Two-thirds of businesses experienced some type of attempted or actual payment fraud in 2011, according to recent industry surveys, and more than 25 percent of banks are reporting a rise in attempted fraud incidents. Although not all attempts result in financial loss, when they do it’s typically around $20,000.
There’s also reputation risk and extra work when somebody gets account information and starts utilizing it in an inappropriate manner, says Ted Sheerer, Senior Vice President and Group Manager of Cash Management at First Commonwealth Bank.
“Companies need to understand the risks and take them seriously,” he says. “It may cost a little bit and make things slightly less convenient, but they need to do everything necessary to protect their financial assets. They need to take proactive steps and not wait until a loss occurs.”
Smart Business spoke with Sheerer about guarding against corporate financial fraud.
Why has financial fraud increased?
Fraud has increased primarily because of technology — from software that makes it easy to create authentic-looking checks to phishing scams, viruses and malware that can compromise a network and PCs. A company’s financial assets could be more vulnerable today than ever. However, there are ways to substantially reduce risk.
What are some examples of financial fraud?
If a company’s account and routing numbers get compromised, they can become exposed to individuals generating fraudulent checks. Some businesses, through the utilization of Positive Pay, which matches check issue data, including payee line, with items presented to the bank, can catch this with no financial loss. The bank alerts the business regarding items that do not match, and offers the opportunity to pay or return those checks. Unfortunately, many others wait until they experience a loss before taking steps to implement Positive Pay.
A more current example is corporate account takeover, where a company’s network or specific PCs get infected with a virus or malware, somebody obtains access to the system and then performs keystroke logging. The fraudster can then sometimes capture the necessary credentials to get into the business’s online banking.
How should fraud education be handled?
You can educate employees, especially those conducting company financial transactions, by using the knowledge of your IT staff. If you don’t have an in-house IT staff or want to supplement this education, work with your bank to see if it offers any security or fraud seminars. You also can find local and regional fraud awareness seminars through professional organizations.
How can you prevent or mitigate fraud?
To minimize the potential of check fraud, companies can incorporate security features into their check stock, store checks and digital signatures in a secure environment, segregate financial duties, reconcile accounts regularly, and utilize Positive Pay with payee line protection. If something doesn’t match, the bank alerts the business customer who decides to pay or return it.
With increased electronic fraud, which includes Automated Clearing House (ACH) transactions and wire transfers, it’s important to have ACH block and filter. This stops unauthorized transactions from hitting accounts. Companies should also ask if their bank offers malware detection and/or account takeover detection software. This is sometimes provided for free.
Some other preventative measures are to:
- Understand procedures around user authentication and limit users to those who absolutely need access.
- Establish dual verification for any outbound electronic transactions.
- Have dedicated PCs used only for online banking services.
- Change passwords regularly, don’t share or write down logins, and routinely update anti-virus and malware protection software.
What’s the priority with fraud prevention?
The priorities should be Positive Pay, ACH block and filter, and then everything the organization can do to protect its network.
Many businesses don’t take the necessary preventative steps. Only when companies seriously understand the risks can they partner with their bank to combat financial fraud.
Ted Sheerer is a senior vice president, group manager of Cash Management at First Commonwealth Bank. Reach him at (412) 690-2213 or email@example.com.
Insights Wealth Management is brought to you by First Commonwealth Bank
If your business has been injured by another party, your first reaction may be to sue for damages. But by first taking reasonable actions to limit your losses, you can increase your odds of recovering those damages. In most situations in which a business has been injured — whether by theft of trade secrets, a contract breach, etc. — it can take steps to prevent damages from worsening.
For example, say that a supplier is unable to deliver a crucial part to produce your products.
“Rather than halt production and lose all profits that your business likely would receive from selling its products, you could try to find another supplier,” says Courtney D. Tedrowe, a partner with Novack and Macey LLP. “You might pay a higher price, thus reducing your overall profit margin, but you would not be out all of your profits.”
That mitigation of damages, sometimes referred to as the doctrine of avoidable consequences, can be crucial in the event of a lawsuit.
