By Kyle Myhre, Wisconsin Bank & Trust
When comes to the world of banking, most understand that you need money, you go to the bank. Lending is still a major necessity to business. If you use debt to start cash flow cycle and have no debt at the end with money left over, you are in business. Lending will always be a part of how banks will help business, small or large.
Fairly recently though, focus on protecting and management of funds has been a major focus for banking with their clients. With electronic payments, merchant services, and transactions performed sight unseen, financial information is being passed every second of everyday with most of the time not blinking an eye. How are we as a bank protecting them?
What business owners, managers, treasurers, etc… fail to realize is that on personal accounts, you have roughly 90 days to dispute any ACH transactions without loss to client, but on business accounts, it is 24 hours.
Experts on fraud estimate the typical organization loses 5% of its yearly revenues to various types of fraud. If 5% sounds high to you, then consider yourself fortunate — but never make the mistake of presuming your business is immune.
Many business owners fail to realize how devastating fraud can be, both in lost revenues and related fallout such as reputation, damage, and recovery costs. The estimate of 5% average yearly losses due to fraud comes from survey responses gathered in a 2016 report issued by the Association of Certified Fraud Examiners (AFCE).
Consider, too, this conclusion from the 2016 AFCE study: “Small organizations had a significantly lower implementation rate of anti-fraud controls than large organizations. This gap in fraud prevention and detection coverage leaves small organizations extremely susceptible to frauds that can cause significant damage to their limited resources.”
You can’t prevent fraud attempts, but you can reduce the risk. In this case “an ounce of prevention is worth a pound of cure,” because dealing with fraud after the fact is often fruitless. Even if the perpetrator is caught, you may never get your money back.
Smaller businesses may not be able to afford sophisticated fraud-detection systems, but the good news is that basic anti-fraud controls can significantly reduce their vulnerability. From our vantage point as bankers, here are some important ways you can protect your business.
Protecting against employee fraud
- Implement “dual controls” for all payment methods and segregate employee duties.
- Ensure employees log out of online banking sessions related to the business when not in use.
- Never store sensitive information on portable devices.
- Be sure that corporate controllers aren’t compensated based on the financial results of the business.
Protecting against check fraud — still the most common type of fraud
- Purchase check stock from known vendors that include built-in security features.
- Store checks, deposit slips, and statements securely.
- Establish a policy for employee check orders and reorders.
- Reconcile accounts daily using online banking.
- Move to ACH (Automated Clearing House) for payroll, billing, and vendor payments.
Protecting against electronic payments fraud — avoid malware and phishing
- Dedicate separate computers for internet browsing and online banking access.
- On computers used for banking, block plugins and pop-ups.
- Keep your software up to date.
- Change employee passwords frequently.
- Use Positive Pay (an electronic system for comparing cleared items with a file of known issues) and ACH debit filters and blocks to identify suspicious transactions.
- And — same as in preventing check fraud — reconcile your accounts daily online.
More generally, establish robust policies and procedures that govern your entire payments process — including prompt reporting of any suspicious transactions. It’s important to identify suspicious activity quickly; many bank account agreements include time limits on fraud reporting.
To help keep your business safe, work with your financial institution’s treasury management department to ensure appropriate fraud-prevention methods are in place.
Also, work with your bankers and insurance providers to explore whether a cyber insurance policy, which protects against electronic fraud damages, is a fit for your business. While these policies represent an additional cost, we have personally seen their value in recouping losses after fraud.
Ask an experienced banker about his or her exposure to fraud cases over the year. What you hear may scare you — and that’s a good thing. By understanding the all too real risks to your business, you can help prevent the “typical” average losses of 5% of annual revenues to fraud.