Your bank offers safer ways to pay
Recently, the U.S. Postal Service (USPS) issued a warning about check fraud and made an unusual request — it asked people to stop sending checks in the mail, and instead look to more secure ways of sending money. For the USPS — which has lost revenue as the use of electronic communications has replaced sending items through the post — to recommend against using its services is eye-opening.
The recent increase in criminal activity targeting checks is broad. People and businesses have been victimized either by having their checks “washed,” which involves using chemicals to remove ink on a written check allowing the criminal to change the payee and amount, or by misuse of the routing information on a stolen check to initiate a fraudulent electronic transfer of funds.
Consumers may look to secure transfer options, such as Zelle. But if you’re a business customer, you’ll want transfer options that provide significant flexibility and meet the needs of your organization.
One of the most flexible options for organizations is using business cards. Using a business credit card will feel familiar to using their consumer counterparts, but they come with a range of options for additional flexibility and security depending on the needs of your organization.
A basic business credit card offers the same protections you typically find with a consumer credit card, such as zero liability and fraud protections. Using a business card has the added benefit of allowing for payments without divulging your business’s bank-account information, such as the routing and account numbers that are visible on a check. Plus, many banks include additional services to help your business with their cards, such as expense-reporting tools and cards for employees at no additional charge.
Commercial-card platforms offer even higher levels of payment controls. For example, there are virtual-pay options that allow a business to make payments that specify the receiving business, the exact payment amount, and even a date range. Any attempts to move funds outside of these established parameters will either be rejected or subject to additional scrutiny, providing a higher level of security.
Think of virtual pay in this way — after setting up the payment system, your bank will make a payment only if the recipient, the amount, and the date range that you established matches. That makes it a lot harder for a criminal to circumvent security.
You should talk to your financial institution about which type of business cards are right for your organization. Some of the more robust security features come with added controls and a higher cost, so it’s important to find the right solution for your company’s size and budget.
You may also already be using other payment forms in your business. Many employers use Automated Clearing House (ACH) for direct deposit of payroll funds. ACH provides transfers of money from one financial institution (such as your firm’s bank) to the clearing house, and from there the funds are deposited into a second financial institution (such as your employee’s checking account).
Wire transfers are similar in that they provide a method of transferring funds electronically. However, wire-transfer funds go directly from one financial institution to another financial institution. These two forms — ACH and wire transfers — are governed by different rules and frequently have different timelines.
Sometimes, using a physical check is unavoidable. If your business regularly has to write checks, talk to your bank about enrolling in Positive Pay. This service helps detect check fraud by matching up multiple elements: check numbers, the account used for payments, and historical payment amounts that have been authorized. A business enrolled in Positive Pay uploads an electronic file daily to its bank with a list of checks issued and the amounts. When a check is presented for payment, it’s compared to the list provided, and anything that doesn’t match exactly will end up on a list of exceptions. The business can then review these and determine whether to pay them.
Good cyberhygiene continues to be critical. Check your online accounts daily and quickly report anything that seems amiss. Update passwords frequently, and use appropriate controls including multifactor authentication whenever possible, especially to protect your banking accounts. Train any employees with access to sensitive information about “spear phishing,” a practice that tricks people into divulging account information by pretending to be someone your firm does business with looking for a missing payment.
And finally, take the advice of the USPS — if you need to mail a check, go into the post office rather than leaving it in a free-standing mailbox. Criminals are breaking into them using stolen “arrow keys,” a type of universal key mail carriers use to unlock mailboxes.
Criminals constantly change and adapt their tactics. This means we need to be ever-vigilant about how we address cybersecurity threats. Check fraud isn’t new, but with the prevalence of online payments, guarding the routing and account information of your business is more important than ever. Take steps now to protect your accounts, and consider using alternative, more secure forms of payment for your business.
Margaret Scopelianos is director of treasury management & government banking at NBT Bank. She is responsible for directing the NBT’s treasury management services, which provide payments and liquidity solutions to commercial entities across NBT Bank’s footprint. At the helm of NBT’s government banking business, she also leads a team of relationship bankers serving the financial needs of municipalities, public schools, agencies, and authorities.