How a few simple controls can make the difference in fraud prevention

By and far, the most pervasive fraud risks to companies are cybercrime and internal fraud.

Cybercrime takes many forms — from large fraud operations such as credit card data breaches to malware attacks that collect private information from company computers, including system passwords. At the same time, a lack of internal controls for protecting company assets and reconciling accounts regularly can result in significant losses.

“The risk of corporate fraud, internal and external, places companies in a precarious position. They need to balance routine business flow and operations with preventing and detecting fraud (particularly online fraud exposure) that may result in operating losses,” says John Harrison, senior vice president at California Bank & Trust. “In many cases, a few simple controls can make the difference between a profitable year and a large financial loss.”

Smart Business spoke with Harrison about how companies can better protect themselves from fraud risks.

How has the increase in electronic payments changed the fraud prevention landscape?

Billions of people have benefited from instantaneous access to information from anywhere, at any time. But these advances have also aided criminals who use technology to steal identities, credit card numbers and cash. Gone are the days when people or companies were robbed in person. It’s more lucrative and easier for a cybercriminal to steal from the comfort of a laptop.

What business controls would you recommend to reduce the risk of fraud?

Tried and true common-sense controls are a first step. Access to blank check stock must be monitored. Simple dual accounting controls, such as ensuring staff responsible for fulfilling customer orders are different than employees reconciling order invoice payments, reduces fraud opportunities. Whenever possible, reconcile accounts daily (easily available through online banking) but always at least monthly, and report discrepancies immediately.

Restrict online access on a need-to-use basis. Use dual authentication with online transactions such as online transfers and outgoing wire transfers. Always employ strong online passwords and change them regularly. Utilize secure entry tokens for all users who perform administration functions or process online payments.

Beware of customer emails requesting a change to wire destination instructions, as hackers can compromise email passwords through malware attacks and social engineering. If in doubt, call the customer to confirm any out of the ordinary payment requests or change to a payment destination.

What other steps can help prevent fraud? 

Some additional controls to employ include:

  • Using online services like Trusteer’s Rapport, a free program that helps detect and mitigate malware attacks and phishing attempts. 
  • Avoid downloading programs or files from unknown sources, which could include malicious code and fraudulent programs. 
  • Limit the use of flash drives, CDs or other portable media that can transport and install malicious code.
  • Talk to your bank about fraud prevention products and services, such as Positive Pay, which matches check issue information against checks presented to identify discrepancies or suspect checks. 
  • Keep security software, anti-virus programs and firewalls up to date.
  • Never conduct casual Web-surfing or social media site visits on computers used for business transactions and payments. You can dedicate specific computers for online business tasks only.

These controls are a matter of exercising prudent, common-sense information protection and accounting controls.

Is there anything else you’d like to discuss?
Fraudsters are always one step ahead, devising new, clever techniques to separate companies from their money. The old saying ‘if a deal sounds too good to be true, it probably is’ is still true. A business offer from an unknown person via email promising a large profit for a quick transaction is a huge red flag. Educated people fall prey to fraud all the time; due diligence, prudent internal controls and common sense are the keys to preventing losses.


Insights Banking & Finance is brought to you by California Bank & Trust