Did you know that business bank accounts don’t have the same protections that federal law affords consumers when it comes to recovering from fraudulent transactions? With experts predicting an increase in financial crimes, it’s critical for businesses of all sizes to be prepared to respond and recover.
The federal government reports that cyber criminals are targeting the financial accounts of small- and medium-sized businesses, resulting in significant disruption and substantial monetary losses due to fraudulent transactions. Too often, these funds may not be recovered.
Here are some prominent types of financial crimes businesses should be prepared to counter:
Corporate Account Take-Over
Federal law enforcement agencies describe “Corporate Account Take-Over” as a widespread form of targeted online fraud where perpetrators gain control of business customers’ computers and attempt to transfer money out of bank accounts using wire transfers and ACH transactions.
Business Email Compromise
In this crime, scammers target businesses working with foreign suppliers and/or businesses that regularly perform wire or ACH transfer payments. Criminals attempt to compromise legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Credit Card Fraud
In an increasingly digital world, where credit and debit card numbers can be obtained through unsecure internet connections, credit card fraud is becoming more common. This crime sees individuals using credit cards or debit cards – some stolen from the owners – without authorization. This can impact both individual and commercial card holders.
Awareness and preparedness are key to help avoid your business’s susceptibility to financial crimes. Arvest’s Treasury Management Sales Advisors offer free consultative services, assisting you to uncover areas of vulnerability. Our team is ready to share resources and make recommendations with the goal of helping you mitigate your risk of financial loss due to fraud. Schedule an appointment online, email us at TMCustomerService@arvest.com or call (877) 849-2274 Opt. 1, to set up a meeting. Interested in exploring business accounts and financing options for your growing business? Our commercial bankers are ready to assist you. Schedule an appointment online or call (866) 952-9523 to explore your business needs.
Additionally, the Federal Bureau of Investigation (FBI) has provided additional resources to assist businesses and consumers.[1] The FBI recommends the following risk mitigation techniques every business can use:
- Educate Employees:
- Don’t respond to or open attachments or click on links in unsolicited e-mails.
- Be wary of pop-up messages claiming machine is infected and offering software to scan and fix the problem.
- Enhance computer and network security:
- Conduct online banking and payments activity from at least one dedicated computer that is not used for other online activity.
- Install routers and firewalls to prevent unauthorized access to your computer or network.
- Keep operating systems, browsers, and all other software and hardware up-to-date.
- Avoid free web-based e-mail accounts: Establish a company domain name and use it to establish company e-mail accounts in lieu of free, web-based accounts.
- Enhance the security of financial business processes:
- When offered by your bank, use a security authentication token to log in to online banking.
- Initiate ACH and wire transfer payments under dual control using two separate computers. For example: one person authorizes the creation of the payment file, and a second person authorizes the release of the file from a different computer. This helps ensure that one person does not have the access authority to perform both functions, add additional authority, or create a new user ID.
- If, when logging into your account, you encounter a message that the system is unavailable, contact your financial institution immediately.
- Consider implementing two-factor authentication for corporate e-mail accounts. Two-factor authentication mitigates the threat of a subject gaining access to an employee’s e-mail account through a compromised password by requiring two pieces of information to log in: (1) something you know (a password) and (2) something you have (such as a dynamic PIN or code).
- Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via their personal e-mail address when all previous official correspondence has been through company e-mail, the request could be fraudulent. Always verify via other channels that you are still communicating with your legitimate business partner.
- Always verify changes in vendor payment instructions and require callback verification. Add additional two-factor authentication such as having a secondary sign-off by company personnel.
- Confirm requests for transfers of funds and only use known numbers on file, not the numbers provided in the e-mail request.
Please visit https://www.fbi.gov/ for more information.
[1] Sources:
https://www.ic3.gov/Media/Y2022/PSA220504
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise