Cybersecurity and payments fraud have become a reality of everyday business, no matter the size of your business or industry. Now is the time for companies to prioritize strategic fraud prevention in order to save money and mitigate an attack before it happens.
Know the common red flags
Fraudsters frequently research companies using public websites, press releases, social media and more to gather information and craft messaging that appears to be authentic. Be on the look-out for payment scams, especially requests that:
- Have a sense of urgency, a call for help or a need for confidentiality
- Add a new contact at a supplier or vendor representing the company
- Update a payment account, typically without a request for a phone contact
- Indicate a change to payment instructions or payment type (e.g. check to wire)
- Communicate a sudden change in business practice
Incorporate best practices with the help of your bank
To safeguard your company’s funds—and especially payments made by check or wire—I recommend working with your bank to set up:
- Positive pay to protect against check fraud
- ACH Blocks to stop unauthorized ACH transactions, and ACH Filters to allow only designated ACH transactions to post to the account. For reference, ACH transactions are a common form of electronic transfers, such as direct deposits, payroll and authorized insurance payments.
- Secure online wire transfers with dual controls from different computers, plus a token device or app for multi-factor authentication
- Predetermined wire transfer limits and email alerts for someone outside of your accounting or treasury area
- Annual relationship reviews with your treasury management officer to be sure your online access and users, account signers, email alerts and more are up-to-date
Educate your entire staff on cybersecurity
While it is common for treasury staff to discover payments fraud, the entire company has a role to play in prevention and detection. Trainings and resources to teach best practices are essential. Some companies even send out simulated email phishing attacks in order test their employees and keep cybersecurity top of mind. Anyone with an email may be subject to a phishing scam or payments fraud.
Cybersecurity and payments fraud can be overwhelming for businesses because fraudsters are always evolving their attack methods. To keep up with the pace of change, ongoing awareness, strategic preparation and a strong relationship with your bank are some of your best defenses.