“Sir, I’m sorry but your card was declined.”
“Run it again!”
“Um… I ran it 3 times already”
By now I am sure you have had a similar experience, the nice young waitress that just served you a filet, side salad and 2 bottles of wine is whispering that your card was declined. You just checked the balance a week ago and should have plenty of money in your account. When you call the bank to find out what’s going on, they inform you that there have been a series of fraudulent charges and the card has been shut down.
“Honey… Do you think you can cover the bill?”
Now you have to ask your date to pay for the dinner.
If you think that is embarrassing, try having a $158,000 check bounce for raw materials from your most important vendor. The implications could be far reaching and devastating for a business trying to push through that next level of growth. Unfortunately, fraud is a reality almost every business faces. The sophistication of criminals is alarming and individuals are not the only target. What’s even scarier is that the liability related to commercial accounts can be much different than that of personal accounts and the numbers can be multiplied many times over.
Recently, a colleague’s client lost over $147,000 due to a fraudulent wire sent when a criminal hacked his email account. After trying to recover the funds by suing their bank, the company was stuck with the bill and all legal fees.
According to the Association for Financial Professional, 62% of companies were targets of payment fraud in 2014. 77% of those attacked had attempts made with checks, 34% with credit cards and 27% with wires. If the numbers don’t add up that’s because many companies were targeted by more than one method. 76% of these attempts were by an individual outside the organization, but a significant number were made from internal individuals.
So, what can you do to protect your business?
Banks are legally responsible for having products and mechanisms to reasonably deter fraudulent activity.
Establish Strong Internal Controls:
Most banks can provide banking systems which segregate duties, restrict access to certain users and ensure all transactions are reviewed multiple times before payments are made. Bank treasury management portals are customizable with multiple levels of security and are a good first step to ensuring only the people who need specific information have it. These systems provide mechanisms for dual control and audit trails that can help you track down the perpetrator of an internal fraud.
Reduce Paper Payments:
It may be difficult to completely eliminate paper checks but the prolific use of electronic wires, ACH transfers and credit cards can significantly reduce the probability of an attack. Checks have the company’s banking information written in detail across the bottom of the check. It is easy for fraudsters to wash or re-create a check once they have intercepted your check. If you do need to use paper payments, make sure you are using a positive pay system to inform your bank of the checks you have outstanding. Your banker and their treasury management partners should be able to provide you with more information.
Verify With a Phone Call
Recently, many criminals have been targeting larger organizations by creating similar emails and sending wire instructions to employees. For example, your email might be John@ ABCcompany.com and the criminal will create an email account at John@ABCompnayinc.com. They will then use this email to instruct your accounts payable clerk to send a wire for you to a foreign account. Once that wire is gone… good luck. Instruct your employees to get a verbal confirmation from you on payments to new vendors or payments over a certain amount.
Establish an Independent Account Structure
Your company can further limit its vulnerability to fraud by establishing multiple accounts which aggregate funds or hold small amounts for specific payments. For example, if you have a separate account from which you only write payroll checks, your company can leave it at a $0 balance until a couple of days before you process payroll. Even if someone gets a hold of a check and alters it, the check might be rejected when presented for payment due to lack of funds in the account. If an account is compromised it is easier to change one account for a portion of your business than your main operating account.
Take Advantage of Plastic
Credit card processors have been working diligently to reduce fraud. The increase in technologies such as EMV chips and single-use account numbers have made strong strides in the reduction of credit card fraud. With some commercial card programs, your company can have an administrator limit the card to pay only certain merchants, set daily credit limits and even transaction limits. Additionally, most credit cards offer protection against employee misuse.
Although you will never be able to completely eliminate the risk of fraud, the steps outlined above will greatly reduce your vulnerability and work to alert you quickly if something does happen. We would love to hear your experiences. Please let us
know, in the comments below, which other tactics have worked for you!