ECCU Blog

by Susan Rushing

Most everyone knows that an ounce of prevention is worth a pound of cure. This adage is certainly true when combating banking fraud. Prevention is especially important when dealing with a type of fraud known as “corporate account takeover.” Ignore prevention and your ministry could end up dealing with financial loss, negative publicity, and recovery efforts that divert time from kingdom work.

Corporate account takeover occurs when cyber criminals gain control of an organization’s bank account. This commonly happens when malicious software (malware) infects the organization’s computers. This malware is often delivered through very legitimate looking emails with infected links or attachments. Once embedded in a computer, this malware captures personal information and log-on credentials to online banking applications, allowing fraudsters to electronically pilfer money from the unsuspecting organization. It is because of threats like this that ECCU incorporated state-of-the-art security into its new online banking system.

When the Association for Financial Professionals (AFP) conducted a survey in 2010, 14 percent of the respondents had experienced corporate account takeover fraud. While only 2 percent suffered a financial loss, the time wasted to investigate and restore security diverted those organizations from the work they are called to do.

To prevent this kind of fraud, NACHA – The Electronic Payments Association, recommends the following steps:

  1. Require dual control for ACH and wire transfer payments. This means that if one person authorizes creation of a payment file, a second person must authorize release of that file.
  2. Ensure that all antivirus and security software and hardware for all computers (including laptops) used for online banking and payments are up-to-date.
  3. Require that any computers used for online banking and payments are dedicated solely to those activities. This means they are not used for web browsing or social networking and are not connected to an internal network.
  4. Monitor and reconcile accounts daily so you can spot fraudulent activity in time to take action.
  5. Utilize routine and “red-flag” reporting (i.e., alerts about unusual activity) for transactions.

If your ministry’s bank account falls victim to corporate account takeover, contact your financial institution immediately so they can:

  • Disable online access to accounts
  • Change online banking passwords
  • Open new account(s) as appropriate

Your financial institution should also review all recent transactions and any authorizations on file. Anything suspicious should be cancelled immediately.

What steps has your ministry taken to prevent fraud like corporate account takeover?

FacebookTwitterGoogle+Email
Comments are reviewed by an editor before appearing on the page.
See Blog Comment Policy
Trackback

1 comment

  1. John Boyes @ 2011-06-08 06:06

    I am a little surprised by the suggestion from NACHA that terminals used for banking be dedicated and not connected to an internal network. An internal network is the method used to deliver internet availability to almost all terminals in a normal business. We have six people enabled for banking transactions. If we were to use dedicated terminals we would need to either bring in six separate sources of internet service connected to each of six additional terminals or require each of these people come to one terminal to do all of their banking activity. This just doesn’t seem practical from a cost standpoint.

Leave a comment