Blog
How can companies protect themselves from wire transfer fraud?
Contents
- 1 Protecting Your Business from Wire Transfer Fraud
- 1.1 Educate Employees on Red Flags
- 1.2 Implement a Call-Back Process
- 1.3 Limit Access
- 1.4 Set Limits
- 1.5 Use Whitelists
- 1.6 Watch for Sudden Changes
- 1.7 Confirm Delivery
- 1.8 Review Activity Regularly
- 1.9 Use Dual Controls
- 1.10 Watch Out for Phishing
- 1.11 Secure Computers
- 1.12 Back Up Data
- 1.13 Beware of Social Engineering
- 1.14 Monitor Transactions
- 1.15 Insure Against Losses
- 1.16 Learn from Others
- 1.17 Report Suspicious Activity
- 1.18 Act Quickly When Compromised
- 1.19 Review Policies Regularly
- 1.20 Train Across the Company
- 1.21 Learn from Mistakes
- 1.22 In Summary…
Protecting Your Business from Wire Transfer Fraud
Wire transfer fraud has become a huge problem for businesses of all sizes. As more transactions move online, scammers have more opportunities to trick employees into sending money directly to them. According to the FBI, business email compromise scams alone have cost companies over $26 billion since 2016.
The good news is there are steps you can take to prevent your business from becoming the next victim. Here are some best practices to implement:
Educate Employees on Red Flags
The first line of defense is ensuring your employees understand what wire transfer scams look like. Go over these common red flags:
Requests come from outside normal procedures or reporting lines. For example, if the CEO typically approves wire transfers but now someone else is sending the request.
Requests involve secrecy or pressure. Scammers want to move quickly before getting caught.
Requests involve suspicious circumstances like payments to foreign suppliers that don’t match normal vendors.
Requests come from suspicious email addresses like misspellings of existing domains.
Requests direct payment to a personal account rather than a company account.
Make sure employees know not to ever send a wire transfer solely based on an email request. There should always be a secondary confirmation over the phone or in person.
Implement a Call-Back Process
Whenever a wire transfer request comes in, have a policy that the recipient must call back the requestor directly to confirm. Do not use any phone number provided on the actual request – look up the number independently. This verification call will allow any fraud to be detected.
You can take this a step further by establishing a secret verbal password that must be used to confirm wire transfers. This prevents a scammer from being able to confirm their own fake request.
Limit Access
Only employees who absolutely need access to initiate wire transfers should have it. The more people who can move money, the more potential vulnerabilities you have.
For executives like the CEO who are common wire transfer scam targets, flag their accounts to trigger extra scrutiny or verification procedures. You want to throw up roadblocks to fraudulent requests made under their names.
Set Limits
Putting limits on wire transfers can minimize potential losses from fraud. For example, require secondary approval from a manager for any transfer over $10,000. Or restrict international wire transfers which are common in scams.
You can even limit the window for sending wire transfers to business hours on weekdays. This prevents late night fraud when fewer employees are watching.
Use Whitelists
Maintain an approved list of recipient accounts where you will send wire transfers. Block any transfers to accounts not on this whitelist to prevent diversion of funds.
Be sure to keep this list updated as vendors change bank accounts. Don’t rely on info in old emails – reconfirm any changes verbally.
Watch for Sudden Changes
Beware if a known contact suddenly asks to change the bank account a wire transfer is sent to. Criminals will try to intercept legitimate transfers by getting the money rerouted.
Also watch for sudden requests to change amounts or recipients. Any last minute changes should be verified.
Confirm Delivery
Just because you sent a wire transfer does not mean it was properly received. Call the intended recipient using their real phone number on file to confirm they got the money.
If they report not receiving it, immediately investigate if it was intercepted. The faster you can spot fraud, the better chance you have of recovering funds.
Review Activity Regularly
Make auditing wire transfer activity part of your regular financial procedures. Look for any unusual patterns like spikes in amounts or frequent new recipients.
Anomalies may indicate someone inside has turned rogue and is embezzling funds through wire transfers. Catching it quickly limits losses.
Use Dual Controls
No single employee should have enough access to both initiate and authorize wire transfers. Separating these functions into multiple roles limits how much damage a rogue employee could do.
You can also require tokens or multi-factor authentication to approve wire transfers above a certain threshold. The more roadblocks, the better.
Watch Out for Phishing
Employees often unintentionally provide access to business accounts through phishing emails. Warn staff to watch for suspicious links and attachments requesting login info.
Enable two-factor authentication where possible to prevent criminals from accessing accounts even with login credentials in hand.
Secure Computers
Make sure all computers used for wire transfers have security protections enabled, like anti-virus software and firewalls. Keep all software updated to patch vulnerabilities.
Restrict access to wire activities to only specific workstations and keep them off any public Wi-Fi or shared networks. The fewer access points, the better.
Back Up Data
Maintain good backups of critical data like vendor and supplier records. If criminals do manage to get access, you want to be able to restore legitimate details and accounts.
Test backups regularly to verify you can recover data if needed. Backups are useless if they are corrupt or incomplete.
The human element is the hardest to defend against. Criminals will try to trick or manipulate employees into initiating fraudulent wire transfers willingly.
Train staff to recognize common social engineering tactics like urgency, intimidation, and appealing to authority. Empower employees to push back on questionable requests.
Monitor Transactions
Leverage your bank’s transaction monitoring capabilities to spot suspicious wire transfers. Unusual activity patterns may indicate an account is compromised.
You can even consider services that actively monitor transactions and flag or stop wire transfers that match fraud characteristics. Though costs are involved, it may be worth it.
Insure Against Losses
Check if your business insurance policy covers losses due to wire transfer fraud. If not, consider adding this coverage to mitigate the financial impact if you do suffer a loss.
You may also be able to get insurance that specifically covers cyber crimes like fraudulent wire transfers initiated online. Shop around for the right fit.
Learn from Others
Use reported cases of wire transfer fraud at other companies to identify new risks. Criminals constantly shift their tactics and techniques.
Sign up for alerts from organizations like the FBI to stay on top of emerging trends in wire transfer scams targeting businesses. Knowledge is power.
Report Suspicious Activity
If you detect any suspicious wire transfer activity, document the details and immediately report it to your bank, regulators, and authorities.
Providing information on criminal tactics can help put measures in place to stop the next attempt on another company.
Act Quickly When Compromised
If a fraudulent wire transfer does occur, act swiftly to limit damage. Alert banks on both ends of the transaction, file a police report, contact regulators, and lock down affected accounts.
Freezing activity may allow more time for recovery. But the faster you can detect any breach, the better your chances.
Review Policies Regularly
Treat wire transfer security as an ongoing process, not a one-time fix. Review your policies frequently and look for opportunities to add new precautions.
As your business changes, you may need to update procedures around wire transfers to prevent new risks from developing. Adapt as needed.
Train Across the Company
Make wire transfer training part of onboarding all new hires. The more employees educated on the risks, the better protected the company will be.
Conduct refresher courses periodically to reinforce lessons learned. Complacency is an enemy of good security.
Learn from Mistakes
If fraud does occur, review what happened and look for ways to improve policies. Plug any gaps that allowed it to happen.
Turn mistakes into lessons that strengthen defenses for the future. Continual improvement is key.
In Summary…
With wire transfers a prime target, companies must make fraud prevention a priority. Take the time to implement controls, train employees, and adapt to new criminal tactics.
Ongoing vigilance in this area can save your business from becoming the next seven-figure wire transfer fraud statistic. Protect your bottom line.