Home   Contact Us   Sign Up for e-zine   Subscribe to Newsletter  
 
About the Newsletter
The Expertise Behind APN&T
Webinars & Events
Links to Other AP Resources
Blog
Job Listings
Consulting/Training
Press Room
 

 

 

Accounts Payable Articles

Accounts Payable Now & Tomorrow is a monthly publication with the most current advice from the trenches based on our reader surveys, interviews with the best practitioners, and the latest changes in all related specialty areas such as T&E, 1099s, sales and use tax, OFAC, VAT, electronic payment alternatives etc. Here is a sample article.

 

ACH Fraud: It Could Happen to Any Organization—including Yours

A recent cyber-theft utilizing ACH demonstrates how important it is for all organizations to take proper security precautions. The victim was a medium-sized not-for-profit, a typical target for this type of fraud. What’s more the events also show a shift in attitudes over the responsibility issue. There are some lessons to be learned for every company. Let’s take a look at what happened. 

The Theft

The Metropolitan Entertainment & Convention Authority, a nonprofit organization in Omaha Nebraska was hit with fraudulent ACH transactions totaling $217,000. It is believed that an employee at the organization fell for a phishing e-mail that downloaded malware software onto his computer. The employee opened an email attachment infected with a virus that stole the information. Through this software the technologically-savvy thieves were able to obtain the login and password credentials.

The cyber-crooks then add their own “hires” to the payroll. The payments went to the money mules hired through work-at-home scams. The heist was, like many others, based in  an Eastern European country. Luckily, it was uncovered early and all but $70,000 was recovered.

Reaction

The organization took responsibility for the attack, surprising many in the financial community. The reason for this is illuminating. Their bank had offered several security options which the Convention Authority had passed on. The explanation offered was that they thought the security recommendations made by the bank would be “administratively burdensome.” Like many organizations they did not believe they would be victimized.

The organization stepped up to the plate and did not expect its bank to compensate it for its losses.

Lessons Learned

For starters, it is imperative that every organization realize it could be a target. These thieves are known to focus their attentions on small and mid-sized businesses that are less likely to employ best fraud prevention practices. Many are unaware and others think it would never happen to them.  While there have been instances of large companies being hit by ACH fraud, it is not believed that it happens often. These organizations take the proper precautions to protect themselves. Typically, their bankers also make them aware of the latest frauds.  Although it does not appear to be a factor in this theft, many of these cyber-heists occur at times when offices are known to be lightly staffed. This includes the week between Christmas and New Years, late August etc.

Once this realization has sunk in that your organization could be a target, talk to your bankers. Ask what products they offer to protect against this insidious type of fraud. Pay close attention to the explanation of what the products actually do. There has not been much in the way of uniform protections so it is imperative that you understand what each actually does. Also ask what else they suggest.  They will probably suggest, among other things, that you set up a separate computer for all your online banking activity.

This particular situation reinforces that recommendation. Your online banking should be handled on a separate computer used for NOTHING else. Few organizations follow this advice despite the fact that it is relatively inexpensive to implement. A stand-alone computer costs less than $1,000 – and if used only for online banking needs little other software. In fact, not installing other software on it will reduce the chances that someone will be tempted to use it in case of an emergency. By the way, this recommendation comes not only from those involved in the financial community but from the FBI as well.

And finally, realize that fraud is continually evolving with crooks finding new and devious ways to practice their trade. As quickly as the financial community finds ways to protect itself against the latest wave of payment fraud, the crooks find a new way to illicitly get your organization’s money. This means it is imperative that every organization keep abreast of all the new types of frauds as well as the protections available to protect their funds. It also means continually revising processes to address the latest concerns. This, unfortunately, is an ongoing process, not one that is likely to remain static.

Want to read more articles like this one on a regular basis? Subscribe to our monthly newsletter. We have a 6-month option, as well as one and two year options.

Resources:

1) Subscribe to Accounts Payable Now & Tomorrow

2) Sign up for AP Now’s free weekly ezine, delivered to your email account on Mondays or Tuesdays

3) Accounts Payable Webinars

4) Try a sample copy issue of our newsletter, Accounts Payable Now & Tomorrow

5) Accounts Payable Best Practice CD

More articles:

Stop Duplicate Payments in Their Tracks: A 13-Step Precautionary Plan of Attack

AP N&T Survey Reveals Rush Checks Not the Only Check Issue to Cause Headaches in AP

How to Improve Your Duplicate Payment Detection Rates

 

© 2011 all rights reserved Accounts Payable Now & Tomorrow & CRYSTALLUS, Inc.

 

 

  
     
  © CRYSTALLUS Inc. 2006 | www.ap-now.com Mary S. Schaeffer Publisher & Editor