Can your company protect itself from financial fraud and theft? It’s a question on the minds of many founders and executives as incidents become more high-profile, the risks multiply and losses grow. Payment fraud attempts struck 73 percent of companies surveyed by the Association of Financial Professionals in 2015, up from 62 percent the year before. In the United States, the median loss caused by fraud was $145,000 per incident, with 22 percent involving a loss of $1 million or more. And once the money’s gone, it’s rarely recovered.
At SVB, we are committed to helping our clients protect their funds. To start, companies should be aware of their primary areas of risk and what preventive solutions are available. Without knowing the fundamentals, you could miss properly identifying the risks and recognizing fraudsters when they strike.
- Employ the right prevention tools. For most companies, this means, at minimum, maintaining regular security updates on your workstations and using anti-malware tools. For your employees who use SVB Online Banking, we recommend that you use IBM Security Trusteer Rapport® to assist in protecting your online banking sessions from common fraud methods like man in the middle attacks, financial malware infections and phishing attacks. Stop unauthorized entry and transactions by also using out of band authentication when you log in and perform high-risk administrative or financial tasks.
- Secure your payments process. Paper checks are still the dominant form of B2B payments, and because they can be tampered with, they are the top source — 71 percent — of reported fraud attempts. If your business writes checks, you should use a positive pay service to help protect your paper checks from theft, manipulation and reproduction. With positive pay you have peace of mind that only the checks you write are paid. Also, consider outsourcing your check payment process to your bank or a bill-pay provider to move a time-consuming task out of your office and eliminate the opportunity for an employee to tamper with the checks.
- Maintain strict controls throughout your organization. Controls form the backbone of a secure payments process and lower your risk of fraud and stolen funds through common fraud scenarios like business email compromise.
- Ensure user permissions are audited frequently and kept up to date. Are you providing discrete rights and access relevant to employee roles or deleting access when users depart your company or change jobs within the company?
- Enable dual approvers and dual administration to ensure important payment and administrative decisions are double-checked. These security controls require that payments processing and user administration or modifications be approved by a second online banking user or administrator.
- Enable immediate detection of fraudulent and unauthorized activity. Time matters in the event of fraud. Two best practices are performing daily account reviews and enabling transaction and security alerts. Alerts can typically be set for balance changes, incoming/outgoing wire postings, and changes to user permissions, in addition to other activity.
It’s regrettable how often treasury products and online services are seen as a magical substitute for a lack of secure business practices and human processes. The full range of treasury technologies can give you the ability to protect your business in many ways, but they seldom can take the place well-devised processes and protocols. Consider the following in order to develop and strengthen your culture of fraud prevention:
- Establish clear, segregated responsibilities. Every employee should have a well-defined role in the accounting and treasury process. Mandating your employees follow established practices minimizes the risk that your company loses funds due to one of the many permutations of accounts payable fraud. This includes having segregation of duties throughout the lifespan of a single transaction to ensure that no single person is in a position to both commit and conceal fraud or errors.
- Offer formal and recurring anti-fraud training. Provide meaningful “how-to” training to managers and staff so that they learn not only what can go wrong, but exactly how to recognize potential problems in the records they see every day. Good training should go beyond general awareness sessions to include education in fraud prevention and detection skills. Refresher classes and updates that cover emerging, technology-based threats should also be part of your program. Informed employees are your best line of defense. Teach them exactly what they need to know.
- Cultivate a culture that encourages reporting of suspicious activity. Individuals who are closest to day-to-day processes have the best visibility into gaps in your defense or actual fraud attempts. Give them the confidence to speak up and report what doesn’t look right. This is especially important in protecting against imposter fraud. Questioning a so-called “urgent and confidential” email wire request from someone purporting to be your CFO may save your company from sending thousands out the door to a fraudster.
- Develop a fraud response plan. Proper planning also takes into consideration what to do in case fraud does happen in your company. We encourage our clients to create a comprehensive fraud response plan that directs how the company will take action on suspected fraud and report it to the proper authorities. Don’t wait until it happens to consider how you would respond — contingency planning is an integral part of managing all business risk.
With these fundamentals in mind, consider how well your company is protected. Every company should compare the protections you have in place against the reasonable risks to minimize fraud and loss in their organization.
Contact your Silicon Valley Bank Relationship Manager or Global Treasury and Payments Advisor to start a conversation about fraud prevention. Visit the Fraud Prevention Center for additional information and suggested best practices for protecting your company.
Services may have monthly, per item, or per transaction costs. Contact your SVB representative for more information.
This material is provided for informational purposes only. The conclusions expressed are based upon limited information available to Silicon Valley Bank regarding your company's fraud detection and prevention programs, and should not be seen as a substitute for obtaining your own independent assessment of such programs. The security of your operating system and your procedures for conducting banking transactions with us remains your responsibility. Silicon Valley Bank is not responsible for any cost, claim or loss associated with your use of this material.