Blog: Opinions

Business banking fraud. Keep your eggs in TWO baskets. Here’s why…

Ken Munro 26 Mar 2019

This post has a cautionary tale all about spreading your business banking fraud risk.

So, does your business have two bank accounts, with different banks?

No? Then you would be well advised to do so, or risk being left unable to trade.

WHY?

Business banking ‘cyber’ fraud is increasingly common; I receive several calls per week from organisations that have had their corporate bank accounts pilfered by cyber crooks.

It usually transpires to be a phish giving the attacker a back door on an accounts payable desktop, and sometimes it’s something as simple as invoice fraud leading to funds being paid to a scammers bank account.

Cyber liability insurance can be effective at covering these losses, often providing far better cover than a basic theft policy.

However, banks are rightly taking action to minimise losses. By detecting unusual transactions, freezing accounts suspected of receiving fraudulent transfers and exchanging data, frauds can be mitigated to a point.

For far too long, banks have been understandably reluctant to accept liability for fraud. If the customer gets hacked and funds are stolen, why should it be their problem?

However, a number of cases have indicated that not taking appropriate, swift anti-fraud action may leave the banks liable in some cases. Unsurprisingly, changes have occurred!

This has meant that accounts are being frozen whilst investigations take place, to minimise the loss of monies.

That’s great, right?

Well yes, if you don’t want to lose money.

Not so great if you want to carry on trading though!

Even worse if your accounts have been frozen through an administrative error, or anti-fraud software flagging an issue incorrectly.

Surely that wouldn’t happen? It does, rather more than you might think. It happened to a close friends’ business last week.

Being unable to access their funds created instant reputational damage with their customers: Hundreds of thousands of pounds of payments couldn’t be made.

Fortunately, it was well before the busiest time for transactions; month end. How would one explain to staff that payroll wasn’t being covered as the company bank account was frozen whilst fraud was being investigated?

It doesn’t read well, does it?!

My friend spent years designing out single points of failure from his business, yet missed one: All of their business bank accounts were with one bank. All of them locked.

That was not a good day. We’ve seen reports of businesses being hamstrung for up to 50 days for this very reason.

In this case, the following day the bank realised they had made an error and quickly unlocked the account. I wouldn’t want to be the relationship manager for that customer…

Advice

Most businesses hold their accounts with one bank. I strongly recommend you change that in order to remove the opportunity for fraud errors damaging your business. Whilst I accept that genuine fraud data should be shared and there is potential for accounts to be locked across multiple banks, it makes the consequence of individual bank errors less serious to your business.

We already have some funds held overseas for our foreign operations. Whilst it would be expensive to move these monies back to the UK in a hurry, this could be another route to mitigate this threat.

Today’s lesson: don’t put all of your eggs in one basket.