The foremost line of defense against fraud begins with you and your company.
The statistics are sobering. Over the past year, 62% of all businesses reported attempted or actual payments fraud according to the 2015 AFP Payments Fraud and Control Survey. But there are ways to mitigate the threat of fraud and cyber crimes. Here are some common-sense actions every business can take to fight back against online fraud.
Consider establishing enterprise-wide policies for:
1. All payment approval, signing and release
2. Multiple reviews for all online banking changes
3. Set daily limits on payments and approvals
4. Establish an audit trail for all transactions
5. Utilize the Bank’s Alerts and Dual Administration functions to monitor your online banking.
Use dedicated computers for banking access; no e-mail or web access allowed.
Create strong computer protection by requiring a password for every device and requiring employees to lock computers when away from their desks.
Back up files on a regular basis by saving data to storage devices.
Secure company website against mailware and attacks.
Consider the security impact of adding new technology or access capabilities.
For internal networks and online banking access, select highly trustworthy system administrators.
Utilize multiple administrators and maintain separation of duties.
Maintain your user entitlements and review at least once a year. Have your Administrator set appropriate transaction limits and access for each user.
Set up alerts to monitor transactions and all system changes.
Reconcile each account monthly, and separate duties between staff that issue payments vs. those that reconcile the bank accounts.
Require dual authorization for all monetary transactions; your bank requires it on all ACH and wire transfers.
Conduct a Daily Transaction Review of all outgoing items (ACH, wires and checks).
Review audit logs of your online banking system.
Remotely Deposited Checks – Void/secure checks once they are remotely deposited and destroy them according to your bank’s retention period.
Validate vendor information by requiring confirmation prior to paying an invoice from a new vendor or processing a change of address request.
Never give out private data online unless you are certain you can trust the site; do not e-mail confidential data.
Do not include confidential information in payroll file transmissions (such as employee SSNs).
Keep your workplace secure – Beware of the risk of nonemployees accessing files and data (including trash).
Screen all temporary help, vendors and consultants that come on-site.
Manage Your Check Supply
Use Only a Trusted, established check vendor.
Monitor check orders and inform your supplier if checks are not delivered in a reasonable time.
Use a unique check style and incorporate security features (such as microprinting or watermarks) into your design.
Use a secure storage area with controlled access for checks, check printing equipment, remote deposit equipment, endorsement stamps and canceled checks.
Never sign checks in advance and limit the number of signers.
Spot Suspicious Activity
Be observant about your business each day. Take heed and follow up if you or your staff find that “something is not quite right” about a certain situation or routine.
Is the user accessing online banking in an unexpected way or from a different location?
Are the user’s banking actions normal?
Are the transactions typical for your firm?
Are there new payees or changed data you were not expecting?
If you are suspicious, investigate to determine if action is needed to address a problem. Call your bank immediately with any questions.
Was this article helpful? Subscribe to Insights and receive regular notifications about articles and information regarding banking and your business.
2015 AFP Payments Fraud and Control Survey
2015 US State of Cybercrime Survey
2014 US State of Cybercrime Survey
2014 Transforming Cybersecurity Report – Deloitte Services, LP
2015 Internet Security Threat Report – Symantec
2015 Check Point Security Report
Krebs on Security, Issue #20, May 11, 2014
This article is for informational purposes only. We recommend that your business also obtain data security and anti-fraud advice from experts who are familiar with your business’ information security controls. While this document will provide you with suggestions on controls, best practices and risk management, these recommendations cannot replace the services of dedicated data security and anti-fraud experts with an in-depth understanding of your business and operational infrastructure. Consult an accountant, legal counsel, cyber-insurance expert and/or other appropriate business advisor before using this material or deciding how to proceed in any specific situation.