It's a nightmare risk for any business. Your customer claims to have paid, but the funds never arrive. You receive an email purportedly from a regular supplier informing you of new payment arrangements, and you only discover after you have made a large payment that the supplier has been hacked. Or – perhaps worst of all – funds disappear from your company accounts, diverted who knows where. These are all examples of online fraud.
How can you protect your business from this growing threat?
Always check the credentials of new customers, especially if their first order is large. Be particularly suspicious of customers who provide a P.O. box number instead of a genuine address, or who order a lot of high-value goods that can easily be split up and sold on, or who are in a country with which you don't normally do business. Also, beware of customers who want to split payment across a number of cards, as this might indicate that the cards are stolen. Don't accept payments from people you don't know.
The same goes for suppliers. Use reputable suppliers as far as possible, and keep their contact details up to date. If using a new supplier, check that they respond to emails and telephone calls. Be wary of payment instructions received by email; it's wise to verify by telephone or fax before committing funds. Don't send payments to suppliers unless you are sure of their credentials.
It's wise to keep a central register of customers and suppliers. Using an online payments solution can help you keep track of customers, suppliers and payments and flag up anything that looks suspicious.
Another line of defensce is make sure that your systems are secure. This is clearly important for payment systems, but accounting records are vulnerable to hackers, and the names and contact details of your company, your employees, your customers and your suppliers may be at risk from identity fraudsters.
Your IT department should keep hardware and system software up to date and resilient. Firewalls, anti-virus and anti-spyware software should be regularly updated and always active. Don't allow suspicious items past firewalls or virus checkers without careful review.
It's also important to make sure your staff are fully aware of the need for physical security. Enforce rules about password strength and confidentiality, and make sure passwords are changed regularly. Limit the amount of personal information that staff can keep online, and only allow downloads from trusted websites. Consider restricting access to social media.
Customer data and payments need to be kept particularly secure, so make sure access controls on your system can prevent anyone accessing them without specific permission to do so. For payments, consider using dual verification, where one person enters the details of the payment and another authorizes it before sending. It's also wise to segregate functions so that, for example, people responsible for maintaining customer details cannot also make payments. Keeping a printed or electronic record of every payment can be helpful when investigating missing or suspicious payments.
If you are selling goods and services online, you can help protect your company from identity fraud by registering domain names that are similar to yours or that have the same name with a different ending. For example, AustraliaWidgets.au might also register AustraliaWidgets.com, AustraliaWidgets.org and variations on AusWidgets.
Managing your transaction flow is also an important safeguard against fraud. Tracking outgoing and incoming payments as they happen means you can spot suspicious items quickly. It's sensible to reconcile cash books and bank accounts daily and always investigate missing items, or - equally important - items that have arrived that you weren't expecting. Reporting tools make it easy for you to track your payments, while moving your cash flow management online and integrating it with your ERP software reduces the likelihood of employee fraud.
With a well-thought-out fraud prevention strategy supported by systems that give the security and control you need, you can minimize the cost and risk of fraud for your business.