Fraud Prevention

Fraud is devastating to organizations of all sizes and the results can be catastrophic. As financial transactions and fraud schemes become more complex and sophisticated, recognizing the wide variety of internal and external fraud threats is essential to detecting and deterring fraud at your organization.

Business Email Compromise (BEC)

Also known as BEC, this scheme typically starts with an email that appears to be from either a known vendor, someone with whom the organization has been corresponding, or another recipient of a business payment. A compromised email will provide details for how to send a payment OR will request that prior remittance details be changed due to some “problem” with the prior account.

There are two types of BEC to watch for:

  • “Spoofed” emails that look like a legitimate email with just minor changes.
  • “Hacked” emails that utilize the actual email address because the fraudster has taken control of an email account.

Some Ways to Prevent Business Email Compromise:

  • Verify, verify, verify:
    • Does the email appear to be written appropriately, without typos or slang?
    • Is the number in the email one you have called in the past? Call the sender at a known phone number to verify instructions.
    • Does the person you’re speaking to know details of your last discussion and understand your current conversation?
    • Do the instructions in the email align with your needs? Does the beneficiary’s bank information make sense?
  • Establish and follow these procedures:
    • Dual Control: Only send out wires or create ACH transactions under the authority of two people—one to create and one to verify. Both parties should independently review the details of the transaction and have the authority/expectation to question anything that seems out of place.
    • Written Authorization for Disbursement: Include supporting documentation with instructions for remittance and how those were received, as well as the details of any callbacks or verifications that were performed.

Don’t feel bad about performing these verifications! Fraud is a very real threat, and once an ACH or a wire is sent, recovery is NOT guaranteed. You want your funds to be used to help your business, NOT fraudsters.

Check/ACH Fraud

Although old school, this type of fraud continues to increase. Fraudsters steal mail, either at delivery or at the sending point, because stolen checks can be altered by adding a new payee. This is easy to miss because the check still posts for the correct amount and check number. Stolen checks can be used as a template to create counterfeit checks, and accounts can be “slammed” with a large number of counterfeit checks.

Bank information and account numbers can also be used to create fraudulent ACH (electronic) debits, often through payments to credit cards.

Your Best Ally in Preventing Check and ACH Fraud: Positive Pay

Issued checks and authorized ACH originators/transactions are input through the online banking system. If a transaction is presented that does not match your “authorized transactions,” it is flagged for review. Using online banking, you decide manually whether each item is to be paid or returned, or you can establish a default decision to “Return” or “Pay” rejected items.

Embezzlement

This internal fraud occurs when someone in the organization has too much autonomy, is believed to be “above reproach,” and/or has an excessive amount of authority to independently conduct transactions. Newer staff or rotating staff may be less likely to know the standard procedures and, therefore, less likely to recognize when something is unusual or suspicious.

Two Important Ways to Help Prevent Internal Fraud:

  1. Establish dual control and separation of duties: Transactions should always be completed by at least two individuals. For checks, one person issues the checks and a different person signs them. For online transactions, including wires, ACH, and transfers, one person creates the transaction and a second verifies it, with both carefully reviewing the authorizing documentation.
  2. Create a culture of transparency: From the top down, all staff should encourage oversight and validation. More than one individual should be involved in all decision-making and transaction processing. While this might not be as efficient, it is more effective and well worth the extra time and effort in preventing embezzlement.

For more tips, tools, and resources to help protect your organization from fraud attacks, please visit heritagebankofcommerce.bank/fraud-awareness.

Download PDF

Related Posts

Recent Posts

Categories