Protect Yourself, Your Company and Your District from Bank Fraud

advertisement
Protect Yourself, Your
Company and Your District
from Bank Fraud
2013 CASE CONFERENCE – SOUTH PADRE ISLAND, TEXAS
PATRICK JOHNSON
FIRST STATE BANK CENTRAL TEXAS
PATRICKJ@FSBCENTEX.COM
Who Can You Trust?
Your Bank?
Your Best Employees?
Your Family Members?
Your Friends?
Your Vendors?
The Internet?
Educate Yourself, Be Prepared, and Watch Your Back
IN BANK FRAUD, WHO TAKES THE LOSS?
• If the Bank clearly fails to exercise reasonable
care in the prevention of Bank Fraud, the Bank
may be liable
• Consumers have more legal protections from
banks through consumer finance laws than
Commercial Clients.
• If your Business/District clearly fails to
exercise due care in prevention of Bank Fraud,
the Bank will likely refuse to take the loss
• Do not expect the Bank to take a loss when an
employee commits bank fraud
YOUR BANKER IS
GOING TO TRY VERY
HARD TO NOT TAKE
THE LOSS!!
Uniform Commercial Code vs. Consumer Protections
• Current UCC and Bank Fraud Case Law
outline specific bank fraud responsibilities
for banks and Commercial Clients. Both the
Bank and Commercial Client must act to
prevent bank fraud.
• Consumers have more legal protections than
Commercial Clients. For example, a
Consumer that reports bank fraud within 2
days will generally not face a loss regardless
of who may be at fault. However, if a fraud
incident has not been reported by the
Consumer for 60 days, the Bank is typically
no longer required to reimburse the
Consumer.
Internal vs. External Bank Fraud
Chart Title
PREVENTING EMPLOYEE THEFT
• Manage and limit authority levels
• Use dual authority for all money coming
in the door and going out the door
40%
External Fraud
Employee Fraud
60%
• Segregate issuers from approvers of all
financial transactions
• Randomly audit people and processes to
assure compliance and detect fraud
• Love your Office Manager, but keep an
eye on him!
Source: celent.com
Major Bank Fraud Categories
• Check Fraud
• Wire/Hacker Fraud
• ACH Fraud
• Credit/Debit Card Fraud
CHECK FRAUD
•
•
•
•
•
•
•
•
•
Check Kiting
Identity Theft –opening bogus accounts
Forgery and Counterfeiting
Altering and Washing of items
Direct Theft of Checks – Burglary
Direct Theft of Checks - Employee
Theft or Misuse of Signature Stamp
Employee Redirection of Vendor Payments
Fictitious Accounts Payable
As many as 1 million fraudulent checks
attempt to clear the banking system
each day!
$11 Billion in attempts
$893 Million in actual losses
Average Loss $20,300
Source: StopCheckFraud.com – 2011 Data
General Tips to Prevent Check Fraud
• Implement Positive Pay
• Use a Third Party CPA firm to monitor and reconcile accounts MONTHLY
• Limit number of signers on accounts
• Use the power of Online Banking to monitor activity DAILY
• Secure all checks, deposit slips, endorsement stamps, statements, receipts
• Consider E-Statement, PO Box, and Lock Box to prevent physical mail theft
• Shred all unneeded or outdated bank and financial information
• Do not use signature stamps
Positive Pay for Commercial Bank Accounts
• Positive Pay is the single most effective Check Fraud prevention service offered
by the Bank
• Commercial Client electronically uploads a file of valid issued checks and sends
the file to the Bank
• The Bank will only automatically ‘Positively Pay’ the valid issued checks
authorized by the Commercial Client in their Positive Pay file
• Checks that do not match the file, including altered or bogus checks, are
identified and intercepted and authorized for a decision to pay or return by the
Commercial Client
• Positive Pay also assists in automating bank reconciliation, saving you time
• FSB Cost: $30 per month + 4 cents per item – very low cost for the benefit
WIRE/HACKER FRAUD
• Commercial Clients email servers hacked
• Stolen account information results in account
takeover
• Wire Fraud usually via email or fax
• Usually International
• Stolen funds usually facilitate criminal activity
• Very difficult to get money back
General Tips to Prevent Wire/Hacker Fraud
• Assure that your computer systems are adequately protected against hackers
• Do not send account information through your email account unless you can
encrypt it through a secure server and/or require a password to open
• If initiating wires online, follow Bank procedure. No short cuts! No sharing of
passwords!
• Ask your bank about their call back procedures on emailed/faxed wires
• Shred all unneeded or outdated bank and financial information
• Use ‘old technology’ – call, walk in, overnight, or fax sensitive documents
ACH FRAUD EXAMPLES
• The Criminal accesses a Commercial Client’s
computer credentials through email or internet
based hack, then generates an ACH file in the
originator's name, and quickly withdraws funds
before the victim discovers the fraud
• The Criminal accesses a Consumer or Commercial
Client’s credentials and then initiates instructions
to become an automatic bill pay recipient
• An Employee of the target company or a bank
modifies ACH files to steal money. Typically
Vendor or Payroll Files.
General Tips to Prevent ACH Fraud
• If you use or allow ACH Debits, work with your Banker and CPA on improving your internal
controls
• ACH Debit Block Service – Your bank can block all or some types of ACH Debits
• Review Payroll and Vendor payment procedures
• Implement Dual Authority and Segregation of Duties to initiate and release ACH files
• Review account activity DAILY
• Segregate Accounts
• General Operating
• Payroll (Zero Balance Account)
• Merchant Services (Credit Card) Receipts
• Vendor Payments
• CDs and Money Market/Savings Accounts for Excess Funds
Debit/Credit Card Fraud
• Card information is obtained through criminal
means:
•
Data Breach of both Corporate and Government
Servers
•
Account information is available for sale online
•
Thieves use stolen card numbers to duplicate cards
for in person and online use
•
Credit and Debit Cards are also stolen the old
fashioned way – through physical theft
Global Fraud
Losses: Credit &
Debit Cards
Source: Nilson Report, 2011
Banks and Merchants
Lost $10.6 Billion
worldwide as a direct
result of credit and debit
card fraud
Debit/Credit Card Fraud Thoughts and Tips
• Banks and Merchants generally eat these losses and the card holder is rarely
responsible for this type of fraud.
• Consumers are more protected than Commercial Clients.
• If it happens to you, you must work with your Bank to file a fraud affidavit and police
report in order to claim a return of your funds.
• On Commercial Accounts, Debit and Credit Cards should be issued with care. Only
allow cards to be issued to those who must have them to conduct business.
• One Key Difference: With Debit Card Fraud, your money leaves your account and you
must fight to get it back. With Credit Card Fraud, the activity is on a line of credit (not
your cash) and disputed amounts generally are not due until the dispute is resolved.
Use Your Trusted Advisors to Protect Yourself
• Schedule an appointment to discuss
how your Bank’s services can help
prevent Bank Fraud
• Work closely with a good CPA Firm
to help with internal controls,
reconciliation, and monitoring
• Work with your Attorney to
understand your responsibilities,
rights, and remedies
Banker
Attorney
CPA
Trust, But Verify!
• Trust is an essential part of being
human and conducting business
• Thieves know this and use it to their
advantage
• Don’t be the next victim – ask
questions, put strong controls in
place, and seek professional guidance
from your CPA, Attorney, and Banker
to prevent Bank Fraud!
Download