Facing Fraud Today

Businesses lose billions of dollars to fraud schemes every year. Fraud not only affects your bottom line, but can also affect your reputation and credibility, and even put your customers at risk.

Review the most prevalent fraud schemes businesses face today and learn more about fraud prevention best practices for protecting your business, and the tools California Bank & Trust offers to help minimize your risk.

Accounts Receivable Fraud

Scheme

Employees with access to accounts can steal funds from customer payments—online or offline— then fraudulently alter records through fake discounting or write-offs, faulty balancing, and fraudulent debiting. A common accounts receivable fraud method is known as lapping. This is where employees continuously steal customer payments to cover previous customer payment thefts.

Strategies

  • Separate financial responsibilities and access rights to financial data among two or more employees
  • Be wary of employees who live beyond their means, refuse to take vacations or seem unusually close with a vendor or client

Tools

  • Lockbox

ACH Payments Fraud

Scheme

ACH payments fraud is one of the easiest ways criminals can access your accounts because all that's needed is a checking account number and bank routing number.

Strategies

  • Access online accounts and services only through one or a few computers that are dedicated to financial transactions to prevent malware downloads
  • Reconcile all accounts daily to monitor for any unauthorized ACH debits
  • Follow the precautions recommended in the Online Account Takeover section

Tools

  • IBM® Security Trusteer Rapport® Software
  • Positive Pay
  • Dual Control
  • Transaction Limits
  • RSA SecurID Physical and Electronic Tokens

 

Wire Fraud

Scheme

Wire fraud can be committed by employees and outsiders. Employees commit wire fraud by creating fake vendor accounts to pay themselves. Business Email Compromise (BEC) scams are among the top fraud threats to companies. In a typical BEC scam, a company will receive a fraudulent email or fax claiming to be a company executive or trading partner. The fraudulent communication requests that a time sensitive and confidential payment be sent immediately. It may also instruct an update to a payee’s bank account information with a different bank and/or account information.

Strategies

  • Adopt company policies so that any request for a wire transfer or change in wiring instructions—whether by phone or email—is verified by calling a known phone number.
  • Set wire transfer limits

Tools

  • IBM® Security Trusteer Rapport® Software
  • Dual Control
  • Transaction Limits
  • RSA SecurID Physical and Electronic Tokens

 

Credit Card Fraud

Scheme

Credit card theft is one of the most prevalent fraud methods. Criminals use increasingly advanced tactics to steal credit card numbers by setting up fake online stores or using phishing strategies to gain access to this information. They then quickly charge purchases to these cards or use them to secure a cash advance.

Strategies

  • Adopt company policies for use of your business credit cards that:
    • Assure that credit cards are only used to make purchases on trusted and secure websites
    • Set usage restrictions for transaction types and amounts
    • Prohibit sending credit card numbers through regular email, which is not secure and can be easily compromised
  • Set up Purchase Alerts and Mobile Card Fraud Alerts for all of your debit and credit cards
  • Review account activity frequently

Tools

  • EMV Chip Card Technology

 

Check Fraud

Scheme

Criminals steal checks from mailboxes and then use check washing methods to erase details from or produce their own fake checks. These checks are used to make purchases or withdraw funds.

Strategies

For protecting your own business checking account:

  • Pay bills online when possible
  • Mail checks directly from United States Postal Service mail boxes
  • Use a special check writing pen (available at most office supply stores) to help prevent check washing
  • Order checks with chemically-sensitive paper to deter alteration
  • Review your bank account often to verify checks have cleared

For protection against accepting fraudulent checks:

  • Train employees on the signs of a fraudulent check, including:
  • Missing address or check number
  • Mismatching fonts
  • Handwritten additions
  • Smooth edges without perforations
  • Stains or discolorations
  • Being wary of a low check number. Approximately 90 percent of bad checks are drawn from accounts that are less than a year old.

Tools

  • Lockbox
  • Positive Pay
  • Check Block
  • Remote Deposits
  • Outsourced Disbursement

 

Online Account Takeover

Scheme

Through online "phishing" attacks, installation of malicious software (or "malware"), and setting up phony websites that seem legitimate, criminals can steal login credentials to your online banking tools—and then transfer funds from your accounts.

Strategies

  • Maintain up-to-date computer security features, including operating systems, firewalls and antivirus software
  • Adopt company policies to ensure employees:
    • Delete unsolicited emails
    • Never download or install files from unknown sources
    • Never click on web ads or pop-ups
  • Always access the bank's website by typing the calbanktrust.com web address or using a bookmark, never by clicking links
  • Be sure the "s" appears in the web address at the top of your browser ("https://") when you visit the California Bank & Trust website
  • Restrict web usage on computers that are used to access online banking to prevent the installation of malware

Tools

  • IBM Security Trusteer Rapport Software
  • Dual Control
  • Transaction Limits
  • RSA SecurID Physical and Electronic Tokens

 

General Fraud Prevention

  • Educate employees about fraud risks and train them on prevention
  • Set strict password criteria
  • Review privacy policies routinely
  • Dispose of sensitive and unneeded client information securely
  • Notify us immediately if you suspect fraudulent account activity or if credentials are compromised online or due to stolen cards
  • Review your CB&T account and service agreements that include customer protections (e.g., Visa® Zero Liability program) and responsibilities. For example, under your Treasury Management Master Services Agreement, you are responsible for your Internal Security Controls and all instructions we receive with your Access Credentials even if not actually sent by you.