Author: Vice President of Product Strategy Jason Hagan
Date: August, 2018
Protecting your business from fraud may not always be top of mind; however, the risk is always there. You may have some basic fraud protections in place, like anti-virus software or pre-employment screenings but is it enough to minimize the risk? U.S. businesses will lose an average of 5 percent of their gross revenues due to fraud, according to the ACFE 2018 Report to the Nations Global Study on Fraud and Abuse. The report also states private companies and small businesses are especially at risk in occupational fraud frequency compared to large corporations, government entities and non-profits, mainly due to a lack of internal controls.
Even though the statistics are scary and somewhat daunting, the good news is there are ways you can protect your business from the various types of fraud. I recommend following these five best practices.
1. Remain vigilant on the latest fraud techniques.
Fraudsters are always finding new ways to cause problems. It’s especially important to develop a fraud education program so best practices and company policies remain at the forefront. Assign this education program to someone in your organization who will stay up-to-date on the latest techniques. You can also hire outside firms for support if you’re lacking internal resources.
Remaining vigilant also means educating employees on fraud protection best practices, like never accepting an email as an authorization to initiate a financial transaction, updating passwords regularly and never clicking on suspicious emails. It’s important to conduct this education at least once a year so employees are aware of the latest best practices and company policies.
2. Maintain good security hygiene.
There are numerous ways to maintain good security hygiene at your organization. This includes simple things like never sharing passwords, having password requirements, logging off and clearing your cache when you’ve been banking online and using a stand-alone computer system for banking. I also recommend deploying security patches as soon as they’re available.
3. Implement and communicate strong internal controls.
It’s vital to not overlook internal fraud when executing a fraud protection strategy. When implementing internal controls, it’s important to have clear roles and responsibilities within your company to support accountability. When assigning these responsibilities, it’s smart to segregate duties and implement dual controls to reduce risk. For example, you should have different people responsible for approving payments, approving the release of a payment and reconciliation of a payment if possible. Another smart internal measure you can take is using separate accounts for different payment activities. This could mean you have separate accounts for high-value and low-value payments or electronic versus paper transactions. This will better help you monitor account activity. Additionally, you should have clear HR policies around employee onboarding and departures to ensure security isn’t at risk. This means having employment screenings during the hiring process and updating passwords once an employee leaves the company.
4. Trust but verify.
When protecting yourself from payment cycle fraud, verification cannot be overlooked. I recommend validating new payment instructions received via email (even if the email is internal). This can be done by simply giving your colleague a call to speak directly. This is especially important because fraudsters can replicate the profile of your team and take financial action on their behalf. If a vendor or client is requesting payment method changes via email, contact them first using a verified phone number. I also advise reviewing all payments before they are sent and ensuring all correspondence is validated and documented uniformly across the business. Reconciling your activity daily will also help you notice any discrepancies right away.
5. Leverage banking tools.
There are banking tools available that make reducing fraud risk less labor intensive. For internal controls support you can use dual approvals, alerts and templates. I also recommend using secure payment modes like automated clearing house payments (ACH), card payments, wire payments and integrated payables. By talking to your bank, you can learn more about different fraud protection tools that are available to safeguard your business. For example, First National Bank’s ACH Positive Pay solution allows you to pre-approve ACH transactions and receive notifications on the status of your accounts.
So many firms lose revenue each year due to fraud and as fraudsters get smarter, the risk increases, but that doesn’t mean fraud has to affect you. By enabling internal controls, staying up-to-date on the latest fraud techniques and using banking tools, you may protect your organization from becoming easy prey.
You can learn more business online safeguards from First National Bank of Omaha’s Security Center. Our Treasury Management team can also talk to you about fraud-protection solutions for your business.
About the Author
Jason Hagan leads Wholesale payments strategy and product development for First National Bank of Omaha. He joined the bank in 2013 to develop and implement the bank’s payments and partnership strategy. Jason also leads the Wholesale Bank Investment process.