What Every Business Owner Should Know About Fraud Protection
According to a survey conducted by the Small Business Administration, 88% of small business owners worry about cyberattacks on their businesses.
Fraudsters specifically target companies that move large amounts of money. That’s why at SouthState, protecting our customers is always our top priority. Please review the best practices below to help protect your business against cybercrime and payments fraud.
Verify All New CustomersWhen onboarding new customers, be sure to verify all information including business ownership, commercial or business bank accounts and expected transaction volumes. Pay special attention to how the new customer opportunity originated, especially if it came via online channels or non-traditional referral sources. We recommended these steps to better know your customer: visit the customer’s business offices, request two years financials and tax returns, reports from all three major credit bureaus on the owner, three months of bank statements, previous payroll reports and transaction history, Google and social network searches on principal owners, and a copy of each owner’s driver’s license.
Verbally Confirm Significant Changes for Existing CustomersWhen a customer adds new or changes existing payment instructions, a call back to a trusted phone number (and not the one provided simultaneously with the request) to confirm the validity of the change is a best practice. Be very cautious of email addresses included with the payment instructions or documents attached to an email with changes to the payment instructions and do not rely on email validations for payment instructions because even valid email accounts can be compromised by fraudsters.
Monitor Transaction ActivityAfter customers are onboarded, periodically monitor their account activity, and verify funding account change requests to ensure transactions are conducted in accordance with your expectations and risk tolerance. Verify that transactions are performed by an authorized company representative and escalate any unusual requests within your organization.
Be on the lookout for warning signs for potential fraud which may include change requests with an out of office story or urgent need, payment transactions entered as whole dollar amounts (without an appropriate reason for doing so), pre-paid cards used as the sole distribution method (16-digit account number and prepaid card’s routing/transit numbers), all 1099’s with an urgent request, new clients with a sudden increase in activity, multiple payments going to the same account number, client refuses to verify call back details, abrupt changes to the normal pay cycle, and a mismatch in location of client and IP address.
Review Emails Very CarefullyAs you receive emails from outside of your company, be extremely cautious with the ones you open, especially those that relate to payments or account activity. It’s always a safe choice to verify the sender’s email address, since fraudsters will create lookalike emails to deceive you into trusting the source of the email. Ensure front line employees have a current client contact list and verify any payments requests or funding account changes via phone and not by email. Always call the authorized representative on your contact list. Other suspicious email warning signs include spelling errors in emails, urgent requests via email, and the contact phone number missing from the email signature or does not match your contact list.
Secure IT InfrastructureInvesting in a strong firewall and anti-virus software will go a long way in protecting your business. Be sure to back-up the operating system on a regular basis so you can continue to operate in the event of a cyberattack. Additionally, there are third- party identity verification/transaction anomaly software tools available to payments companies to help identify and manage the risks associated with high volume transaction activity.
Educate Your StaffYou depend on your staff to help keep your business operations moving smoothly. This also includes protecting company information. Be sure to provide training sessions on basic security features and prevention tactics. Another idea is to implement policies to help guide employees on the proper use and handling of confidential company information and how to identify and report potential suspicious activity
Escalate Any Unusual ActivityIf something doesn’t look quite right, such as an item, transaction, or situation, contact your banker immediately. We will gladly review the information and provide guidance about the situation.
Cybercrime and transaction fraud can have a significant impact on your business and employees. To learn more about how to protect your business from fraud and scams, visit our website.