What are some recent trends in bank fraud?
ACH fraud is huge in the industry now, and this is attributed to people stealing the log-in credentials of smaller businesses and altering ACH files, or creating new files.
Also, criminals are using legitimate business names to conduct these types of fraudulent transactions. The business has no idea and, therefore, its reputation and credit history are at stake. Imagine a business owner’s response upon discovering several bounced checks when, in fact, those checks were counterfeit and the business had no idea they existed.
A business can’t be too careful in monitoring checks and tracking bank accounts regularly.
What are some clues that fraud has occurred against a bank account?
First, the business will notice transactions that are not familiar. That’s the obvious sign.
Depending on how accounts are set up, the business might receive e-mails from the bank warning of suspicious activity, such as changing a user ID, or wiring money, or creating an ACH batch. Don’t assume that these notices are errors; these are huge red flags.
Investigate communications that the bank sends. Businesses should be proactive and set up alerts with their bank, and designate an individual to monitor messages.
What type of fraud protection do banks offer, and how can these tools help businesses?
Positive Pay is a system that confirms every check a business writes. The service matches each check for payment against a list of checks authorized and issued by the company. All components of the check must match; otherwise, the bank will issue a warning to the business. This service is also applicable to ACH.
Additionally, the use of RSA tokens adds another layer of security to the typical username and password. An RSA generates an authentication code at fixed intervals, usually every 30 to 60 seconds. The user uses the token, then keys in the code and gains access to the account.
Banks also offer multifactor authentication, as well as e-mail and text alerts. While single-factor authentication involves only a user ID and password, multifactor authentication also requires a physical token, such as a card. An ATM transaction is an example of multifactor authentication: Someone inserts a token (card) and enters a user ID and password.
The key is for businesses to communicate openly with their bank about available services and what companies can do internally to prevent bank fraud.
Protection can be as simple as remembering to renew antivirus software so no computer goes unprotected, or discussing IT security with a professional who can implement systems.
Keith Gottschalk is executive vice president of operations and IT at Old Second National Bank, Aurora, Ill. Reach him at (630) 966-2474 or [email protected].