Best Practices to Mitigate Business Fraud

  • Check business accounts daily
    Monitoring transactions frequently helps spot fraud early, prevent further unauthorized activity and ensure issues are reported within required timeframes.
  • Set up account alerts and card controls
    Real-time notifications can flag unusual activity right away. Remind team members to review and update their alert preferences periodically to stay protected. Encourage cardholders to utilize expansive card controls (if offered) or protections in the form of limits, restrictions on merchants or types of transactions and locations.
  • Avoid mailing checks to vendors or partners
    Mail theft and check fraud happen all the time and stolen checks can be easily altered or counterfeited. Whenever possible, use secure electronic payment options, such as ACH, instead.
  • Keep company cards and devices secure while shopping or traveling
    Team members need to safeguard corporate cards, avoid leaving personal belongings unattended and use trusted payment devices or networks.
  • Inspect card terminals before using them
    Fraudsters sometimes install skimming devices that steal card data and PINs. Before inserting or swiping a card, check for loose or suspicious parts. Tap-to-pay methods using tokenization offer safer alternatives.
  • Be cautious with online purchases or invoice payments
    Stick to verified websites and legitimate vendors. Fraudsters often mimic real businesses with fake domains or invoices, so always double-check payee information before approving a transaction.
  • Protect sensitive business information
    Never share payment or account details over unsolicited emails or calls. Remind team members that legitimate vendors or partners will not ask for confidential information they already have.
  • Verify recipients before sending digital payments
    Always confirm payment requests through a known and trusted contact or a verified phone number. Fraudsters are increasingly using fake payment accounts or AI-generated messages to create a sense of urgency and trick team members into sending funds.
  • Watch for business email compromise and phishing scams
    Cybercriminals frequently impersonate executives, vendors or IT support. When in doubt, stop, think and verify before sending payments or clicking links. For ACH, accepting account information by email is contrary to secure/encrypted transmission standards in Section 1.7 and applicable legal requirements for credit authorizations in Subsection 2.3.2.1 of the ACH Rules.
  • Utilize dual control for originated digital payments
    It is easier for a fraudster to compromise a single person than two. With dual control, one team member enters or uploads the payment while a second reviews it. The reviewer should carefully verify any new routing numbers or account combinations and question the source whenever something seems unusual.
  • If it sounds too good to be true, it probably is—especially with investment or crypto
    In 2024, known investment scams resulted in over $6.5 billion in losses, while cryptocurrency-related scams caused more than $9.2 billion in losses. Fraudsters are becoming increasingly sophisticated, often impersonating trusted sources to target victims. Many schemes aim to drain long-term savings, Home Equity Lines of Credit (HELOCs), personal investments and 401(k) accounts