Community Banker’s Guide to Preventing Payment Fraud


Let’s start with some scary numbers: $6.9 billion – the FBI’s estimate of Americans’ losses in 2021 due to wire fraud. Fifty-five billion dollars – an estimate of last year’s fraud losses involving ACH payments. A large majority of these frauds relate to commercial payments. For a community banker, these figures are nightmares.

Payment fraud isn’t new, and while scams are evolving, the basic procedures for detecting and preventing them haven’t changed as much as one might think. As you prepare for summer, take a moment to review fraud prevention tactics.

1. Update your security procedures

When was the last time your bank carefully reviewed the security procedures built into your cash management agreements and payment processing procedures? From a legal standpoint, having “commercially reasonable” security procedures in place is key to keeping the bank away from liability. From a practical standpoint, this means more than a vague line in your ACH and wire transfer agreements indicating that security procedures will be established and followed.

Multi-factor authentication has become the gold standard for accessing online banking and electronic payments, but it’s not foolproof. Callbacks, transaction limits, and double checking remain tried and true security procedures, and new techniques such as requiring transactions to originate from a dedicated IP address are proving useful. Instead of relying on just one method, think about what makes sense for your organization and your customers.

And don’t limit your security procedures to online banking payments. If your bank accepts payment orders over the phone or in person, ensure that sufficient procedures are in place to confirm the identity of the requester. In-person payment fraud remains surprisingly common.

2. Papers, papers, papers

After defining the security procedures, document them for all customer. The last thing you need when dealing with an incident of fraud is to dig into customer records to try to determine what security procedures were actually in place, only to find that nothing was ever documented. This often happens alarmingly (including in large banks).

When a client enrolls in cash management products, ensure documentation is completed regarding the security procedures the client has chosen. Has the customer opted out of options such as double checking or confirming the IP address? Document it. Has the customer requested certain contacts to be called back for certain transactions? Document it. Have you recently sent an updated ACH agreement to your existing customers? Document it. Banks find themselves in hot water when they cannot prove what security procedures were actually in place and, therefore, whether they were followed.

3. Positive remuneration

For business customers with a steady volume of checks or ACH files, a positive compensation agreement can be an extremely effective way to combat fraud. Although the terms of the agreement may vary from bank to bank, the general idea remains the same: the bank compares all incoming checks and/or ACH files against separate lists of payments authorized by the customer , flagging any mismatches and withholding payment unless the customer confirms that payment is authorized. This can be a tough sell for small businesses that are already counting every penny of monthly expenses, but there are plenty of real-life cautionary tales that can help convince a client on the fence.

4. Education

New technology has provided excellent fraud detection tools, but nothing replaces good old human distrust. Talk about fraud. Make sure bank employees keep up to date with the latest fraud trends and vulnerabilities. Help customers understand the risks associated with common fraud schemes such as “business email compromise” and fake invoices that surreptitiously redirect otherwise legitimate payments. Encourage employees and customers to speak up and reach out whenever something feels fishy. And remind everyone involved that even the best technology won’t necessarily detect or stop insider fraud in a client’s business.

5. Really To know Your client

Megabanks are forced to rely heavily on technology for fraud detection because it is simply impossible for them to personally familiarize themselves with every customer’s business practices. Community bankers are uniquely positioned to fight fraud because your customers are more than just account numbers: they’re real people you see every day in your community, both inside and out. form the bank. Get to know them, their businesses and their banking routines.

Your filing team is well placed to spot anything unusual in a client’s account activity and take action. “See something, say something” isn’t just a law enforcement slogan. Does the local machine shop typically send multiple high value ACH files on a day that doesn’t match their payroll or vendor payment schedules? Is the hairdresser around the corner likely to initiate international wire transfers from an IP address across the country? Some customers may find a call about a suspicious transaction to be a nuisance or an indiscreet interruption, but they’ll likely buy your next round at the local watering hole if you save them from losing their hard-earned money to a scammer.

There is no magic bullet to prevent fraud and the threat will never go away. Even when the bank can avoid liability, incidents of fraud pose reputational risk and damage relationships with the customers involved. Be proactive, be agile and be vigilant.


Comments are closed.