will look to obtain and manipulate legitimate business checks, either by altering the payee name on the original check or by recreating a replica check with an altered payee name or other information.
One of the primary means by which fraudsters obtain business checks is through stealing mail from mailboxes.
How to prevent it: The best and easiest way to prevent check fraud is by making your checks inaccessible to fraudsters.
Never leave checks (or any sensitive documents) in your mailbox unattended — and especially not with the flag up, which alerts fraudsters to a potential find and makes their “jobs” that much easier.
Instead, you should always take your outgoing mail directly to the post office. While it takes a little extra time and effort, going out of your way now could pay off a lot in the end.
Another good practice is to reduce the number of paper checks you write by utilizing ACH or electronic bill pay options instead.
At First National, we can also help your business mitigate the risk of check fraud through our Positive Pay service. Business owners who use FNB’s Business Online Banking can utilize Check Positive Pay free of charge.
To use Check Positive Pay, simply upload a listing of legitimate checks that you’ve issued into the system. At that point, Positive Pay will monitor the clearing of all checks through your FNB business checking account and compare them to the listing.
If a check has been presented that isn’t listed in Check Positive Pay, or if the specified data on a check does not match the check file that you uploaded, we will notify you of the exception item and provide you with the opportunity to pay or return the check.
Positive Pay may sound like extra work for you and your business, but a little more of your time is a small price to pay for the monetary protection you gain — which could potentially save your business hundreds of thousands of dollars in the long run.
Finally, it’s important to note that none of these methods are 100% foolproof in preventing fraud. That’s why it’s equally important to monitor check clearings regularly, especially since there is a 24-hour window of time to report fraudulent activity with any hope of stopping the fraud and avoiding monetary loss.
Wire fraud
What to watch out for: Wire fraud is one of the most volatile types of business fraud because the moment a wire is initiated, there is little chance of stopping it or pulling back the funds.
One common tactic fraudsters use is CEO impersonation, where the email address of a company’s CEO is compromised and the perpetrator uses it to send fraudulent emails.
Often, these emails are targeted at coworkers and ask them to take quick action in initiating payments that are actually going to the fraudster.
CEO impersonation can be incredibly effective because it plays with an employee’s emotions: the request is urgent, the CEO is important, and the employee’s job could be at risk if they fail to follow through.
How to prevent it: If you receive a request for a wire transfer, the first step is to verify with the person who appeared to send the request that it is, in fact, legitimate. This is as simple as picking up the phone, calling the sender at a trusted number, and verifying the wire instructions with them.
That’s why employee education is crucial for your business.
Make sure you are training your employees to stop, think, and make a quick phone call before pushing these urgent wire transfers through, because some education on the subject and a few extra minutes of time may save large sums of money in the long run.
We also recommend that your business use a dual control process to initiate wire transfers. With dual control, an authorized employee initiates a wire transfer while a second authorized employee is used for call-back verification.
At First National, we require call-backs to a designated representative of a business upon receipt of a wire request, which provides an extra layer of protection for your business. Furthermore, we complete internal due diligence to determine if a wire transfer exhibits common attributes of fraudulent activity — and we will accordingly reach out if necessary.
ACH fraud
What to watch out for: One way ACH fraud might occur is by a fraudster leading a CFO or other employee responsible for issuing payments to changing the information on an ACH transfer.
For example, an employee might receive an email notification from someone who appears to be a trusted vendor requesting a change in payment instructions. Assuming this email came from a legitimate source, the employee proceeds to initiate an outgoing ACH payment to the newly designated account information.
Unfortunately, the funds are actually going to a fraudster who either gained access to the vendor’s email account or spoofed a company email.
In a similar example, someone in human resources might receive an email that appears to be from a fellow employee requesting to change their bank account information before the next payday.
Assuming it’s a real employee on the other end of the email, the human resources employee puts the change through — and discovers the fraud on payday when the affected employee contacts them about not receiving a paycheck.
How to prevent it: The best practices to mitigate ACH fraud are similar to those of preventing wire fraud: call a trusted number for the vendor or fellow employee in question to verify payment requests and changes in payment instructions.
At First National, we also offer ACH Positive Pay to red-flag ACH transactions not initiated by the business that may have been intercepted by a fraudster. However, Positive Pay will not catch instances of fraud like the prior examples because the business initiated the ACH payment manually.
Just as with check fraud, it’s important to stay diligent and be cognizant of that 24-hour window — especially because fraudsters will quickly withdraw stolen funds from the receiving financial institution in order to limit a business’ ability to claw the funds back.
Internal fraud
What to watch out for: You never want to think that the fraud might be coming from your own employee, but the sad truth is that it does happen on occasion.
In a recent example from an FNB business customer, an employee used a business credit card to make personal purchases and then manually altered the monthly billing statements to remove personal charges prior to review by a manager.
Other cases have involved employees who are responsible for ACH payroll manipulating an ACH file submitted to the financial institution to increase their respective pay.
How to prevent it: The best practices to mitigate internal employee fraud include setting up formal procedures for financial transactions by the business and, again, utilizing dual control so more than one employee is involved in any payment processing.
Overall, organizational awareness can be one of the biggest deterrents of fraud. If a situation doesn’t feel right, there’s a good chance it may be fraud — and even if it does feel right, it may not be, so take that extra step to potentially save your business from significant financial losses.
And if you want more help or further information on protecting your business from fraud, reach out to me or your banker; we’d be happy to have a conversation!