Online banking offers many convenient features for businesses, including easy viewing of balance and transaction, as well as making transfers and payments at the click of a button.
Unfortunately, this convenience comes with a downside – banking fraud. Companies across the United States have had hundreds of thousands of dollars in unauthorized transactions and transfers.
Even worse, business bank accounts are not under the same protection as consumer accounts, so banks are not required to make restitution.
Preventing and stopping fraud requires diligence, the proper safeguards and awareness of how this illegal activity actually happens.
Many incidents are caused when hackers place malicious software, often called malware, on a victim’s computer.
These Trojan and virus programs often enter through emails or infected websites. Social media sites, innocuous as they seem, are especially known for hosting malware.
A California company lost $125,000 after an employee violated company policy by participating in social media while at work. Other scams work through emails “phishing” for information by appearing to be from banks, credit card companies, the IRS and social media, often with the message that an account has been compromised and dire actions will result unless the victim acts.
Once someone enters an account number, login, password and other information such as tax ID numbers, hackers can take over those accounts and use the personal information for identify theft. Once the software is in place, criminals can hack into bank accounts and send themselves money. Often they work through mules – other victims who allow their accounts to be used as money laundering clearinghouses.
These victims are recruited to work for sites that appear to be legitimate businesses, often in financial services. A Georgia auto parts business lost $75,000 after malware on the controller’s computer sent payments to mules around the country.
After the bank reversed the transfer, one mule actually called the bank to find out where “her” money was. That particular fraud was perpetrated by a Russian organization.
Warning signs of bogus business sites include bad grammar, misspellings and too-good-to-be-true promises. Banks are continually upgrading security measures. It is incumbent upon businesses to maintain control from their end.
Tips from experts include:
- Dedicate one computer for online banking only.
- Never let your computer “remember” banking passwords.
- Add an extra layer of approval for online transfers or payments.
- Monitor cash balances daily and set up alerts for unsual activity and balance thresholds.
- Keep funds in a protected account and transfer only what is needed for outstanding checks and payments.
- Place caps on the amount of funds allowed in Automated Clearinghouse Transactions (ACH transfers.)
- Restrict social media and personal online use on company computers (have employees use their own phones or computers during breaks or lunch).
- Talk to your bank about your security concerns and ask what safeguards they have in place or can set up for your accounts
- If your bank uses third-party processing, find out how secure those operations are.
- Set up strong firewalls and be wary of computer access through applications such as Remote Desktop Connection.
- Purchase a fraud insurance rider to cover cybercrime and fraudulent bank transfers.