- Protecting Your Bank Account From Fraud - A Cautionary Tale
- October 28, 2013 | Author: Kimberly J. Decker
- Law Firm: Barley Snyder - Lancaster Office
Most people have heard of "Phishing" and are aware of other scams used by hackers to fraudulently gain access to bank accounts, credit cards and other assets. While common sense and security measures can help prevent scammers from getting this information, most people don't realize that the power to debit an account is contained in every check for that account!
When you make an online payment by authorizing a third party to debit your account electronically (whether by entering your account number and your bank's ABA routing number online, or providing it over the phone), you are essentially "writing" an electronic check. Making electronic payments this way is quick, easy and convenient. But what happens when someone else uses your account number and bank ABA routing number to pull money from your account?
Business accounts are more at risk than personal accounts because personal accounts benefit from federal limits on the losses they can be made to bear. Business accounts, however, enjoy no such protection. There are two typical fraud scenarios faced by a business - fraudulent transactions made by its own authorized employees, and fraudulent transactions made by unauthorized persons, whether employees or not. Generally speaking, a bank is not required to refund a business for its loss from a fraudulent electronic debit if the transaction was made by a person who was authorized to access the account (presumably an employee). In that situation, the business really only has a claim against the employee - but in many cases, the money is long gone. As a result, the business often ends up bearing the loss unless it has insurance that will cover the loss.
If the unauthorized debit is initiated by a person who is not an authorized signer on the business account, the business may be able to get the money back through a reversal of the transaction it if moves quickly enough - typically within 48 hours, which requires incredible watchdog efforts. If the transaction can't be reversed, the business may be able to recover the money lost from the bank if it can show that the bank failed to follow agreed procedures to authenticate transactions. However, if the bank's security procedures were commercially reasonable and the bank completed the transaction in good faith, the bank is still not responsible to repay the business.
As you can see, recovery from the bank in this situation is often difficult (if not impossible).
So what can a business do to protect itself?
* Identify the extent of your risk in this area - what is the likelihood that you could be subject to a scam of this (or any other) nature, and what protection do you have in place to prevent this from happening?
* Don't allow one person to have sole access to sensitive information and accounts.
* Promptly notify the bank when authorized signers are fired or leave their employment.
* When terminating the employment of individuals who have had access to sensitive information, you are better off barring them from the premises after they are fired.
* Review bank statements and transactions and reconcile them frequently so that unauthorized transactions are caught quickly.
* Review existing bank relationships. Know your rights and responsibilities for fraudulent transactions under existing bank account agreements.
* Ask your bank about available fraud detection plans. Most banks offer various types and levels of fraud detection support that can prevent this type of fraud (as well as other scams) from being successful.
* Determine whether current insurance policies would provide coverage for fraud of this type and if not, whether such coverage is worth buying.