4 minute read
Financial Overview
fraud: if you don't think it can happen to your company....you're mistaken! By: bill ruckert, provident bank
Fraudsters are everywhere. They spend more time trying to plunder a company’s money than the average business owner does trying to protect it. Companies are routinely exposed to cyber-crime through name recognition, vendor payments, employee payroll, email addresses, and other venues. There are many ways for a perpetrator to gain access to company information. Your bank should be working closely with you and offer a variety of cyber-prevention services.
Fraud comes in many varieties and concludes with the successful theft of money from a business or an individual. Illicit wire transfers are probably the most common method for criminals to steal funds. Everyone has heard about the cash-strapped college student who asks for emergency funding from Grandma or Grandpa. Unfortunate results routinely occur, and those same criminals are calling and/or emailing your Finance Department regularly with the identical intent of theft. Of further concern is their unusually high degree of success!
ACH transactions are also a frequent avenue for fraud. A common occurrence is when cyber- criminals provide fake vendor information to companies. When payments are made, funds go to fraudulent accounts. The funds are then almost immediately transferred from the bogus account, leaving no trace of their whereabouts. Very little information is needed by felons to target companies to perpetrate this type of fraud.
Employees unwittingly expose their employers to fraud through routine payroll checks. Information found on these checks, whether cashed, uncashed, or simply an advice of deposit, is invaluable to criminals. A company’s bank name, account identification and routing number are readily available on these doc- uments, providing a solid foundation of information for a thief.
Email addresses can also lead to a fraudulent activity more commonly referred to as Business Email Compromise, or BEC. As an example, bad guys can closely replicate an email address and give fraudulent instructions to the receiver. Unless the address is closely scrutinized by the receiver, it will mistakenly be accepted and followed. Once duped, the receiver of the sham email quickly falls prey and subsequent actions can cause economic, customer and/or reputation damage.
Business partners can also represent fraud risk as their systems can become compromised, leading to an undetected incursion into an unsuspecting company. This activity is more difficult to identify and its impact may not be felt until some future date. Once a company’s system has been hacked, there are many areas cyber-criminals can attack to meet their ends.
Unfortunately, fraud is most often discovered after it occurs leading to re-active remedial action. If it involved the transferring of funds, the likelihood of recovery is quite small. An event that impacts a company’s customers and reputation requires much more extensive remedies that can only be cured with time and money. To avoid these risks, companies must take a pro-active approach to managing their cyber risk, and there are many tools available.
Education is the primary example of how to avoid cyber-crime. Enlightening employees about the inherent risks associated with critical company information will go a long way to stop perpetrators. The old bank adage ‘trust but verify’ rings true here. When unsure about a wire transfer or ACH request, a simple solution is to call the company in question and validate the request from a reputable source. These remedies may be considered common sense, but as a practical matter, they are imperative to preventing criminals from entering your door.
Bank products are specifically designed to prevent fraudulent activity and are integral to a company’s cyber protection program. Standard services including Positive Pay, ACH Positive Pay and Universal Payment Identification Code (UPIC) offer inexpensive, efficient and timely responses of protection. Establishing routine schedules for payments, whether A/P or payroll, also provides security as transactions outside the norm will garner internal scrutiny. Restricting employee access to company information as well as utilizing dual control, with dollar thresholds for the transferring of funds, also provide added security. Lastly,
If hacked, a company should act swiftly and decisively to protect itself. Closing hacked accounts is paramount to avoiding future fraudulent activity, as is understanding the root cause. Companies need to assign individual roles and responsibilities for cyber protection. Policies should be adopted and practiced to ensure fraud protection measures are in place not only internally, but with business partners and customers. In addition, any fraudulent activity discovered should be reported to the authorities quickly, including the Internet Crime Complaint Center (IC3).
If your bank is not discussing with you how to protect your business from cyber-crime, you’re being exposed, but that can be minimized. Take a proactive stance against fraudsters and demand services be offered to your company by your bank, or, consider using an alternative financial institution that is committed to protecting its customers. Also, to better familiarize yourself with cyber dangers, I encourage you to visit the National Automated Clearing House Association (NACHA) website – www. nacha.org – for a list of fraud threats.
I would like to take this opportunity to congratulate our friends at Weeks Marine for celebrating its 100 year anniversary and acknowledge the successful 35 years and going celebration for Stokes Creative Group.
