Fraud losses continue to mount for businesses. Scammers seeking to exploit weaknesses are constantly growing in sophistication, using technological advancements to supercharge how they target systems and the people behind them. Adopting a proactive mindset can help companies protect against attack, and selecting like-minded business partners — especially in financial services — can boost fraud-prevention efforts.
Close collaboration with a banking team who understands your business and can help identify risk and exposure is an important step in fraud detection. But while an impactful safeguard, it’s an extra level of security, as any company must have its own systems, controls, and culture to thwart attacks.
Adopting security best practices
Keeping tabs on the latest scams and tactics will help businesses better understand what they’re up against. Increasingly, U.S. businesses are being targeted by account takeover, synthetic ID, and scam/authorized fraud. While each of these types of attacks have unique attributes, they all rely on using personally identifiable information — gathered from data breaches, social engineering, or both — for nefarious purposes.
At Washington Trust Bank, a member of the FDIC, security professionals suggest regularly reviewing protocols in four key areas to maintain vigilance and keep fraudsters at bay.
- Employee access: People are an organization’s best defense, but only if they are equipped with knowledge, tools, and a clear understanding of their responsibility in combatting fraud. From setting up unique user IDs and permissions to developing formal protocols when a fraud attempt is suspected to establishing second approval requirements for certain transactions or operations, businesses can take many steps to support heightened awareness. As a reminder, employees should never share sensitive information with someone claiming to calling from your bank. Banks may need to verify personal information if you call them, but never the other way around.
- Network security: Data breaches provide fraudsters a wealth of data and access. While large companies tend to make headlines when compromised, the fact is that smaller businesses present tantalizing targets due to often limited resources for security. However, simple and regular preventive measures — such as updating operating systems with security patches, updating anti-virus software, deploying firewalls, and backing up data to a separate location — can help deter scammers.
- Wireless network management: A wireless network can be integral to conducting business, but it can also be a scammer’s open invitation to the business network. Maintaining strong security is imperative, starting with a complex administrative password that itself is stored in a secure location. Other recommendations include disabling any remote administration of the wireless network hardware and allowing access only to known devices.
- Physical security: With so many fraud attempts originating in cyberspace, it can be easy to overlook the role of physical data access. Only authorized personnel should have access to critical networks, servers, workstations, and telecommunications equipment, and employees should have clear guidelines on how to maintain the security of any company-issued devices.
Integrating bank partners to boost confidence
A banking partner can provide an additional line of defense for business clients, who stand to benefit from analysis conducted by the bank in its understanding of a business’s operations. The better a bank understands how a business moves and uses its money, the better it can advise how to protect it. Banks also stay apprised of new scams and techniques used by fraudsters and can provide additional education on attack trends and defensive maneuvers.
For some banks, the supplemental line of defense includes products and services specifically tailored to help identify fraud attempts. Knowing the specifics of both a business’s industry and operations allow for custom controls to be developed and implemented. For example, bank-controlled limits (hard dollar amount or velocity) that humans can’t override are designed to stop social engineering attacks that rely on the perception of urgency. To safeguard against account takeover, multi-factor authentication requires a one-time passcode, hardware token, or biometric validation in addition to the employee’s password. Businesses can also set up alerts for a variety of events to keep security top of mind.
When it comes to fraud prevention, it’s all-hands-on-deck. Businesses can promote a culture of vigilance rooted in security best practices while leveraging their security-minded banking partners to protect their assets, clients, and reputation.
This article originally appeared in the Puget Sound Journal of Business.
About the author
Ryan Petrik
Treasury Management Director
Ryan Petrik is the Treasury Management Director at Washington Trust Bank, the largest independently owned full-service commercial bank in the Northwest. Its Treasury Management services offer comprehensive, integrated solutions — from collections and payments to fraud protection and real-time reporting.