Cybersecurity and Fraud Protection
How Smaller Companies Can Fight Fraud with Limited Resources
Fraudsters don’t discriminate based the size of a business—take the example of one small business that fell victim to an insider payments fraud and apply the lessons learned to your own organization.
It’s easy to feel a false sense of security in a company where everyone knows each other by name. After all, why would fraudsters try to steal from your small business when there are much bigger fish in the sea? And how could Katherine from accounting pose a potential insider threat when your kids play on the same Little League team?
The truth is, fraud doesn’t discriminate based on size. Small and midsized companies are also vulnerable to schemes like business email compromise, wire fraud and insider payments fraud. One household goods importer with around 25 employees learned this the hard way. The actions it took after falling victim to insider fraud demonstrate how other companies with limited resources can combine online banking products with strong internal controls to better detect and protect against future losses.
You Think You Know Somebody …
When the longtime president of this household goods company retired, the new leadership team began auditing financial records to identify changes or updates they could make. What they found instead was evidence that their bookkeeper, who had been working there for more than a decade, was using the corporate card for personal expenses and writing checks to herself.
The leadership team uncovered around $100,000 in fraudulent transactions going back two years. Since the company had been using paper statements and checks, this investigation process took a long time. It highlighted the need for multitouch approval controls so no one person—such as a bookkeeper—could process a transaction alone. Additionally, it revealed the need for leadership to conduct regular reviews of expense claims to validate authenticity.
Learning from a Loss
Working with their Commercial Banking team, the household goods company began reevaluating their old payments strategy. First, they moved all their accounts over to Chase Connect® with Cashflow360SM. Migrating to these digital banking platforms helped expedite processes, such as check-writing, and took much of the time-consuming workflow out of the hands of the small finance team.
In addition to simplifying their treasury management services, JPMorgan Chase provided the company tools to improve its payment approval controls. The new management team expanded their risk controls by requiring two separate individuals (including one from the management team) to digitally initiate and approve transactions. Finally, by automating their reconciliation processes, the company made sure they could quickly account for and record funds accurately. If they suspected something was awry in the future, they wouldn’t have to manually pore through years of paper records again.
Best Practices to Help Protect Your Organization
Switching to digital payments solutions and using fraud protection services—as the household goods company demonstrated—can help enable faster detection of attempted fraud and better protection against future threats. But it’s also very important to implement strong internal controls and best practices. Here are a few ways to get started:
- Educate your employees about different types of payments fraud
- Prioritize your organization’s fraud risks
- Identify accounts most susceptible to fraud and reduce the opportunity for theft
- Establish documentation requirements to support a request for a payment
- Utilize dual controls and separation of duties to ensure oversight of all transactions and changes in vendor information
- Perform callbacks to a vendor’s number in your system of record before processing on all nonstandard requests for payments or changes in payment instructions or contact information
- Identify unusual behavior through key transaction reports
- Use fraud protection services to help minimize risk
- Perform regular fraud prevention trainings to ensure controls are being used properly
- Identify areas of weakness by conducting mock phishing emails or business email compromise tests