Banking fraud is an ever-present issue for businesses large and small. While major breaches at multinational companies tend to attract the most attention, the fact remains that all businesses are vulnerable to fraud.
As a small-business owner, you have invested plenty of money, effort and time into your company. Your hard work has helped your venture grow into what it is today. Banking fraud can quickly put your business into a difficult financial position and, in some cases, even harm its reputation. Consider these common examples of banking scams as well as practical guidance for small-business fraud prevention.
External threats
Scammers, fraudsters and similar types of criminals have certain routines that can allow them some form of access to your bank accounts if you aren’t aware of the potential threat. While these schemes are sometimes successful, understanding how they’re arranged and executed can put your business in a more sound position to identify and avoid them.
Phishing
No matter the specifics, a phishing scam relies on two key factors:
- A method of electronic communication, such as email or text messaging.
- An effort by the scammer to appear as someone they are not, specifically a trusted party or institution with which your business has an existing relationship.
By posing as an employee of a financial institution, credit card company or similar entity, the fraudster will attempt to convince you or one of your workers to divulge sensitive information. After first establishing a pretext for the conversation, they may request credit card information that could allow them to make purchases through card-not-present transactions. They could ask for the username and password to your online bank accounts and then drain or use those funds for a variety of reasons.
How can you target your small-business fraud prevention efforts toward phishing? There are some practical steps that can help you and your staff recognize and prevent these scams:
- Email spam filters can cut down on, although not eliminate, the number of phishing attempts that reach your inbox.
- Web browser alerts can help identify and make users aware of illegitimate websites linked to in phishing scams.
- Training about scams can help raise awareness among employees and discourage the disclosure of sensitive information.
The Federal Trade Commission (FTC) offers an in-depth guide on the topic of training. A few key points to keep in mind:
- Set hard rules to never request sensitive information internally via email, which reinforces the general concept of never sharing details that could breach a company’s finances.
- Require employees to verify that a vendor, supplier, partner or financial institution has actually requested the sensitive information, such as by calling the customer service number shared through official channels.
- Regularly remind employees that scammers use pressure tactics to attempt to access information before giving employees time to think. Make it clear that they should never act before verifying that the information is actually needed by the organization in question and discussing any potential action with you or a manager.
Similar scams
While not meeting the definition of phishing, there are several similar scams that fraudsters may use. These include sending invoices for products or services your company never ordered, sending unordered products and then demanding payment and tech support fraud. The advice for employees above remains applicable: Do not fall victim to pressure tactics, do not pay or provide information without verification, and discuss any action with you or a supervisor before proceeding.
Internal threats
The vast majority of employees likely won’t cause problems for your business. However, only one bad actor is required to cause significant financial issues. Identifying internal threats and closing avenues that allow employees to take advantage of them can go a long way toward effective small-business fraud prevention.
In most cases, both in the examples below and other types of fraud, there are a few overarching best practices to consider:
- Giving any one employee complete control over an entire bookkeeping or transactional process can lead to a lack of visibility. Use software that maintains relevant records and divide the responsibilities for sensitive processes to provide more transparency.
- Use an independent auditor to review your finances and identify potential concerns.
- Regularly review your bank and credit card statements for suspicious activity.
Common types of internal fraud include:
Payroll fraud
An unscrupulous employee may choose to state that they worked non-existent hours in a given pay period to boost their income. This is a relatively simple scam, but can be hard to detect based on the payroll system used by your business.
To prevent this problem from occurring, you could set aside time to occasionally review payroll and hourly work records. You can also set standards for reviewing and verifying payroll information, whether you handle payroll yourself or put it in the hands of an accounting or HR professional. Splitting up these duties can prevent one person from having too much control and provide another set of eyes for review and verification.
Physical currency theft
A business that doesn’t carefully track incoming and outgoing cash can be vulnerable to an employee skimming money from a register or a deposit envelope before it can be collected or dropped off.
Careful accounting and review, by yourself and staff members you trust, can help identify instances where currency is stolen by an employee. A system for independently verifying cash in and cash out on the level of each individual register can also provide the data necessary to identify instances of theft.
Your partner for secure banking
Comerica Bank offers modern, secure and reliable banking options for small businesses just like yours. You can easily manage your day-to-day financial activity online, review statements and much more, helping you become more informed as you work to establish effective small-business fraud prevention tactics. Find out more by getting in touch with our team today.
