Online banking is convenient, but it’s easy for cybercriminals to gain access to your accounts when you process transactions over the Internet. Organized criminal gangs are using malware and phishing schemes to steal approximately $1 billion from small and mid-sized companies across the United States and Europe each year, and the problem has become so pervasive that a recent theft of $100 million from a business account barely registered on the FBI’s radar.
The good news is that it’s possible to enjoy the convenience of online banking without exposing your company to unnecessary risk by taking advantage of a bank’s products and services and exercising some basic precautions.
“Cybercriminals pose a real and serious threat,” says Barry Langer, first vice president and customer relations manager for Corporate Services at California Bank & Trust. “Executives need to educate themselves and understand the risks, then take some basic steps to safeguard banking transactions.”
Smart Business spoke with Langer about balancing risk and convenience by protecting your bank accounts from the most common forms of fraud.
How are cybercriminals attacking business accounts?
Companies incur risk whether they’re writing checks or processing online payments, but the greatest threat occurs in cyberspace. When an unsuspecting employee opens an authentic-looking email or document from an imposter, wily cybercriminals can steal user names and passwords by downloading malware such as the Zeus virus onto computers. Cybercriminals can also embed viruses in Web sites, innocuous Word documents such as resumes or simulated email alerts from social networking sites such as Facebook. Unfortunately, employees often fail to recognize an attack because the virus is programmed to evade network security, giving fraudsters access to your accounts. Worse yet, anyone can purchase the Zeus Trojan for about $700.
How can companies minimize risk and the possibility of fraud when processing online banking transactions?
Your employees need to serve as the first line of defense, but they need training to recognize cybercriminals’ tricks and tactics and thwart potential attacks. In addition, companies need to notify their bank immediately if they suspect a breech.
Businesses should also:
- Eliminate outside risk. Don’t rely solely on security software, antivirus programs and firewalls. Protect your system from viruses and malware by stopping employees from downloading documents stored on external flash drives or CDs, or accessing outside email accounts. Better still, keep viruses from invading your network by using a dedicated computer strictly for banking transactions because most viruses are transmitted via email or while surfing the Internet.
- Reconcile accounts. Nip fraudulent activity in the bud by reconciling your business accounts daily.
- Take advantage of bank products and services. Your bank can help you prevent fraud by providing education, best practices and tools such as antifraud software.
- Implement a dual authentication security process. This is another way to prevent online payment fraud, as different people create and approve each transaction. While the duplicate process requires additional time and staff, it reduces the opportunity for someone to initiate or approve fraudulent payments.
How can companies minimize the risk of paper or check fraud?
Unless companies use a fraud prevention service such as Positive Pay, forgers can wash payees’ names from stolen checks and substitute their own, alter the amount or use software to duplicate checks. With the Positive Pay service, companies send a check issue file to their bank and it is matched against checks presented to identify discrepancies or suspect checks. Checks that do not match the check issue file are presented to the company for examination. While it’s not free, Positive Pay has the ability to lower costs by reducing unauthorized transactions, potential losses and legal fees.
Positive Payee Match provides another layer of security, as your bank also matches the name of the payee against the roster of issued checks. You can also review the front and back of exception items online and quickly make payment/return decisions from the convenience of your office.
If you don’t want to provide a check issue file, you can monitor presented checks online and return them immediately by utilizing an alternate service called Reverse Positive Pay.
How can companies prevent ACH fraud?
Savvy companies are reducing risk without sacrificing convenience through a service called ACH Positive Pay, which enables you to view and make decisions to accept or reject ACH items before they post to your account. If reviewing every transaction is too time consuming, simply create a filter and review and approve transactions above a specified dollar limit.
How can executives spearhead fraud prevention efforts?
Executives must set the tone by acknowledging the seriousness of the threat and prioritizing risk mitigation over convenience when processing banking transactions. Small to mid-sized businesses are particularly vulnerable to cyber attacks, so executives at those companies should utilize the risk assessment tools and best practices provided by your bank. Remember, an ounce of prevention is worth a pound of cure because a single attack can easily cost your business hundreds of thousands of dollars.
Barry Langer is first vice president and customer relations manager for Corporate Services at California Bank & Trust. Reach him at (213) 593-3838 or Barry.Langer@calbt.com.
Insights Banking & Finance is brought to you by California Bank & Trust