As tasks and routines are increasingly being completed remotely due to the COVID-19 emergency, there are some individuals looking to take advantage of the situation.
One of the more common fraud schemes to emerge over the past two years, and one that will no doubt increase during this pandemic, is attempted fraud on ACH debits and other payments. One such ACH scheme typically involves the perpetrator contacting an organization through phone or email, posing as a vendor and requesting a change in bank account information. If the bank account changes are approved, the fraud is not identified until the legitimate vendor contacts the organization when the payment becomes past due. Another common payment fraud scheme is related to payroll disbursements. Typically, an email comes from an administrator or executive at the organization, seeking to change direct deposits to a different account (one controlled by the perpetrator).
While many other fraud schemes are likely to be discovered during this state of emergency, organizations should focus specifically on those that target its most desirable asset: cash.
Your financial institution offers tools to help minimize the risk of unauthorized ACH transactions, such as ACH Positive Pay or ACH Block, both of which require the organization to provide a positive verification before transactions are posted to the designated account. These tools give businesses a stopgap measure before their funds are withdrawn by the financial institution.
The most logical, and easiest, method for protecting your organization’s capital is to have independent verification of any requests to transfer funds. Before vendor or payroll information is changed (or exchanged), staff should report the requested change. Then, someone within the organization should contact the vendor or individual requesting the change directly—not by responding to their original email or phone call.
Even when working remotely, independent verification should be used for any changes related to regular tasks and procedures. Contact Larry Weeks, Shareholder, for help with internal controls while your organization is working remotely.
