Who pays the price of fraud?
July 9, 2015 by Mark Castle
With attacks on business bank accounts becoming increasingly common, it would seem that banks are moving the responsibility for fraud from themselves to the account holder.
We recently noticed a new clause had been added to a Relationship Authority document from our own bankers, which stated ‘The bank may assume that the person who confirms their identity, and correctly answers the Bank’s security questions is me’.
Worryingly there is a common misconception that banks will replace any funds lost in an attack on a business bank account. But this is not necessarily the case and the shift of responsibility from bank to account holder will mean increasing instances where the bank will not be liable for losses from fraudulent attacks and will not refund lost money back to the business.
Results from a survey found that almost half of respondents who had lost money in a fraudulent online transaction did not get all, or sometimes any, of their funds back.
This situation is exacerbated when businesses are not fully aware of the dangers of cyber fraud. The same survey from Kaspersky Lab and B2B International found that only 22% of respondents believed they could be the target of a cyber-attack while statistics showed that 43% would have faced financial cyber threats at least once in the previous 12 months. In fact, small businesses are considered especially easy prey because many lack firewalls and monitoring systems.
Although banks will have put their own measures in place to thwart hackers, ultimately they hold the business responsible and emphasise that businesses must also defend themselves.
These 5 best practice tips are a good starting point:
- Ensure that you have a Firewall and Anti-Virus Software in place and it is always up-to-date.
- Limit the number of employees with access to the business accounts.
- Educate your employees to be wary of emails from unknown senders, unsafe links and unusual websites.
- Enforce strict internet policies such as no visiting social media networking sites on work computers, this is a common way for hackers to infect computers with malicious software.
- Have a separate computer solely for banking. This will limit hackers ability to compromise a banking session.