Pub. 12 2015 Issue 1

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G N E W M E X I C O R E A L I Z E D R E A M S 14 Call KBS (785) 228- 0000 to discuss this article and other loss prevention topics or products to help protect your bottom line. The management team at a regional grocery store chain grew comfortable with using email in facilitating business transac- tions. One day, the office administrator received an e-mail from the president providing instructions for a $175,000 wire transfer payment to a new supplier. The administrator made the payment request through the bank’s internet portal. The bank followed security procedures by calling and confirming the payment order. Later that day, the office administrator was walking past the president and casually stated, “Sounds like a great deal from the new supplier.” The president was puzzled. They discovered the president’s e-mail was hacked. They immediately contacted the bank attempting to reverse the wire transfer. Unfortunately, the funds were already gone. Because the bank followed the agreed upon security procedure, the customer was out the $175,000. The bookkeeping department at a Midwestern bank received an e-mail from a loan officer confirming approval of a new loan. $1,247,000 needed to be sent by Cashier’s Check to an equipment dealer. The Cashier’s Check was sent as requested. The following week the bank could not balance the “loans-in-process” account. They quickly realized the loan officer’s e-mail was hacked. The bank attempted to refuse payment on the Cashier’s Check, but the crook opened an account in the name of the payee at a different bank and the funds were already gone. Since the check was in the hands of a holder-in-due-course, the first bank suffered the loss. A local CPA firm’s bookkeeping department received a call from its office supply vendor explaining they are implementing a new process: all future payments to the vendor should be sent to a Post Office box address. As requested, the CPA firm changed the vendor’s address. For the next two months, all payments were sent to the new address. The vendor finally called inquiring about the missing payments and discovered their payments were stolen by an impostor. The crook set up a business with the same name as the vendor, deposited the checks, and absconded with the money. The CPA firm attempted to make a claim that the endorsements were forged. The law protected the second bank from liability since they followed procedure. The CPA firm was at fault when they unwittingly sent the checks to the crooks. Impostor fraud is growing. They use almost any means to impersonate someone: e-mail, faxes, letters, and phone calls. Knowledge of the scams is often the best place to start in fighting this fraud. The following recommendations are ways you can help reduce your risk: Banks may distribute the article to its customers if they so choose. Everyone needs to be aware of impostor fraud to stop the crooks and prevent losses to both banks and bank customers. twitter.com/kbsforbanks linkedin.com/company/kbsforbanks Connect with us on social media: Internet Crime Complaint Center Alert your staff: Alert all staff, especially management, the accounts payable department, and anyone responsible for changing addresses or sending payments in any form. Create a culture of open communication: If something seems odd, staff should feel comfortable asking questions – even to top management. Verify the request: Establish procedures to verify any unusual request made outside customary channels. Any large requests, even when received through proper channels, whether by mail, fax, email, or online entry, should be verified with a phone call to a previously confirmed number. Remember that contact information received at the time of any fraudulent request is likely fraudulent as well. Always verify using information already in your records. Fraudulent requests to change an address or phone number can often be detected by mailing a confirmation of the change to the old address. Payment requests and payment address changes need to be verified. While some businesses may implement other controls, all businesses can verify a contact change and payment request with a phone call to a previously confirmed phone number. A phone call can often stop impostor fraud before a loss is suffered.