Payment fraud is nothing new. Even in the Stone Age, someone likely tried to pass off a cheap stone ax for a nicer one. Fraudsters evolve as quickly as advances in payments methods and technologies — but new fraud-prevention tools can help protect your community association against deception and theft.
The dollar amounts of fraud are eye-watering. In 2022, internet fraud resulted in losses of $10.3 billion, according to the FBI’s Internet Cyber Crime Center. In Illinois alone, losses of nearly $84 million were attributed to business email compromises (BEC).
As much as those statistics boggle the mind, the numbers become very real when considering your community association’s finances. A LexisNexis study found that fraud costs $4 for every $1 affected.
While some associations still choose to pay vendors by check, electronic payment methods are becoming the industry standard — and the share of ACH debits affected by fraudulent activity increased accordingly, from 33% in 2019 to 37% in 2021. Phishing scams and BEC can compromise the processes leading up to payment initiation. Thefts may involve anything from malware to elaborate fraudulent emails and websites.
On the other hand, check fraud typically involves counterfeiting, rerouting of checks or physical alteration, known as check washing. While check fraud had been on the decline — primarily due to people moving from using physical checks to electronic payments — it increased by 84% in 2022, says the Financial Crimes Enforcement Network, a unit of the U.S. Treasury Department. According to the American Banking Association (ABA), this rise is partly due to social media channels, specifically Telegram, that allow users to hide their identities and encrypt messages. Telegram enables fraudsters to operate a robust network connecting check thieves with so-called “walkers,” who deposit altered checks into bank accounts in exchange for a fee.
Tackling these two key types of fraud requires a two-pronged approach encompassing electronic and physical security. To safeguard your payments processes, you may wish to consider implementing these best practices:
Train management and employees about fraud methods, including BECs. Knowledge is power. It’s essential to scrutinize each payment, especially new vendor payment requests or any unusual request from a board member. Take care to access financial systems only from secured connections, avoiding home networks or unsecured networks at locations like hotels, airports or other public places. Also, confirm that email addresses are correct — fraudsters sometimes change minor details, such as CEO@company_xyz.com vs. [email protected]. You can strengthen your defenses by calling the vendor, board member or colleague to confirm the information before submitting a payment.
Modernize your business tools and practices. Many community management companies have been using the same tried-and-true tools for years. Indeed, that software and methodology may work just fine when it comes to accurate calculations. Often, though, it may not offer safeguards such as direct integration with your bank accounts to make fraud protection more accessible and more powerful.
Document appropriate processes and approval steps, and make sure your team uses them. You’ll want to make it a habit to remain vigilant and build policy into your company’s everyday operations. The faster you identify fraudulent activity, the greater the chances of minimizing losses. And, of course, encourage well-known practices like using strong passwords, never reusing passwords on different accounts and not sharing passwords, especially when asked over email or text. Developing a wire transfer policy that documents your established processes and corresponds with your bank’s products and services is also wise. Periodically review these procedures with all parties involved.
Consider cyber insurance. One customer recently experienced a system compromise in which scammers locked them out of their data and demanded a $1 million ransom. Fortunately, the large company had insurance coverage and significant profits. A smaller, less prepared company might have had to close its doors under the pressure. Cyber insurance for your company — and your client associations — can mitigate your risk.
Stay vigilant with record-keeping. Successful organizations immediately inspect financial statements against internal records to ensure payments are ones you’ve authorized, and review checks for duplicate check numbers. Auto-reconciliation tools can simplify the process of validating entries — you may wish to ask your banking representative if they offer auto-reconciliation.
Adopt secured payment and deposit methods. For example, you can make it a policy to pay vendors with ACH credits rather than allowing ACH debits from your account. And using a single, dedicated computer for critical online banking functions can reduce the risk of corruption introduced through BEC or other non-secure sources. If a vender changes their mailing address or account-to-credit information, call and speak to someone who can confirm the changes are accurate. To guard against physical theft, it’s wise to deposit outgoing paper checks directly in a secure mailbox before the day’s mail pickup rather than leave them in an outgoing mail basket where they might be stolen.
Take advantage of your bank’s resources. Today, a wide variety of sophisticated digital treasury management solutions are available to optimize your company’s efficiency while helping to prevent fraud. These services are more accessible and affordable than ever for small and mid-size businesses. Key offerings include:
- A/P automation allows companies to pay vendors with easy digital payments, eliminating paper checks and associated check fraud.
- ACH Debit Block automatically returns ACH debit requests to the originating bank to ensure they do not post to your account.
- ACH Positive Pay allows you to set up payment rules by account, defining them by vendor ID and amount. You can automate the process or review exceptions and approve or deny them.
- Check Positive Pay compares each check to your records and denies payments that do not match. By integrating reconciliation activities, you can stay on top of your activity daily.
- API integrations enable companies to connect their internal enterprise resource planning (ERP) platform to the bank through APIs to create even more seamless workflows.
If you’re interested in learning more about how a knowledgeable banker can help you safeguard your payment transactions, contact an Alliance Association Bank relationship officer today.
Diane White
Diane White, CMCA, is the Vice President, Illinois Region for Alliance Association Bank. With her diverse background in banking, Diane offers the insight and industry experience Alliance...
Read more
Lea Marcou 
CAI - Illinois Chapter 
