Fraud against business has been steadily climbing year after year. We have seen it from the large corporate hacks to many unseen instances to smaller businesses. Below we detail what types of fraud are happening out there and what options you have to prevent it.
Types of Fraud
- In 2019 61% of all fraud cases were “business email compromise” (BEC), 58% were outside individuals ( forged checks, stolen card) and 26% third party (vendor, professional services provider)
- 81% of business organizations were targets of payment fraud attacks in 2019
- 2019 methods of fraud by percentage:
- Checks: 74%
- Wires: 40%
- Corporate/Commercial cards: 34%
- ACH debits: 33%
- ACH credits: 22%
- 42% of B2B transactions are made by check
- 60% of organizations have a fraud policy in place
How to Protect the business
Most banks offer some level of fraud protection services (typically Positive Pay and ACH fraud filters) for their clients. Positive Pay is a system that allows for a daily or weekly upload, of checks that you have written, to your bank. Checks that are not included in that upload are flagged and you are usually given the option to approve or deny that check. ACH filters are a pre-approved list of companies that can debit your account. Another option typically offered by banks, at no cost is dual control. This allows one individual to initiate a wire or ACH and another individual in the company to review and approve the transaction.
When I had discussions about fraud and how to protect the business, one of the common objections I heard was the cost of the services. The best way to approach those services is to view them as an insurance plan. It is money out of pocket and you hope you never need to use it.
Who is responsible when fraud occurs?
A misconception out there in the business world is that FDIC or the bank will cover any losses due to fraud. That is not true. In many conversations clients would refer to fraud on a credit or debit card, as an example. When credit or debit card fraud occurs, typically those losses are covered by Visa, Mastercard or Amex and not the bank. The bank is not covering those losses. When a business incurs losses, due to fraud on a bank account, those are going to be a loss to the business. The bank will not automatically replace the lost funds but will do its best to work with any corresponding banks to recover whatever funds they can.
One of my good clients who refused the fraud services and was a victim of #1 listed above, a case of business email compromise. The “owner” of the company sent an email to the finance manager asking to send out two wires, for approximately $130,000. Both wires were sent, as this is their typically procedure. In a passing conversation later that day about the wires, it was discovered the owners email was hacked and the business was a victim of fraud. The bank was able to recover about $30,000 but the business took a loss on the other $100,000. Not many businesses can sustain that kind of loss. This client, fortunately, was able too.
When looking at your options, look at any services the banks is offering as an insurance policy. This instance of fraud could have been avoided by simply by the business using dual control. One will never know the costs of fraud until the money is already gone and your business at risk.
If you want to review what bank services you have or what your bank is offering, reach out, let’s talk. We are happy to have a conversation and provide guidance.