Cybersecurity and Fraud Protection
How smaller companies can fight fraud with limited resources
Small and midsize companies are just as vulnerable to schemes like business email compromise, wire fraud and insider payments fraud.
It’s easy to feel a false sense of security in a company where everyone knows each other. Why would fraudsters steal from your small business when there are much bigger fish in the sea? And how could Amanda from accounting pose an insider threat when your kids play on the same youth baseball team?
The truth is, fraud in business doesn’t discriminate based on company size. Small and midsize companies are just as vulnerable to schemes like business email compromise, wire fraud or insider payments fraud. It’s important to learn how to prevent fraud with a few proactive measures.
Best practices to help protect your business
Switching to digital payments solutions and fraud prevention services like Chase Connect® with Cashflow360SM can help enable faster detection of attempted fraud and offer better protection against future threats. But it’s also very important to implement strong internal controls and best practices. Here are a few ways to get started:
Assess risk
- Educate your employees about different types of payments fraud
- Prioritize your organization’s fraud risks
- Identify accounts most susceptible to fraud and reduce the opportunity for theft
Establish controls
- Establish documentation requirements to support a request for a payment
- Utilize dual controls and separation of duties to ensure oversight of all transactions and changes in vendor information
- Perform callbacks to a vendor’s number in your system of record before processing all nonstandard requests for payments, or changes in payment instructions or contact information
- Identify unusual behavior through key transaction reports
- Use fraud protection services to help minimize risk
Test controls
- Perform regular fraud prevention trainings to ensure controls are being used properly
- Identify areas of weakness by conducting mock phishing emails or business email compromise tests
Learning about business fraud, the hard way
Let’s take a look at one household goods importer with around 25 employees that fell victim to fraud. The actions it took after insider fraud demonstrate to other companies with limited resources how they can combine online banking products with strong internal controls to better detect and protect against future losses.
You think you know somebody…
When the longtime president of this household goods company retired, the new leadership team began auditing financial records to identify changes or updates it could make. What they found instead was evidence that their bookkeeper, working there for more than a decade, was using the corporate credit card for personal expenses and writing checks to herself.
The leadership team uncovered around $100,000 in fraudulent transactions going back two years. Since the company was using paper statements and checks, the investigation process took a long time. The situation revealed the need for a few essential safeguards:
- Multitouch approval controls mean that no one person—such as a bookkeeper—can process a transaction on their own without another set of eyes reviewing transactions.
- Regular reviews of expense claims by leadership can validate the authenticity of transactions and catch fraud sooner.
Learning from a loss
Working with their Commercial Banking team, the household goods company began reevaluating its payments strategy.
First, it migrated all its accounts into Chase Connect® with Cashflow360SM. These digital banking platforms helped expedite processes such as check-writing and took much of the time-consuming workflow out of the hands of the small finance team.
Beyond simplifying the treasury management services, JPMorgan Chase provided the company additional tools to improve payment approval controls.
- The company’s new management team expanded risk controls by requiring two separate individuals—including one from the management team—to digitally initiate and approve transactions.
- By automating reconciliation processes, the company made sure it could quickly account for and record funds accurately. If it suspected something was awry in the future, it likely wouldn’t have to manually sift through years of paper records.
Here to help
We work tirelessly to offer tools and resources that mitigate risks to your finances, data and operations. Connect with your CB relationship team to schedule a session with fraud experts who can help you assess risk, implement controls and build a stronger culture of awareness.
- Fraud happens at organizations of all sizes, and prevention requires training, testing and proactive controls.
- Fraud Protection tools like Chase Connect® reduce the manual workflow involved with payments and help with controls, so that fraud and abuse are less likely to go unnoticed.