How To Protect Your Business Bank Account from Fraud
From corporate account takeover, to compromised email, fraudulent checks, and unauthorized ACH debits, there are plenty of gateways for a fraudster to try to get their hands on the money in your business bank account.The risk of fraud on your business bank account can be mitigated by following these best practices.
Step 1: Access to your online business banking accounts should be limited to those who absolutely need it.
It is tempting to give online access to your accounts to the many people who help with your company's finances, such as accountants, payroll staff, and other financial professionals.If you grant more access to your accounts, your account information is more likely to fall into the wrong hands.Ensuring that you don't over-grant access to your accounts is essential, but it's also important to make sure that more than one person regularly monitors their accounts.If you have at least 2 people monitor your accounts daily, you will be less likely to find out about shady activity until your account has been drained.
Step 2: The secure workstations should only be used for online banking activity.
This is important if your company uses treasury management-related services, such as the ability to initiate wire transfers and submit ACH files to your bank.If you restrict your internet usage to online banking only, you can greatly reduce the risk of your computer being compromised by malicious software that can steal your account login information through key-logging or other malicious means.
Step 3: Your computer's operating system and virus protection should be up to date.
Making sure you always have the latest version of your operating systems and virus protection will help reduce the chance that a hacker will be able to compromise your computer.
Step 4: If you trust the email address that sent you the request, you should not send wire or ACH transfers.
Businesses around the world lose hundreds of millions of dollars every year from these types of email requests, and you as the business will often assume the fraud loss related to sending out fraudulent wire transfers or ACH credits, not your bank.If you receive requests to send funds, use out of band to verify their legitimacy.Out of band verification is done through another means than how you received the request from the submitter.It is possible to follow up with phone calls, text messages, instant message, fax, or any other type of secure verification that is available to your organization.You will be reminded of the worth of taking these extra security steps when you avoid sending a fraudulent wire transfer for the first time.
Step 5: For all funds transfer requests, use dual verification/approval.
Most banks offer dual verification, which restricts users of online banking accounts from submitting funds transfers on their own without getting approval from another user with sufficient authority to approve the request.If you are not concerned with an employee going rogue, you should require dual verification.
Step 6: If you can, request tokenized access to your account.
Business customers who use more advanced treasury management services, such as wire and ACH transfers, are given tokenized access, which requires that a token be entered each time that you log into your account.Each login will have a new one-time password provided by the token.
Step 7: Request out of band verification from your bank for submitted wire transfers.
If your bank offers this service, they will not release any wire transfer or ACH file submissions they receive from you until you confirm through another means that the transfers are okay to be sent.A call-back, fax, or secure message submission can be used to verify the dollar amount of the transfer, number of items in the file, and other relevant information.
Step 8: Positive pay should be used.
Positive Pay is one of the best ways to protect your account from fraudulent debits.There are many different variations of Positive Pay, but the service allows an authorized user at your business to review the checks, ACH debits, and other transactions posting to your account to verify they are indeed authorized.If there are unauthorized debits, your bank can return the fraudulent one back to the sender.If you only review your business account bank statements monthly, you could be liable for up to a month of fraudulent transactions.To avoid liability in most cases, you must report fraudulent business-to-business ACH transactions to your bank no later than the day after they are presented for payment.Check with your bank to see if there are any additional requirements for reporting fraud.
Step 9: If possible, avoid writing checks.
Each time a check is written off your business account, you are giving up access to your address, bank name, and business bank account number, all of which can be used by fraudsters to make fraudulent checks.Positive Pay can be used to monitor your account on a daily basis if your business has to issue checks.
Step 10: ACH can be used for payroll and other receivables.
ACH for payroll and other payables will help keep your account number and origination information secure and reduce float time.Check with your bank's Treasury Management or Cash Management teams to find out more about how your business can use ACH origination.