Smart Business spoke with Tedrowe about a plaintiff’s obligations and what courts deem reasonable mitigation efforts.
What obligations does a business have in the event it has been injured?
Frequently, courts and attorneys say that a plaintiff has a duty to mitigate damages, but that characterization is inaccurate. Strictly speaking, a plaintiff does not have an obligation to take steps to limit losses after it has been injured, and will generally not incur liability for failing to do so.
However, if some or all of a plaintiff’s damages could have been avoided had it taken reasonable steps to mitigate them, it might not be able to recover that portion of damages from the defendant. Thus, it is in the plaintiff’s best interest to determine what steps it can reasonably take to avoid unnecessarily increasing damages after injury, and then take those steps. In many cases, the plaintiff can recover from the defendant the cost of making reasonable attempts to mitigate damages.
How does a court decide which actions are reasonable?
First, the defendant must prove that the plaintiff could have taken certain reasonable steps to avoid unnecessarily increasing its damages. What constitutes a reasonable step is determined on a case-by-case basis. However, a plaintiff is not required to take extraordinary measures, and a defense of failure to mitigate is not a basis for a hypercritical examination of the plaintiff’s conduct.
The plaintiff need not assume any undue risks or burdens in an attempt to mitigate its damages. Further, the law does not require the mitigation efforts to be successful; all that matters is that the plaintiff made the attempt.
Second, the defendant generally must prove the amount by which the damages increased because of the plaintiff’s failure to take reasonable steps. The defendant should have evidence not only showing that the plaintiff failed to take reasonable steps to avoid increasing damages but also evidence showing by how much that failure inflated damages.
Under what circumstances is this legal concept most commonly seen?
Mitigation is a defense in almost every case in which the award of monetary damages is claimed. It is usually raised as an affirmative defense in litigation, in which the defendant claims the plaintiff’s damages should be reduced because either the plaintiff actually did mitigate its damages, or, had the plaintiff taken certain actions, its damages would have been less.
In most states, there is an exception to mitigation, sometimes referred to as the lost volume doctrine. In cases in which the plaintiff does a volume business — handles or could handle multiple contracts of the same kind simultaneously — and has lost sales as a result of another’s wrongdoing, the plaintiff might not be able to mitigate its damages by finding a replacement contract. Because the seller is capable of handling multiple contracts simultaneously for little additional marginal cost, it could have had the benefit of both the repudiated contract and the subsequent contract at the same time. Therefore, even if the plaintiff could have obtained another contract after the first was breached, it would not replace the lost contract.
For example, say a fencing company contracts to build a fence for $10,000. The buyer breaches that contract. Shortly thereafter, the company contracts with someone else to build a fence for $10,000. If the company can prove it could have taken both jobs, its damages are based on the net profit it would have made on the breached contract, without regard to its ability to get a subsequent contract. However, although this has been adopted in most states, it hasn’t been in all, and the burden is on the plaintiff, not the defendant, to prove the doctrine applies.
How can a business be affected by the responsibility to mitigate damages?
If a business has been injured and is contemplating litigation, it should be aware of the possibility that the defendant might assert a mitigation defense which, if proven, would reduce the awarded. Thus, as soon as the business learns of an injury, it should take all reasonable steps to prevent damages from unnecessarily increasing. Employees should be asked to analyze all of the possible harms to the business including losses due to business interruption, lost business opportunities and harm to reputation. Once specific potential damages are identified, consider whether there are reasonable means of minimizing or stopping these harms from occurring.
It does not usually matter whether your efforts are successful, only that you took reasonable steps to try to mitigate. Moreover, the law generally does not require you to take undue risks or burdens to try to mitigate damages. If you follow these basic principles, you likely will stand an excellent chance of defeating a mitigation defense.
Of course, you should consult an attorney as to whether mitigation applies, as it will depend on the particular facts in your case and the law of your particular jurisdiction.
Courtney D. Tedrowe is a partner with Novack and Macey LLP. Reach him at (312) 419-6900 or firstname.lastname@example.org.