How to Defend Your Business from Payment Fraud Scams

Author: Denise Owens, Senior Vice President, Fraud Manager 04/07/2021

If you own a business, you most likely spend a lot of time making sure your organization runs efficiently. Unfortunately, scammers are just around the corner, waiting to take advantage of you, your hard-earned money, and your employees. That’s why it’s important to know the signs of a payment fraud scam and how to defend your business from one.

Document critical banking processes and approval steps

To lower your business’ chances of getting scammed, make sure to document all internal processes in your company. This includes a separation of duties, so that one person doesn’t have sole control over the lifespan of a transaction. If you have the authority to send a payment, you are not the same person who approves the payment.

With that separation of duties, make sure your employees are not sharing IDs or passwords related to any financial matters.

Everyone’s ID and password should be independent to them. If a business has multiple people making multiple transactions, and employees are sharing the same username and password, it becomes very difficult to see who completed the transaction if an issue arises.

Take inventory of check supply regularly

Your check supply also can be a target for scammers. Any unused check stock needs to be secured in a locked area and inventoried on a regular basis. Businesses often get comfortable and leave check stock in an unsecured area, making it an easy target for someone visiting, or even someone in your business, to steal part of it. Many times, fraudsters steal checks right out of the middle of the check pile, so it’s not as obvious. A business owner may not even notice the check missing until weeks later.

Pay vendors by ACH credits rather than allowing ACH debits to your account

You should be the originator of the ACH through your online banking, instead of providing your information to a vendor to have them debit you. This practice is much safer for your business. When you sign the ACH debit authority for a merchant, you don’t have control of their security processes. When you are managing your own account, and you’re sending those ACHs, you have more control over your business and its security.

Verify new supplier entries to protect accounts payable

It’s common for accounts payable departments to initiate a new vendor without issuing a verification. The problem? You could be verifying false information, otherwise known as, a ghost company. For example, you may have a particular vendor that you pay every month for supplies. You receive an email from someone in your company that says you have a new vendor and you need to pay an invoice. The accounts payable department pays the invoice without doing any verification. This is risky business. You are assuming that this is a legitimate vendor, when in reality, it could be a scammer.

Anytime your business receives a new vendor, an independent review should be done to verify the business and its account information. This should be done prior to issuing any payments. And never take an email at face value. Emails are not 100 percent secure. Scammers are using emails more than ever to commit fraud, by getting companies to send funds based on fraudulent information. Companies lose billions of dollars a year to this type of payment fraud.

Use a single, dedicated computer for critical online banking functions

Using one computer strictly for business and online banking functions will make it easier to protect your company from scammers. If you receive a compromised email, or you click on a link that has a virus or malware, it is easier to control if it is downloaded to one individual computer instead of that whole network.

Most people choose not to do this, thinking they’re safe. But even reputable websites can still put you at risk for malware that’s been downloaded to those sites. That malware can then be transferred to your computer, opening your business up to possible fraud. Businesses should regularly have their anti-virus and malware detection software updated and protected on their computer with the latest version.

Maintain constant vigilance

If you’ve read this far, you’ve noticed a common theme. Maintaining constant vigilance in a business is key to lowering your risk of fraud scams. It’s human nature to want to trust what you receive from those you know, but it’s important to question even those in your company. Email is risky, whether it’s from a stranger or your coworker. Don’t click on a link that you aren’t expecting. You should verify with the sender, not through email, prior to opening. Be diligent and verify any emails that are not expected. If you put in place these best practices, you are on your way to defending your business from payment fraud scams.

For additional current fraud resources, visit https://www.plainscapital.com/fraud-resource-center/.

Want More Information?

Complete the form below to start banking with confidence and momentum.

    Leaving PlainsCapital Bank Website
    PlainsCapital Bank does not control the following website and their privacy policies may differ from those of the Bank. PlainsCapital Bank is not responsible for the content nor transactions carried out on the following website.
    Thank you for visiting the PlainsCapital Bank website.
    For best viewing experience, we recommend using Chrome, Firefox, Safari, or Microsoft Edge.