As Small Business Online Banking Fraud Grows, So Do Efforts to Curb It

Password controls, stronger authentication and customer PC security scans among the measures that can help.

USA Today has posted an article suggesting that cybertheft activity has made online banking too risky for small businesses to handle. "'Any organization that cannot survive a sudden five- or six-figure loss should consider shunning Internet banking altogether,' says Amrit Williams, chief technical officer of security firm BigFix," the article states. "'Online is a very dangerous place for any small organization to be right now,' he says."

According to the article, the FBI has investigated more than 200 cases, mostly in 2008 and 2009, in which cyber criminals executed $100 million worth of fraudulent transfers and made off with $40 million. The story offers a couple of examples. In one, Western Beaver County School District in Pennsylvania is suing ESB Bank for executing 74 unauthorized cash transfers totaling $704,610 during Christmas break a year ago. In Bullitt County, Ky., in June, unauthorized transfers totaling $415,989 were moved out of the payroll account the county kept at its bank, First Federal Savings Bank of Elizabethtown.

But the article fails to recognize that there's much small businesses and banks can do and are doing to prevent such unauthorized transactions.

While the FBI and the ABA have recommended that small business owners do their online banking on a separate PC to prevent hackers from accessing banking accounts, that's just one tool in the toolbox, says Doug Johnson, vice president of risk management at the American Bankers Association, who spoke to Bank Systems & Technology in an interview this afternoon.

Small business owners can request that their bank limit the dollar value associated with transactions, he says. They can put password controls in place such that they change their passwords on a continual basis and don't share user name and password information with third party providers. They can ensure their firewalls are properly managed.

"When the forensics are done [on small business online banking fraud] that's been where the failures have been found, in standard computer hygiene at the business location, where they're not keeping their signature files up to date, maybe they don't have spyware protection on the machine," he notes. financetech