Protect Your Business Against Fraud

Follow these steps to stave off potential fraud losses.

Small businesses are facing unprecedented levels of fraud. You need to be alert—and frankly, a bit skeptical—to protect your business. According to the Association of Certified Fraud Examiners (ACFE), the typical business loses five percent of revenues each year to fraud. The latest ACFE study1 found that nearly one in three small businesses experienced fraud in 2014, with a median impact of a $154,000 loss.

"Small businesses are under increasing attack, particularly by cybercriminals stealing financial information such as banking information or customer information to be used for identity theft," says Steven J.J. Weisman, founder of and nationally recognized identity theft expert, lecturer, and lawyer. "Other times the hackers will install ransomware by which they take control of all of the data of the business and extort money from the company in return for freeing access to the data," he says.

One of the most common fraud tactics is social engineering, in which a criminal persuades the victim to take a particular action, such as sharing private information or even wiring money. This is often done via email, a technique known as phishing. Jeff Kennedy, executive vice president at Regions Bank explains that an increasing number of business owners are falling for this type of scam, in part because fraudsters have gotten more sophisticated and targeted in their approach. "They have done their research on your business," he warns. "They are going to be convincing, so you have to be on guard. We have seen examples of incredibly well-done phishing emails, and we have seen customers lose millions. It can be devastating."

In February 2015, a controller of an Omaha-based company lost $17.2 million due to an allegedly fraudulent email designed to look like it came from the CEO. That company is not alone. McAfee found that only four percent of executives worldwide could tell the difference between a real email and a phishing email 100 percent of the time.

How to protect your business

First and foremost, be skeptical, urges Kennedy. "We are way too trusting as human beings. Yes, you are focused on running your business, but all can be lost by being too loose with information and not adopting a protective posture."

Additionally, follow these fraud prevention tips:
  1. Before clicking on a link, hover over it and click the right mouse button. This will allow you to see where the link actually leads. If it looks strange or ends in an unfamiliar suffix, do not click.  
  2. Create clear guidelines for initiating company payments. "Always use dual authorization. Make sure your process for fulfilling payments isn’t all in the hands of a single employee," says Kennedy.
  3. Make sure the computer you use to create payments isn’t also used for general Web surfing.
  4. Install proper firewalls and security software. Keep your software updated.
  5. Monitor your business credit, just like you do your personal accounts.
  6. Monitor your online bank accounts frequently. "Review your accounts daily. If you make it part of your routine, you’ll pick up on fraudulent activity much faster," says Kennedy.
  7. Take advantage of alert features offered by your bank. Typically, you can request to receive a text or email message whenever a purchase is made over a certain dollar amount. 
  8. Shred discarded documents containing sensitive information. "Dumpster diving identity thieves turn your trash into their gold," cautions Weisman.
  9. Change your passwords frequently.
  10. Take advantage of EMV technology. EMV chip cards encrypt sensitive information and have dramatically reduced credit card fraud in Europe. This October, several U.S. payment networks will take the position that business owners are liable for a fraud that takes place when their business doesn’t have a chip-enabled card reader (and the fraud occurred when a customer used a chip card). Contact the company that handles your payment processing to upgrade your terminals.   

By staying alert, training your staff to do the same, and embracing sound risk management practices, you can reduce the likelihood of falling victim to fraud.


On a scale from 1 to 5, with 1 being 'Not Good' and 5 being 'Excellent', how would you rate this article?

Press enter to submit your rating

Rate this Article

Use this form to provide additional feedback based on the rating you provided.

Thanks for Rating

Would you like to provide feedback?

Thanks for your feedback!

This information is general in nature and is provided for educational purposes only. Information provided and statements made by employees of Regions should not be relied on or interpreted as accounting, financial planning, investment, legal, or tax advice. Regions encourages you to consult a professional for advice applicable to your specific situation. Information provided and statements made by individuals who are not employees of Regions are the views, opinions, or positions of the individual who made the statement and do not necessarily reflect the policies, views, opinions, and positions of Regions. Regions makes no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information presented.