Online Banking Fraud
In the past 10 years, online banking has exploded, with millions of customers checking their balances and moving money around through Web browsers.
Such activity has created a goldmine for cybercriminals, who hack into online bank accounts and transfer large sums to accounts they control.
Many small and medium-sized business owners have become the latest target of cybercriminals. Business accounts are perfect targets for criminals because the cash balances are higher than those of retail banking accounts.
How to guard against risks
There are several risks for businesses that use online banking services.
- Phishing scams, particularly those related to the email account tied to the online business bank account;
- "Man-in-the-middle" attacks that can intercept, redirect or reformat communications between the customer and the bank, without either party's knowledge;
- Fraudulent or corrupted websites, which can silently infect Web browsers; and
- Public or unsecure Wi-Fi networks, which can result in banking-session hijacks.
The following tips can help protect your business from online threats:
Manage your risks: Have protocols in place for securing data, and identify someone responsible for managing data security.
To better protect themselves against financial theft, businesses should understand how cybercriminals work, the techniques they use and the tools at their disposal.
Educate your employees: Make your employees aware of the cyber-criminal tactics:
- Access online banking sessions from their favorites or from the bank’s website.
- Do NOT link through an email that may be fraudulent.
- Do not open or download files from unknown sources that may contain Trojans or other malware.
- Monitor your online activity to look for any unauthorized transactions.
Small Business Scams
Being vigilant against fraud is not only important for a company’s bottom line, it also strengthens customer trust in the business. Becoming a victim of fraud can have a negative financial and reputational impact on a business. Scammers aren’t always trying to steal money from a business; sometimes they are after a company’s financial or customer data and will use many kinds of high and low-tech methods for getting it.
Phishing E-mails – Some phishing e-mails specifically target small business owners with the goal of hacking into their computer or network. Common examples include e-mails pretending to be from your bank, credit card company, the Better Business Bureau, the IRS or other government agencies. If you receive a suspicious e-mail, don’t click on any links or open any attachments. Contact the company or agency directly to confirm the legitimacy of the e-mail.
Directory Scams – A perennial problem that has plagued businesses for decades involves deceptive sales for directories. Commonly the scammer will call the business claiming they just want to update the company’s entry in an online directory or the scammer might lie about being with the Yellow Pages. The business is later billed hundreds of dollars for listing services they didn’t agree to or for ads which they thought would be in the Yellow Pages.
Office Supply Scams – Some scammers prey on small business owners hoping that they won’t notice a bill for office supplies like toner or paper which the company never ordered. Every year BBB receives thousands of complaints from small business owners who were deceived by office supply companies and billed for products they didn’t want.
Overpayment Scams – Be extremely cautious if a customer overpays using a check or credit card and then asks you to wire the extra money back to them or to a third party. Overpayment scams target any number of different companies including catering businesses, manufacturers, wholesalers and even sellers on sites like eBay, Craigslist and Etsy.
Data Breaches – No matter how vigilant your company is, a data breach can still happen. Whether it’s the result of hackers, negligence or a disgruntled employee, a data breach can have a severe impact on the level of trust customers have in your business.
Vanity Awards – While it’s flattering to be recognized for your hard work, some awards are just money-making schemes and have no actual merit. If you are approached about receiving a business or leadership award, research the opportunity carefully and be wary if you’re asked to pay money.
Stolen Identity – Scammers will often pretend to be a legitimate company for the purposes of ripping off consumers. When it comes to stolen identity, the company doesn’t necessarily lose money, but their reputation is potentially tarnished as angry customers who were ripped off by the scammers think the real company is responsible.
Financial fraud and theft have become an increasing threat to many small businesses. Tri City National Bank remains committed to helping you protect yourself and your business against losses. In addition to relying on the bank’s internal security measures and procedures, you can implement these valuable tips to keep your money safe.
- Always monitor your employees. Screen new hires carefully and train them accordingly. Separate accounting responsibilities, making payables and receivables processing different work positions. If that is not possible, process the transactions under dual control.
- Protect all accounting documents by locking away check stock, signature equipment, invoices and critical account information.
- Monitor the movement of employees, vendors and contractors in and out of your offices.
- Update signature cards and systems access whenever personnel or procedures change.
- Review and revise accounting processes periodically to ensure that they meet your company’s needs. Exercise due care in drafting and preparing checks and other withdrawal instruments. Maintain separate accounts for payables and receivables to eliminate the payment of fraudulent invoices.
- Explore the availability of fraud-reduction tools. For example, you may choose to switch to electronic-based products and accounting methods. If you do not bank online, learn more about Business Online Banking.
- Conduct audits of various check-control duties. Reconcile and monitor account activity frequently. Examine bank statements punctually. Failing to do so may result in the company bearing liability for loss. To speed up the process, consider utilizing online statements and viewing your check images and deposit images online.
- Contact your business insurance provider and review your business insurance policy to determine if it provides coverage for employee dishonesty.
- Finally, report losses promptly. The bank can take action after you report any unauthorized payments due to counterfeiting, forgeries and alterations. Call us at 1-800-874-2489 to report any fraudulent activity on your Tri City accounts.
The reality of today is that every business, large or small, needs to have fraud controls in place to protect itself from internal and external losses. A few areas to consider include:
Identify and assess operating controls.
Use dual control.
Set-up and regularly review financial reports.
Accounting firms typically offer this service.
Follow legal and regulatory compliance processes for your industry.
Attend industry conferences.
Subscribe to industry publications.
Work with an outside firm to advise you.
Hire an expert internally.
Make sure to balance the level of risk against the controls you put in place.
The management team and shareholders (if applicable) should define this.
Adhere to internal controls.
Have written procedures.
Test/audit the procedures.
Online fraudsters are more prevalent than ever. While the bank has procedures and controls to help protect you, there are steps you can take to help secure your financial and online banking activities. Download the document here.