As we enter a post-pandemic marketplace, the way companies conduct business has changed forever.
With a much greater emphasis on digital banking and transactions, plus an increased exchange of sensitive data in potentially unsecured environments thanks to remote and hybrid work, it's no wonder there has been a rise in fraud over the last two years.
For example, according to the February 2022 LexisNexis Risk Solutions Study, small- to mid-sized business lending fraud increased 6.9% since 2020. And considering that even consumers reported 70% more fraud in 2021 than in the previous year, according to a recent Federal Trade Commission study, it's safe to say that fraudsters are feeling empowered, putting both consumers and businesses at continued risk.
As companies continue to adapt to remote work processes and systems, it's more important than ever to emphasize best practices. Even the smallest lapses in security protocols, like clicking on a fraudulent link in a suspicious email or agreeing to wire money to an unverified person claiming to be a legitimate vendor, can wreak havoc.
Here's what you need to know to safeguard your business from fraudsters.
Beware of Business Email Compromise
According to the 2021 AFP Payments Fraud and Control Survey, 76% of respondents said that their companies had been targeted by BEC (business email compromise) attempts in 2020.
These fraudulent emails are intended to get the recipient to click a link, which then downloads malware onto his or her computer. Phishing can lead to serious consequences for your organization, especially if sensitive data becomes compromised.
In the worst cases, your company might be victimized by a sophisticated phishing email that implants malicious software, or "ransomware," onto your company network. This can compromise sensitive business information or confidential client data. Other fraudsters might attempt an account takeover, where they hack into your associate's email and use an associate's credentials to authorize fraudulent payments.
Preventing business email compromise starts with training your associates to be vigilant and watch out for suspicious-looking emails. Phishing schemes have gotten more sophisticated in recent years, and the fraudulent emails might look surprisingly "official." They might even have authentic-looking logos from public health organizations.
“It's important to revisit your business' training and protocols for fraud prevention and information security. Just like we should stay up to date on the latest scams that are targeting people in our everyday lives as consumers, we need to educate our associates and help everyone stay vigilant about suspicious emails that arrive in our work email in-boxes.”
Donna Kasmiersky
Director of Treasury Management Services for First Horizon Bank
Keep an Eye Out for Vendor Impersonation
Some fraudsters trick businesses out of their money by claiming to be legitimate vendors. These fraud schemes might contact your business by email or by phone, claiming they are one of your existing vendors and they recently got a new bank account. If you're not careful, you might be sending money to a fraudster.
"It's crucial for businesses to put good processes in place to verify vendors and payment requests via multiple means of contact," says Kasmiersky.
This is also a good occasion to take another look at your company's internal controls for processing payments. Do you have dual custody in place so that more than one person on more than one device can review and confirm payments before they go out? Do you have daily account reconciliation to help prevent or detect fraud?
"Internal controls are an important step to make sure your company is protected against fraudulent payments or vendor impersonation, but your bank can help you with another level of security," says Kasmiersky. "First Horizon offers a variety of solutions and services that can serve as an extra line of defense against suspicious transactions."
In the current landscape, supply chain disruptions and product shortages may be providing fraudsters with new opportunities to scam businesses. They could potentially ask for advanced payment to secure a shipment, when in reality, those products will never arrive.
"Businesses should exercise caution when issuing advance payment to new vendors if they don't already have a working relationship," advises Kasmiersky. "Ask to take delivery of the goods before remitting payment, or work with your bank to set up an escrow account that releases payment after the promised items are received."
Fraud Prevention Tools:
Check Fraud
How to Curb Check Fraud: The Ultimate "Bad Check"
Some more conventional forms of fraud, such as check fraud, are still a persistent threat that your business should be aware of and work to prevent. Though check fraud declined from 2020 to 2021, it is still the payment method that is most impacted by fraud activity (66%), as per the AFB study.
In order to commit fraud with forged checks, fraudsters only need to know your business' checking account number and ABA number (the bank's nine-digit routing number). From there, they can print fraudulent checks and start writing checks from your business to themselves.
In addition, criminals might also get their hands on an actual check from your business – such as a legitimate check that was sent to a payee. The criminal might replicate that check amount, along with your business checking account number and ABA number, onto a fraudulent check made out to a different (fraudulent) payee.
How to stop check fraud? Ask your banker about "positive pay" services for your checking account. This is an extra level of security to flag suspicious checks before they're paid by the bank.
"At First Horizon, we have a service called Check Positive Pay, where the client gives us a file of checks issued that includes three or four data points for each check, such as account number, check number, and amount of the check," says Dana Moore, head of Treasury Sales for First Horizon Bank. "If one or more of the data points do not match, we send our client a daily email identifying exceptions for them to decision online. It's an added layer of review and protection."
ACH Fraud
Stop ACH Fraud Before It Happens
Many small businesses pay bills via ACH (Automated Clearing House), a national network for electronic payments that provides a faster way to process financial transactions. And while ACH is one of the lowest-risk payment methods, this convenience can come with a caveat: Should you experience a fraudulent ACH transaction, businesses have only two days to notify their bank, compared to 60 days for consumers.
In order to perpetrate ACH fraud, criminals typically set up their own shell bank account, and then use a legitimate business' checking account number and ABA number to steal money via ACH transfers.
"Some fraudsters will ping an account via ACH by making a small deposit, say 50 cents, and an immediate debit of the same amount. That allows them to make sure the ABA and checking account numbers are valid and they know they have a good account to attack," says Moore. "Then they will come back and do a $1,000 or $5,000 ACH transaction – simply taking your business' money right out of your account. By the time it gets noticed, the money is often long gone. It's very hard to recover the money in these situations."
To prevent ACH fraud, your business needs to work with your bank to set up controls to ensure that only authorized individuals and/or businesses initiate ACH transactions against your accounts.
"We call this service ACH Positive Pay, and for each new ACH transaction, our system reviews the transaction and compares it against your predefined parameters," Moore explains. "If, for example, the individual/business is not authorized for ACH, or the amount exceeds the authorized level, the transaction is sent to the client for decisioning before it can go forward."
Steer Clear of Wire Transfer Fraud, an Underrated Risk
Wire transfers are a less common type of transaction for most U.S. businesses, but the risk of wire transfer fraud is actually greater – in fact, it represented 39% of payment fraud in 2021. Because wire transfers happen faster – the money moves to the other bank in about one hour – fraudulent wire transfers can be especially difficult to recover.
"Talk with your bank about setting up a wire transfer agreement," says Moore. "This will give you a set of controls and procedures for initiating wire transfers so that your bank will not process a suspicious wire transfer."
For example, if your company president's email account gets hacked, a fraudster could use that email address to request a fraudulent wire transfer, Moore explains. "Many banks are hesitant to send wire transfers that are requested via phone or email; you can specify how wire transfers will be initiated in the agreement."
The bottom line? With business account fraud becoming more prevalent during COVID-19, it has emboldened criminals to look for new ways to infiltrate your business as we move into a post-pandemic reality. The good news is there are simple controls and procedures that your bank can help set up to protect your company.
Talk to a First Horizon banker to explore preventative options that can guard against fraudulent attacks against your company's bank accounts. Peace of mind is knowing you are doing all you can to keep your business and associates safe during COVID-19 and into the future.