Protect Yourself, Your Company and Your District from Bank Fraud 2013 CASE CONFERENCE – SOUTH PADRE ISLAND, TEXAS PATRICK JOHNSON FIRST STATE BANK CENTRAL TEXAS PATRICKJ@FSBCENTEX.COM Who Can You Trust? Your Bank? Your Best Employees? Your Family Members? Your Friends? Your Vendors? The Internet? Educate Yourself, Be Prepared, and Watch Your Back IN BANK FRAUD, WHO TAKES THE LOSS? • If the Bank clearly fails to exercise reasonable care in the prevention of Bank Fraud, the Bank may be liable • Consumers have more legal protections from banks through consumer finance laws than Commercial Clients. • If your Business/District clearly fails to exercise due care in prevention of Bank Fraud, the Bank will likely refuse to take the loss • Do not expect the Bank to take a loss when an employee commits bank fraud YOUR BANKER IS GOING TO TRY VERY HARD TO NOT TAKE THE LOSS!! Uniform Commercial Code vs. Consumer Protections • Current UCC and Bank Fraud Case Law outline specific bank fraud responsibilities for banks and Commercial Clients. Both the Bank and Commercial Client must act to prevent bank fraud. • Consumers have more legal protections than Commercial Clients. For example, a Consumer that reports bank fraud within 2 days will generally not face a loss regardless of who may be at fault. However, if a fraud incident has not been reported by the Consumer for 60 days, the Bank is typically no longer required to reimburse the Consumer. Internal vs. External Bank Fraud Chart Title PREVENTING EMPLOYEE THEFT • Manage and limit authority levels • Use dual authority for all money coming in the door and going out the door 40% External Fraud Employee Fraud 60% • Segregate issuers from approvers of all financial transactions • Randomly audit people and processes to assure compliance and detect fraud • Love your Office Manager, but keep an eye on him! Source: celent.com Major Bank Fraud Categories • Check Fraud • Wire/Hacker Fraud • ACH Fraud • Credit/Debit Card Fraud CHECK FRAUD • • • • • • • • • Check Kiting Identity Theft –opening bogus accounts Forgery and Counterfeiting Altering and Washing of items Direct Theft of Checks – Burglary Direct Theft of Checks - Employee Theft or Misuse of Signature Stamp Employee Redirection of Vendor Payments Fictitious Accounts Payable As many as 1 million fraudulent checks attempt to clear the banking system each day! $11 Billion in attempts $893 Million in actual losses Average Loss $20,300 Source: StopCheckFraud.com – 2011 Data General Tips to Prevent Check Fraud • Implement Positive Pay • Use a Third Party CPA firm to monitor and reconcile accounts MONTHLY • Limit number of signers on accounts • Use the power of Online Banking to monitor activity DAILY • Secure all checks, deposit slips, endorsement stamps, statements, receipts • Consider E-Statement, PO Box, and Lock Box to prevent physical mail theft • Shred all unneeded or outdated bank and financial information • Do not use signature stamps Positive Pay for Commercial Bank Accounts • Positive Pay is the single most effective Check Fraud prevention service offered by the Bank • Commercial Client electronically uploads a file of valid issued checks and sends the file to the Bank • The Bank will only automatically ‘Positively Pay’ the valid issued checks authorized by the Commercial Client in their Positive Pay file • Checks that do not match the file, including altered or bogus checks, are identified and intercepted and authorized for a decision to pay or return by the Commercial Client • Positive Pay also assists in automating bank reconciliation, saving you time • FSB Cost: $30 per month + 4 cents per item – very low cost for the benefit WIRE/HACKER FRAUD • Commercial Clients email servers hacked • Stolen account information results in account takeover • Wire Fraud usually via email or fax • Usually International • Stolen funds usually facilitate criminal activity • Very difficult to get money back General Tips to Prevent Wire/Hacker Fraud • Assure that your computer systems are adequately protected against hackers • Do not send account information through your email account unless you can encrypt it through a secure server and/or require a password to open • If initiating wires online, follow Bank procedure. No short cuts! No sharing of passwords! • Ask your bank about their call back procedures on emailed/faxed wires • Shred all unneeded or outdated bank and financial information • Use ‘old technology’ – call, walk in, overnight, or fax sensitive documents ACH FRAUD EXAMPLES • The Criminal accesses a Commercial Client’s computer credentials through email or internet based hack, then generates an ACH file in the originator's name, and quickly withdraws funds before the victim discovers the fraud • The Criminal accesses a Consumer or Commercial Client’s credentials and then initiates instructions to become an automatic bill pay recipient • An Employee of the target company or a bank modifies ACH files to steal money. Typically Vendor or Payroll Files. General Tips to Prevent ACH Fraud • If you use or allow ACH Debits, work with your Banker and CPA on improving your internal controls • ACH Debit Block Service – Your bank can block all or some types of ACH Debits • Review Payroll and Vendor payment procedures • Implement Dual Authority and Segregation of Duties to initiate and release ACH files • Review account activity DAILY • Segregate Accounts • General Operating • Payroll (Zero Balance Account) • Merchant Services (Credit Card) Receipts • Vendor Payments • CDs and Money Market/Savings Accounts for Excess Funds Debit/Credit Card Fraud • Card information is obtained through criminal means: • Data Breach of both Corporate and Government Servers • Account information is available for sale online • Thieves use stolen card numbers to duplicate cards for in person and online use • Credit and Debit Cards are also stolen the old fashioned way – through physical theft Global Fraud Losses: Credit & Debit Cards Source: Nilson Report, 2011 Banks and Merchants Lost $10.6 Billion worldwide as a direct result of credit and debit card fraud Debit/Credit Card Fraud Thoughts and Tips • Banks and Merchants generally eat these losses and the card holder is rarely responsible for this type of fraud. • Consumers are more protected than Commercial Clients. • If it happens to you, you must work with your Bank to file a fraud affidavit and police report in order to claim a return of your funds. • On Commercial Accounts, Debit and Credit Cards should be issued with care. Only allow cards to be issued to those who must have them to conduct business. • One Key Difference: With Debit Card Fraud, your money leaves your account and you must fight to get it back. With Credit Card Fraud, the activity is on a line of credit (not your cash) and disputed amounts generally are not due until the dispute is resolved. Use Your Trusted Advisors to Protect Yourself • Schedule an appointment to discuss how your Bank’s services can help prevent Bank Fraud • Work closely with a good CPA Firm to help with internal controls, reconciliation, and monitoring • Work with your Attorney to understand your responsibilities, rights, and remedies Banker Attorney CPA Trust, But Verify! • Trust is an essential part of being human and conducting business • Thieves know this and use it to their advantage • Don’t be the next victim – ask questions, put strong controls in place, and seek professional guidance from your CPA, Attorney, and Banker to prevent Bank Fraud!