How your bank can work with your business to provide the tools to help you stop fraud Featured

7:00pm EDT November 25, 2010

You take careful measures to protect your business facility, installing alarms and other security devices to keep the operation safe. But what are you doing about guarding your business against the significant but intangible threat of bank fraud?

“Every time you write a check, your information is out there, available for the general public,” says Keith Gottschalk, executive vice president of operations and IT at Old Second National Bank.

Counterfeit checks, Automated Clearing House (ACH) fraud and criminal wire activity are hotspots in the bank fraud arena, and every businesses needs to understand them. Economic conditions certainly contribute to an increase in bank fraud activity, but so does exposure through computer networks that become open doors when antiviral software and firewalls are not in place.

To protect your bank accounts, reputations and credit rating, take advantage of your bank’s security offerings and implement internal checks and balances.

“We see a lot more fraud involving small businesses and online banking, but there are tools you can use to prevent a hacker from violating your accounts,” Gottschalk says.

Smart Business spoke with Gottschalk about how businesses can take proactive steps to improve security.

What are the biggest challenges businesses confront when working to prevent fraud?

General awareness is key, and bank fraud simply isn’t top of mind at many businesses, especially in smaller organizations where an owner is wearing many hats and focused on day-to-day operations. Businesses without internal IT departments are often exposed to security risks without realizing it.

Also, there is a general belief that the bank is protecting businesses against all fraud. And while banks certainly have tools to help prevent fraud and notify businesses when suspicious activity occurs on an account, it is ultimately the business’s responsibility to serve as watchdog. Businesses must recognize that fraud is out there and it’s happening every day to organizations like theirs. A business can protect itself by simply taking the time to put safety measures in place.

What are some recent trends in bank fraud?

ACH fraud is huge in the industry now, and this is attributed to people stealing the log-in credentials of smaller businesses and altering ACH files, or creating new files.

Also, criminals are using legitimate business names to conduct these types of fraudulent transactions. The business has no idea and, therefore, its reputation and credit history are at stake. Imagine a business owner’s response upon discovering several bounced checks when, in fact, those checks were counterfeit and the business had no idea they existed.

A business can’t be too careful in monitoring checks and tracking bank accounts regularly.

What are some clues that fraud has occurred against a bank account?

First, the business will notice transactions that are not familiar. That’s the obvious sign.

Depending on how accounts are set up, the business might receive e-mails from the bank warning of suspicious activity, such as changing a user ID, or wiring money, or creating an ACH batch. Don’t assume that these notices are errors; these are huge red flags.

Investigate communications that the bank sends. Businesses should be proactive and set up alerts with their bank, and designate an individual to monitor messages.

What type of fraud protection do banks offer, and how can these tools help businesses?

Positive Pay is a system that confirms every check a business writes. The service matches each check for payment against a list of checks authorized and issued by the company. All components of the check must match; otherwise, the bank will issue a warning to the business. This service is also applicable to ACH.

Additionally, the use of RSA tokens adds another layer of security to the typical username and password. An RSA generates an authentication code at fixed intervals, usually every 30 to 60 seconds. The user uses the token, then keys in the code and gains access to the account.

Banks also offer multifactor authentication, as well as e-mail and text alerts. While single-factor authentication involves only a user ID and password, multifactor authentication also requires a physical token, such as a card. An ATM transaction is an example of multifactor authentication: Someone inserts a token (card) and enters a user ID and password.

The key is for businesses to communicate openly with their bank about available services and what companies can do internally to prevent bank fraud.

Protection can be as simple as remembering to renew antivirus software so no computer goes unprotected, or discussing IT security with a professional who can implement systems.

Keith Gottschalk is executive vice president of operations and IT at Old Second National Bank, Aurora, Ill. Reach him at (630) 966-2474 or