ACH (Automated Clearing House) transactions and wire transfers are two forms of electronic funds transfers (EFTs)—both provide the fastest way to send cash to another business, individual or other recipient.
Unfortunately, businesses are a target in which cyber-criminals employ phishing emails, compromised websites, malware and other tools, attempting to steal bank login credentials. Once credentials have been stolen, money is typically transferred out of the account and into the thieves account—often, at a bank halfway around the world where the funds cannot be recovered.
Small-to-medium sized businesses are the biggest target for cyber-criminals, because they are less likely to have the strongest information security safeguards. In order to avoid these cyber-attacks, you must be prepared. Consider implementing the following best practices to better protect your business:
- Education is key! Understanding email scams and educating your employees is critical to protect your financial assets
- Verify changes in vendor payment location and confirm requests for transfer of funds by phone. Never initiate any changes based only on email communication.
- Implement a call-back verification process when setting up payments for new vendors or making changes to existing vendors
- Investigate unique requests. If you receive a request for payment that is out of your ordinary payment arrangement, confirm by phone with your vendor
- Be suspicious of requests for secrecy or pressure to take action quickly.
- Consider financial security procedures that include a two-step verification process for ACH & wire transfer payments.
- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
- Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.