The level of fraud protection afforded to a business when conducting a transaction is very different from the level of protection offered to consumers. Consumers are allotted sixty days to dispute an unauthorized transaction while businesses are limited merely two days to report fraudulent activity, due to regulations like Article 4A of the Uniform Commercial Code.
Although businesses have options to place debit blocks and filters to safeguard their accounts, taking advantage of these features is an incredibly time-consuming, manual process for both the bank and the business. The complexity of employing such filters combined with the small window for disputing fraud can limit the level of security a business has over its account.
In addition, companies typically carry much higher account balances than a consumer, which makes corporate accounts an enticing target for payments fraud. Oftentimes, criminals use phishing techniques to gain access to a corporate account holder’s online information. The fraudster then accesses their financial institution credentials to redirect money transfers for legitimate business payments by changing the account and routing numbers of the intended payees, a tactic referred to as corporate account takeover. The account information changes can be so minute that they frequently go undetected until the two-day timeframe has passed.
However, this increasingly common type of fraud can be prevented if financial institutions make high-risk transactions instantly visible to their customers. To accomplish this, banks must proactively involve the account holder, as protecting the bank account should be a joint effort between the customer and the financial institution.
Enlisting the customer in fraud prevention measures is a logical approach because it is the account holder who knows their account and can best determine if a transaction is legitimate or fraudulent. The customer knows who is authorized to debit their account and it is the customer who holds the valid payment information details for the companies and employees they pay.
While financial institutions never consciously allow fraudulent transactions to occur, the occasional unauthorized payment can happen because the institution simply processes the transactions being originated in online banking or being received for posting without guidance from the customer. Instead, banks should provide actionable alerts when suspicious activity is detected and enable the account holder to stop the transaction before the funds ever leave the corporate account.
By leveraging the customer’s knowledge of their account, banks can effectively monitor where funds are being directed and who is pulling the funds from the account, based on the customer’s instructions. If an abnormal transaction is detected, the bank can suspend the payment and send an out-of-band alert to a separate device for the customer to review the transaction. The customer can then securely respond to approve a legitimate transaction or stop a fraudulent one from occurring.
To determine when to send an alert, the financial institution can use automated technology to compare each outgoing credit to a list of pre-approved payees, which are identified by the account and routing numbers. If a new account and routing number is introduced, the institution suspends the transaction until the customer reviews and approves it. The customer can also respond in different ways, one of the safest being with voice biometric technology.
After detecting suspicious account activity, the bank can send an out-of-band alert and one-time authorization code to the account holder, who then dials the number for the interactive voice response system. The customer enters the authorization code and repeats a phrase to confirm a voice match, allowing the customer to then verify or reject the transaction. Empowering corporate account holders to securely respond to suspicious transactions before the money leaves their account mitigates the risk and losses associated with payments fraud.
Ultimately, switching to an automated, self-service fraud solution can save financial institutions valuable time and money while giving corporate customers more control over their account. By automating the fraud detection and response process, and enlisting participation from the account holder, operational and staffing costs are reduced. Additionally, involving the account holder in detecting and responding to payments fraud shifts liability to the customer, as the bank’s decision to process the payment is based on the customer’s guidance.
Ms. Peace is CEO of Ooltewah, Tenn.-based ACH Alert, a provider of patented fraud detection services to financial institutions. She can be reached at email@example.com.