The bad news is that you can’t stop fraud attempts. Today’s embezzlers, organized crime rings, and fraudsters are opportunists just looking for an opening. If you leave a door ajar, they will find a way in and steal from you.
The good news is that you can stop thieves and foil most fraud attempts by putting the right fraud protection program in place.
Six rules for a strong fraud protection program
Protect access credentials
Never give out passwords, IDs, token codes, token serial numbers, or other authorization credentials. If you receive an e-mail, phone call, or text message claiming to be from your financial institution, asking for your credentials, it is likely a “phishing” attempt. DO NOT respond to it. Report it to your financial institution immediately.
Increase your internal controls
Implement dual custody on all online payment services (ACH, wire transfer, foreign exchange) and self-administration services; reconcile accounts daily to detect suspicious activity; lock check stock and signature stamps in a secured location; update antivirus and antispyware software and firewalls regularly.
Educate your employees
Instruct your employees never to give out the credentials they use to access your online banking systems or accounts. Repeat this message often so it remains top of mind.
Our customers’ employees who were victims of phishing fraud tell us this happened for one of two reasons:
- They didn’t know about phishing fraud; they lacked education.
- They knew, but let down their guard; they needed to be reminded.
Remind your employees of the following:
- Do not click on links purporting to be antivirus or anti-malware software.
- Do not download files from peer-to-peer sources or other unknown sources.
Know your employees
Perform a credit check and a background check on all new employees who have access to your accounts, account records, or cash. Call at least three references to verify information.
Keep authorizations up to date
When an authorized signatory or approver on your accounts leaves your company, notify your bank immediately to have that employee’s name removed from all authorizations. Conduct an annual audit of all your bank signature cards, funds transfer agreements, access codes, and other authorizations to ensure they are current.
Know your vendors
Require all changes to vendor payment account numbers to be made in writing on the vendor’s letterhead and verified with a call to the vendor’s telephone number in your files.
Are you doing everything you can to fight fraud?
Use this fraud protection strategies checklist (PDF*) to make sure you cover all your bases.
This industry best practice requires a second level of approval to release payments and make changes to user access. Thieves may be able to coax access credentials from the employee who initiates online wire or ACH payments, but it’s unlikely they’ll also get past the person who has to approve the payments before they are released.
* You need Adobe® Reader® to read PDF files. Download Adobe Reader for free.
Regulation E - This Regulation outlines the rules and procedures for electronic funds transfers (EFTs) for consumers. Please note: The protections and deadlines included in Regulation E do not apply to business accounts. It only establishes rights, liabilities, and responsibilities for consumers transacting business on consumer accounts.
Tip: Make sure to review your accounts regularly and frequently to minimize the risk of fraud.