NBT Bank
Joseph Luciano, NBT Bank
Updated: October 17, 2023
How your business can avoid becoming a victim of check fraud
By Joseph Luciano, NBT Bank
Across the country, check fraud is on the rise — including here in New England. Earlier in the year, a series of thefts from mailboxes in Kennebunkport made headlines. In June, a New Hampshire business reported $12,000 was deducted from its bank account after thieves stole checks from the business’s outgoing mailbox. These are just two examples of a growing issue.
The problem is growing so rapidly that the U.S. Postal Service issued a warning about check fraud and made an unusual request: They’ve asked people to stop sending checks in the mail, and instead look to more secure ways of sending money.
People and businesses have been victimized either by having their checks “washed,” which involves using chemicals to remove ink on a written check allowing the criminal to change the payee and amount, or by misuse of the routing information on a stolen check to initiate a fraudulent electronic transfer of funds.
Consumers may look to secure transfer options, such as Zelle. But if you’re a business customer, you’ll want transfer options that provide significant flexibility and meet the needs of your organization.
One of the most flexible options for organizations is using business cards. Using a business credit card will feel familiar to using their consumer counterparts, but they come with a range of options for additional flexibility and security depending on the needs of your organization.
A basic business credit card offers the same protections you typically find with a credit card, such as zero liability and fraud protections. Using a business card has the added benefit of allowing for payments without divulging your business’s bank account information, such as the routing and account numbers that are visible on a check. Plus, many banks include additional services to help your business with their cards, such as expense reporting tools and cards for employees at no additional charge.
Commercial card platforms offer even higher levels of payment controls. For example, there are virtual pay options that allow a business to make payments that specify the receiving business, the exact payment amount, and even a date range. Any attempts to move funds outside of these established parameters will either be rejected or subject to additional scrutiny, providing a higher level of security.
Think of virtual pay in this way: After setting up the payment system, your bank will make a payment only if the recipient, the amount and the date range that you established matches. That makes it a lot harder for a criminal to circumvent security.
Talk to your financial institution about which type of business cards are right for your organization. Some of the more robust security features come with added controls and a higher cost, so it’s important to find the right solution for your business’s size and budget.
You may also already be using other payment forms in your business. Many employers use Automated Clearing House for direct deposit of payroll funds. ACH provides transfers of money from one financial institution (such as your business’s bank) to the clearing house, and from there the funds are deposited into a second financial institution (such as your employee’s checking account).
Wire transfers are similar in that they provide a method of transferring funds electronically. However, wire transfer funds go directly from one financial institution to another financial institution. These two forms — ACH and wire transfers — are governed by different rules and frequently have different timelines.
Sometimes, using a physical check is unavoidable. If your business must regularly write checks, talk to your bank about enrolling in a program such as Positive Pay. Positive Pay helps detect check fraud by matching up multiple elements of checks presented for payment against a check issuance file, which is uploaded daily by the business. When a check is presented for payment, data elements—payee name, dollar amount, check number and issue date—are compared to the list provided. Anything that doesn’t match exactly will end up on a list of exceptions. The business can then review these and determine whether to pay them.
Good cyberhygiene continues to be critical. Check your online accounts daily and quickly report anything that seems amiss. Update passwords frequently, and use appropriate controls including multifactor authentication whenever possible, especially to protect your banking accounts. Train any employees with access to sensitive information about “spear phishing,” a practice that tricks people into divulging account information by pretending to be someone your firm does business with looking for a missing payment.
And finally, take the advice of the USPS — if you need to mail a check, go into the post office rather than leaving it in a free-standing mailbox. Criminals are breaking into them using stolen “arrow keys,” a type of universal key mail carriers use to unlock mailboxes.
Criminals constantly change and adapt their tactics. This means we need to be ever-vigilant about how we address cybersecurity threats. Check fraud isn’t new, but with the prevalence of online payments, guarding your business’s routing and account information is more important than ever. Take steps now to protect your accounts, and consider using alternative, more secure forms of payment for your business.
Most Recent
Most Recent
0 Comments