Business Bank Account Fraud ... (And Avoiding It Happening To YOU!)

Have you ever entered a business and observed the receptionist or customer service person playing an online game, reading a funny email, or casually browsing Facebook on their workstation computer, only to simply minimize it or switch browser tabs to access business systems when a customer walks in? cybercrime fraud mousetrap

Seemingly harmless non-business Internet activities on business computers by employees are a common source of considerable lost productivity; but, they are also a significant risk that can lead to devastating financial losses for your business.

Consider this - If you have children at home, do you allow them to use your home computer or laptop? Do you let them do anything they want on it without controls or supervision? Have they ever downloaded a file or installed programs without permission, or accidentally clicked on a link or visited a website that resulted in a computer virus?

Your employees are no different, except their activities at work can literally jeopardize your business. A single errant or careless click can compromise critical business systems, cause the loss or theft of sensitive customer and employee information, or result in cybercriminals cleaning out your business bank accounts.

Your business bank account can be cleaned out in minutes!

Infection of business computers by malicious software designed to record keystrokes or steal online credentials such as usernames and passwords (known as "malware") can lead to corporate account takeover. Once armed with your online banking information, cybercriminals can empty your business bank account in minutes. The manner or cause by which the malware gets on the computers may vary, but the intended results are the same.

Just a few real-life examples include:

Green Ford Sales auto dealership in Abilene, Kansas lost $63,000 after the business manager's computer was infected by malicious software that allowed thieves to initiate a fraudulent payroll transfer for 9 fictitious employees.
Marketing firm Little & King, LLC in Merrick, New York was preparing to be purchased by another firm when its computers were infected by the ZeuS Trojan, resulting in the theft of $164,000, cancellation of the acquisition, and potential bankruptcy.
Patco Construction of Sanford, Maine lost $345,444 (out of a total of $588,000 taken) after its computers were infected by the ZeuS Trojan.
Unique Industrial Product Co. in Sugar Land, Texas had its computers infected by malware, and within 30 minutes lost $1.2 million through 43 fraudulent wire transfers.
Efficient Services Escrow Group in Huntington Beach, California was forced to close after its controller's computer was infected by malware and thieves stole roughly $1.5 million.
Experi-Metal, Inc. of Sterling Heights, Michigan lost $5.2 million through 97 fraudulent wire transfers after its CEO's computer was infected by malware. (The bank was able to recover all but $561,000).

Not all bank accounts are equally protected!

Business and commercial bank accounts do not have the same protections as consumer bank accounts!

Federal Reserve Regulation E (12 C.F.R. Part 205) requires banks to provide reimbursement for certain fraud losses in consumer bank accounts. Because of this, if your personal bank account is hit by fraud, there is a good likelihood the bank will reimburse the stolen funds as long as you report it in a timely fashion. However, Regulation E does not apply to business accounts. Instead, business and commercial bank accounts are covered by the Uniform Commercial Code (UCC).

Under the UCC, business account holders have much shorter timelines to report fraud, less protections, and greater fraud liability than consumer banking customers. For example, an individual bank can choose to shorten the timeline for reporting fraud in a business account down to as little as just a few days, after which the business suffers the full loss. In the case of a fraudulent ACH or wire transfer, even finding and reporting the fraud within hours can frequently be too late to stop the transfer or recover the funds. Banks can also disclaim certain obligations altogether, through simple amendments to their commercial banking agreements (those occasional "statement stuffers" that many banking customers throw away without reading). Many banks have also taken the stance that, so long as they employ "commercially reasonable" security systems and protocols, they are not responsible for any fraud losses that are the result of a business' computer becoming infected by malware. This can leave a victimized business with its only potential recourse being to sue its own bank to attempt to recover the stolen funds.

As a business owner, it is not only critically important to monitor and frequently review your business bank accounts, but also to know your bank's policies, timelines, and reporting requirements for fraud losses before an incident occurs.

Are you protected? Would you bet your business bank account on it?

In addition to adequate security hardware and software, as well as clear policies and procedures governing the use of business computers, all employees with access to business computers and information must also be properly trained to understand and recognize the risks.

Think about your average employee for a moment. Does he or she use a business computer for non-business activities? Do they know and understand the importance (and your business' obligations) to protect sensitive business and customer information? Do they have even a fundamental understanding of basic computer security? Would they know how to recognize a phishing email or a bogus website, or would they blindly click? Would they recognize a social engineering scheme, or would they freely offer up information? If they connect from home or on the road, do they know how to protect against the risks of remote and mobile computing?

If you have never provided them with training, how do you know? As a business owner or executive, how confident are you in your own knowledge?

What you can do to protect your business:

The national business identity theft resource website, BusinessIDtheft.org, offers a wealth of free information, resources, and tips to help you protect your business from thieves and cybercrime.

Free Training Accounts for Protecting Your Business From Identity Theft

The Identity Theft Protection Association offers FREE employer training accounts that make providing your required employee information security and compliance training simple, painless, and affordable. Businesses of every size can easily manage and deliver world-class interactive training with no upfront costs, no I.T. requirements, and no minimum purchase requirements. Your online training center can be ready to use in just minutes. Learn more about protecting your business identity

Select Your State:

MyLLC LLC Formation
Rated 4.4 / 5 Stars from 57 client reviews on Google.

Disclaimer: This information is made available by MyLLC.com, Inc. (the "Company"), and is intended for educational purposes only, and it is not legal or tax advice. No action should be taken in reliance on any information in or on this site without verification with legal or tax counsel, after review of the facts and current law, that the action to be taken is appropriate under the circumstance. Except as expressly provided to the contrary in writing by the Company, the materials contained on this site are provided on an "as-is" basis without warranties of any kind, either express or implied. Company disclaims all other warranties, express or implied, including, without limitation, implied warranties of merchantability, fitness for a particular purpose, title and non-infringement as to the information, content and materials on and in the site. Company does not represent or warrant that materials on and in the site are accurate, complete, reliable, current or error-free.