Helping Protect Your Business
Working with Your Business to Help Prevent Fraud
California Bank & Trust prides itself on offering superior banking products and exceptional customer service. We believe an important service is reminding our business clients of the importance of protecting their business assets.
While California Bank & Trust has systems and policies to help protect your financial information from unauthorized access and disclosure, most business losses do not result from others' disclosure, rather they are crimes of opportunity made possible by a lack of internal business controls.
We hope you'll take a few minutes to review these tips and download our Fraud Awareness and Prevention Checklist. They will help you in building a workplace that inhibits the opportunity for behavior that leads to loss and exposes the business to undue risk.
Know your employees.
Embezzlement by employees is a primary cause of business losses and is a crime of opportunity often made possible by a lack of internal controls. As a minimum you should:
- Establish and maintain a system of dual controls in your office on blank checks, invoices, and accounts receivable. Do not allow the same person that reconciles your bank statement to also issue checks against the account.
- Store check stock in a locked cabinet accessible only to authorized personnel.
- Check the references of employment applicants, confirm employment dates, and look for time gaps on resumes.
- Consider performing a background check on employees with access to bank accounts, financial statements, online banking services and other sensitive company information.
- If you use temporary employees, make sure the agency you use to staff sensitive positions represents that they have performed background and/or reference checks on individuals they place with your company.
- Never sign blank checks.
- Check all payments against invoices to confirm the invoice is legitimate and the services are authorized.
- Review and reconcile bank statements in a timely manner.
- Regularly test or audit compliance with policies and procedures.
Minimize your risk to check fraud and counterfeiting.
Check fraud and counterfeiting involve the alteration or unauthorized reproduction of checks. Alteration can include changing the payee or the check amount by dipping the item in chemical removers. With current technological advances of laser printers and color copiers, professional counterfeiters can produce counterfeit checks difficult to detect. To minimize these risks:
- Use an established check printer that includes security features on checks, such as artificial watermarks, a warning band that calls attention to security features, and micro printing that copiers and scanners cannot easily duplicate.
- Keep check stock in a secure location accessible only to authorized personnel.
- Consider subscribing to a Cash Management product, so that your review of account activity can be frequent and timely and reduce the risk that a forged, altered or counterfeit check will pay against your account.
- Shred all materials that contain bank account or other sensitive information, or dispose in a secure bin to be shredded by a professional service at regular intervals.
- Hand outgoing mail directly to a postal agent, use the Post Office, or drop them in an official Post Office box.
- Consider opening a post office box for your business to receive its mail.
- Monitor your accounts payable and accounts receivable closely. If you receive a past due bill on an invoice you know you have paid, your payment may have been stolen and your account information is now in the hands of a counterfeiter or one who may alter and negotiate the item. Don't ignore your past due receivables. Your customer may have mailed you a check that has been intercepted and converted or counterfeited.
Wire Transfer Fraud
Wire transfer fraud is on the rise with fraudsters targeting unsuspecting businesses with increasingly sophisticated email phishing scams. Common scams include fraudsters gaining access to the email accounts of business executives, partners, or representatives of trusted vendors through social media or other means, or creating email accounts slightly different from legitimate accounts – perhaps substituting a period for a dash or changing one letter. Fraudsters then email wire transfer requests to employees with payables responsibilities. Employees believe the requests are legitimate and initiate the wire transfers with their banks. Because the requests are from authorized account signers, through Internet banking, or other legitimate wire request processes, the banks process the wire transfers and send funds to the fraudsters' bank accounts.
If your business is a target of wire transfer fraud, immediately contact your CB&T branch of account. After you notify us of a possible wire transfer fraud, we will attempt to recover the transferred funds. But, it is important to understand that your business is responsible for such frauds and you may suffer a loss. Funds transferred by wire are typically available for withdrawal as soon as they enter the recipient's account, and it is possible you won't recognize the fraud until the fraudster has withdrawn the funds. If CB&T receives the wire transfer requests from a legitimate, authorized account signer, through Internet banking, or other legitimate wire request process, the bank is not responsible for covering lost funds.
Adopting some easy-to-follow procedures can reduce your risk:
- Communicate – Make sure your employees and co-workers, especially those responsible for initiating wire transfers, are aware of common email phishing and account takeover scams.
- Review – Train employees to closely inspect all emails requesting payments or changes to payment methods.
- Confirm – Ensure that all employees confirm payment requests received by email with the requestor in person or over the phone.
- Remind – Regularly remind your employees and co-workers of the ongoing risk of fraud, and ensure they are following procedures to limit your exposure.
California Bank & Trust emails will never ask you for personal information or data, or any other sensitive information.
To help mitigate increased risk of online fraud, download IBM® Security Trusteer Rapport® software today for free. This software application provides an extremely important layer of security to protect your account funds from fraudulent attack.
Secure your business premises.
A secure physical environment deters fraud. At a minimum you should:
- Keep sensitive files and check stock under lock and key and limit access to those areas to authorized and trusted employees only.
- Monitor the assignment of keys and establish dual controls for critical functions.
- If possible, keep sensitive operations separate from the part of your business where the public, delivery persons, janitors and others have access, and restrict access to these areas to authorized personnel.
Modern technology can both help and hurt your business. You can limit exposure to security breaches in the following ways:
- Install firewalls to protect computer networks and control the flow of data.
- Install virus protection software on computers and servers.
- Do not open e-mail attachments from unknown senders.
- Limit access to company data to those employees who need the information and access to perform their job duties. Assign passwords and make it a policy that passwords be changed frequently.
- Do not publish confidential company information on your Website.
- Check out the companies with which you do business to assure their legitimacy, particularly if they are to have access to secure locations on your Website to conduct business.
Beware of Phishers.
Be wary of mail, telephone ore-mail requests for verification of your business information, particularly if you did not initiate the contact. An unsolicited inquiry may be a scam called "Phishing."
- Adopt a policy that all outside inquiries regarding the company be referred to a principal or executive of the business.
- Do not respond to requests to verify the identification number on printers, fax machines or copy machines. Scam artists use this information to generate a billing to your business for services not rendered.
- Review all invoices before payment to confirm that the services were authorized.
By implementing and observing these, among other, sound business practices, you will not only minimize the risk to your own company of certain controllable losses, you will better protect your own customers' identities and confidential information, as well. To further assist you, download a copy of our Fraud Awareness and Prevention Checklist.
For more information on identity theft and how it may impact your business, contact the Federal Trade Commission:
Federal Trade Commission
Washington D.C. 205801