Business Account Fraud Out to Pasture

Point-of-sale has received an extraordinary amount of attention over the past few years. A sort of celebrity by default — due to its widely publicized connection to countless data breaches throughout the U.S. Prior to all of this news, point-of-sale was primarily retail-industry vernacular.

Now, after at least four years in the spotlight, the POS breach trend seems to be shifting. Perhaps like other trends, it has run its useful course to criminals. Perhaps EMV (chip card) usage is working to thwart POS data breaches (despite slow adoption of EMV terminals and a lack of a PIN counterpart — a combination that the Federal Reserve projected would make transactions 700 times more secure than magnetic strips.) Or, maybe, criminals have found an even easier and more lucrative source to infiltrate.

The latest statistics find the latter to be true.

However, this newly favored wellspring for fraudsters is not actually new. It’s been in plain view the whole time: business account fraud. And, why not? There is more money to be had from a business than a consumer.

So how are fraudsters successfully pilfering business accounts?
Hacks into the business email and theft of payment data lead to almost half of all small business account fraud perpetrated via their credit card accounts, according to a 2016 Javelin survey. The business email provides a plethora of information, such as when a business pays vendors, which enables hackers to strategically time when they siphon funds to avoid detection.

Data breaches remain another way for criminals to steal from business accounts, as they not only expose customers’ data but the breached business’ sensitive information as well. This then provides easy access to commit existing account fraud and new account fraud against the business.

What is the impact to businesses?
The stolen business information then provides easy access to commit existing account fraud and new account fraud. Javelin found that small businesses were hit exceptional hard by fraud. Businesses with annual earnings between $100,000 and $1 million experienced average initial fraud losses of $14,724 — more than twice the average loss of businesses with annual earnings between $1 million and $10 million.

These figures are only expected to grow — as in the past year new account fraud alone has more than doubled, according to Javelin’s latest study.

Additionally, it was noted that since a data breach not only exposes consumers’ information, but that of the business where it occurred — criminals can then siphon money directly from the business’ accounts.

Moreover, as many as 60 percent of customers are likely to do business elsewhere following a breach, according to a 2014 HyTrust Poll. Is it any wonder that 60 percent of small businesses close within of six months following a breach?

Ready to change your businesses’ outcome and stop these account intrusions?
Then it’s time to consider the following actions you can take to avoid exposing your confidential business information.

  • Do you have alerts set up with your financial institution? This is a vital way to keep tabs on account activity and help detect fraud. Yet, only one in four business accounts takes advantage of alerts.
  • Can you spot a phishing email? It is becoming increasingly difficult to tell a fake from a genuine article. Phishers often masquerade as real companies, using their logo and sometimes even their email address. Make it your mission to tell the difference. The consequence for clicking on a link in a phishing email can be detrimental — from downloading computer viruses to giving hackers full access to your computer and everything it contains.
  • Are you aware of current scams? Some are more obvious than others. They may be carried out via phone, email, postal mail or in person. Urgency is the primary tipoff. But with so many scams going around, it is best to keep tabs on them so you’ll know what to look out for.
  • Do you prescreen third-party vendors and employees? Anyone who has access to your business systems and data should be validated as trustworthy. In the case of vendors, they must be able to guarantee the safe handling of information entrusted to them.

You owe it to yourself and your business to embrace these habits and other security controls to prevent fraud from jeopardizing your business accounts — wherever criminals may strike.

What are additional measures you can take to improve the security of your business information today? Let us know in the comments below.