Divider
Divider

Mary Schaeffer
Mary Schaeffer
 

How Do You Protect Your Organization Against Electronic Payment Fraud?

September 2, 2010
by Mary Schaeffer

No matter how you look at it, fraud is ugly. Electronic payment fraud, also referred to as automated clearing house (ACH) fraud, was almost nonexistent just a few short years ago. Now, it is growing by leaps and bounds. Organizations that do not take the necessary precautions to protect themselves are exposing themselves. Given that a growing number of fraudsters are targeting the accounts payable department and more particularly, the person who does the online banking for the organization, it is imperative to change the way this function is handled. As some Corporate Finance Insider readers may be aware, the crooks are targeting accounts payable and managing to download malware that captures the person’s keystrokes (and thus their banking codes). One of the best practices recommended to prevent this type of ACH fraud, is to set up a separate computer for all online banking activity.

There has been some complaining that this seems like overkill. It is not. Employees and management may complain that this is not convenient. This is not about making expediting the process. It is about preventing payment fraud for the price of a separate computer, likely less than $1,000.

Key Recommendations From IT and Your Peers

From the mouths of corporate financial professionals as well as information technology professionals to your ears and eyes: Here are 10 reasons why your firm should acquire a second computer and how it can prevent fraud in the workplace.

  1. Set up a separate computer to be used for all online banking activity ONLY.
  2. This separate computer should never be used for surfing the Internet or e-mail -- NEVER, EVER, no matter what the excuse.
  3. When not in use, turn off the computer.
  4. The computer should not be included in your network.
  5. Do not let a temp use the banking computer during seasonal increase in work.
  6. Antivirus software programs should be updated very frequently, even when it is inconvenient for the person using the computer.
  7. Ideally the computer should be located so no one can glance over a manager’s shoulder and see the passwords that are being typed.
  8. When dual authorizations are needed for transactions, the second approver should come to the banking machine and not get online in his or her office to approve the transactions. All banking activity should be completed on this computer.
  9. If the second authorizer is at a different location, then a second banking computer should be purchased and all the safety issues discussed. As an extra level of precaution, ensure that the same safety restraints are applicable to both computers no matter the location.
  10. Passwords and user IDs should be frequently changed (despite the fact that it is a royal pain) and should not be written on a piece of paper that is left out on the desk for anyone to find, or worse, put on a yellow sticky and attached to the side of the computer.

Conclusion

When you implement the above recommendations, your firm will be able to prevent some of the more malicious forms of ACH fraud occurring in your organization.

Rate this article 5 (excellent) to 1 (poor). Send your responses here.

Mary S. Schaeffer is the author of over a dozen business books includingController & CFOs Guide to AccountsPayable (John Wiley & Sons) and Fraud in Accounts Payable: How to Prevent It (John Wiley & Sons). She is the publisher  of Accounts Payable Now & Tomorrow newsletter, a monthly publication for executives concerned about internal controls and cost control in their payment function, writes a monthly newsletter, a free weekly ezine e-AP News, speaks at accounts payable webinars, seminars and conferences and directs the organization’s consulting practice.