Unauthorized electronic payments from business bank accounts are a growing concern. Phishing e-mails and malware allow criminals to take control of your bank accounts to initiate payments out of your accounts. When funds are stolen from a business bank account through an unauthorized payment order, who bears the loss? Probably not the bank.
By infiltrating a business’s computer system, the criminal can obtain the log-in credentials to the business bank accounts and initiate unauthorized payment orders. Thus, it is important for businesses to understand the requirements of Article 4A of the UCC that come into play when a dispute arises between a bank and its business customers because of unauthorized wire transfers or ACH credit transfers.
On its face, the UCC provides that a bank is responsible for any unauthorized electronic payment orders on a non-consumer account. However, the UCC also allows the bank to shift the risk of loss to its business customers by following a few simple rules that are contained in most banks’ account set-up forms. Some lawyers may argue that you still have a case against the bank by arguing the banks security procedures were not ‘commercially reasonable,’ however; litigation may take years. The banks have been fighting this cyber problem for many years and have done a great job of protecting themselves. That leaves you to protect yourself.
Five things you can do to protect your business bank accounts:
Meet with your bank and upgrade to a more sophisticated account with added controls. Consider adding services like positive pay, restrictions on electronic transfers, or dollar limits for withdrawals.
Meet with your IT team to help train your employees to spot phishing emails and to never click on anything connected to those emails. Your IT team can also set up firewalls to prevent employees from entering or using any websites not pre-approved by the company.
Set aside one separate computer that does no other on-line business other than banking. Restrict banking activities to that one computer.
Check your bank balances daily. If you notify the bank fast enough, they may be able to recall a wire before the money is transferred beyond reach, usually offshore.
Talk to your insurance agent about adding Cyber Deception Coverage to your business policies. You must have strict controls in place to qualify to get coverage. More about how to qualify for the coverage is detailed in the next article.