Most everyone knows that an ounce of prevention is worth a pound of cure. This adage is certainly true when combating banking fraud. Prevention is especially important when dealing with a type of fraud known as “corporate account takeover.” Ignore prevention and your ministry could end up dealing with financial loss, negative publicity, and recovery efforts that divert time from kingdom work.
Corporate account takeover occurs when cyber criminals gain control of an organization’s bank account. This commonly happens when malicious software (malware) infects the organization’s computers. This malware is often delivered through very legitimate looking emails with infected links or attachments. Once embedded in a computer, this malware captures personal information and log-on credentials to online banking applications, allowing fraudsters to electronically pilfer money from the unsuspecting organization. It is because of threats like this that ECCU incorporated state-of-the-art security into its new online banking system.
When the Association for Financial Professionals (AFP) conducted a survey in 2010, 14 percent of the respondents had experienced corporate account takeover fraud. While only 2 percent suffered a financial loss, the time wasted to investigate and restore security diverted those organizations from the work they are called to do.
To prevent this kind of fraud, NACHA – The Electronic Payments Association, recommends the following steps:
- Require dual control for ACH and wire transfer payments. This means that if one person authorizes creation of a payment file, a second person must authorize release of that file.
- Ensure that all antivirus and security software and hardware for all computers (including laptops) used for online banking and payments are up-to-date.
- Require that any computers used for online banking and payments are dedicated solely to those activities. This means they are not used for web browsing or social networking and are not connected to an internal network.
- Monitor and reconcile accounts daily so you can spot fraudulent activity in time to take action.
- Utilize routine and “red-flag” reporting (i.e., alerts about unusual activity) for transactions.
If your ministry’s bank account falls victim to corporate account takeover, contact your financial institution immediately so they can:
- Disable online access to accounts
- Change online banking passwords
- Open new account(s) as appropriate
Your financial institution should also review all recent transactions and any authorizations on file. Anything suspicious should be cancelled immediately.
What steps has your ministry taken to prevent fraud like corporate account takeover?