As the owner of a cloud computing and IT support company, I am very much aware of the threat of cybercrime and the need for small and mid-sized businesses to focus on security. I want to share a recent experience I had in my own company to reinforce that even a small business can be the target of fraudulent activity.
I recently received a call from my bank, Comerica, questioning a check for $4,936 that was submitted to my business account for cashing. They said it had the Computer Technologies, Inc. name, was signed as “Tammy - authorized signature", and came through Chase Bank’s electronic deposit ACH. The check also carried Computer Technologies' correct bank routing and bank account number. Luckily, they noticed that the check # was a 5 digit number and Computer Technologies is currently using check numbers that are only 4 digits. If Comerica hadn't noticed and contacted me to verify, the money would be gone and my only recourse would be that Comerica would have to open a claim with Chase which would have taken 90-120 days to investigate. And there would be no guarantee that we could recover our money. In the meantime, I would be without approximately $5,000.
Comerica shared with me that some of the best practices to following in order to prevent this type of fraud is to review your bank account every morning, and enable text message alerts for withdrawals over a certain amount. They recommend these steps because if your report suspicious activity within 24 hours of the transaction, they are able to put the money back into your account within 48 hours. Otherwise, it normally takes 90+ days to see your money, if you ever see it again.
Coincidently, the following week, I was reviewing our account and noticed two very small deposits (under .25 cents each) from American Express Bank. These types of deposits are typically an attempt to setup a link to your bank account. Neither Comerica nor American Express Bank were able to identify who initiated the deposits. Appropriate measures were taken to change passwords and also setup deposit notifications (which work similar to the withdrawal notifications mentioned above) as an extra measure to monitor our accounts.
Contrary to what many people believe, the FDIC doesn't reimburse banks for fraud against business accounts. The FDIC only insures your account against the failure and collapse of the bank. In other words, you and your business are not protected from this type of fraudulent activity by the FDIC- the only true protection you have is you.
As a business owner, I wanted to share our situation and what we learned with other business owners and key executives so that you can prevent this type of fraudulent activity from happening to you.