Phishing, invoice fraud, and card skimming are three prevalent schemes to watch out for.

While electronic funds transfers (EFTs) offer a more convenient and secure alternative to checks and cash for business transactions, they still involve some risks. These transactions – which include debit card payments, ATM withdrawals, and automated bill payments – aren’t immune to fraud. Business owners and managers need to know how to respond.

In this article, we’ll explain the applicable laws, common EFT scams, how to proactively protect your business, and what to do if you’re targeted.

Understanding the Rules for Businesses

EFT fraud can strike individuals and businesses alike. But when it comes to reporting incidents, the rights and responsibilities of individuals and businesses differ significantly.

Personal account holders are covered by the Electronic Fund Transfer Act (15 U.S.C. ch. 41 § 1693 et seq.), implemented through Federal Reserve Board Regulation E. The Act says:

• If a consumer notifies their financial institution within two business days of discovering a lost or stolen debit card or a suspicious transaction, their liability is limited to $50.
• If the report is made within 60 calendar days, the liability increases to $500.
• Once a report is made, the financial institution must promptly investigate the claim.
• The institution must either credit back the funds or provide a detailed written explanation if no fraud is found.

Businesses, on the other hand, are not covered by the Electronic Fund Transfer Act. Instead, they are subject to the Uniform Commercial Code, specifically U.C.C. – Article 4A – Funds Transfer.

• Businesses are held to a higher standard for monitoring their accounts and reporting unusual activity.
• The Code does not specify an exact time frame for reporting suspicious activities.
• It requires a “commercially reasonable” security procedure and “good faith” from the financial institution.
• Specifics are determined by the agreement between the business and the financial institution.

In practice, this means that businesses are commonly required to report suspicious EFT activity within 24 hours. This is the case for most business account holders. Your EFT agreement should have been provided when you opened your account, and you can request a copy at any time for your review.

Fraud protection services offered by debit card issuers (e.g., Visa or Mastercard) may go above and beyond these legal safeguards in qualifying circumstances. As with federal law, coverage typically differs between personal and business cardholders.

3 Types of Business Debit Fraud to Watch Out For

Debit card and EFT fraud are evolving threats that target businesses of all sizes. Here are three prevalent schemes to watch for:

1 Phishing.

Scammers send emails posing as your financial institution or a supplier to glean sensitive information like login credentials or account numbers. Be wary of unsolicited emails, text messages, or phone calls requesting such information. It is better to navigate to sites yourself instead of clicking on emailed links.

2 Invoice fraud.

Scammers send fake invoices that appear to be from a known vendor, but the payment instructions divert funds to the scammer’s account. Be sure to confirm payment details directly with vendors before making payments.

3 Card skimming.

Scammers use a small electronic device known as a skimmer to capture debit card information during legitimate transactions at ATMs or stores. Use your card’s tap-to-pay functionality whenever possible.

4 Ways to Stay Safe

To further fortify your business against EFT fraud, consider these proactive steps:

1 Train your employees to spot fraud.

Regular employee training sessions on recognizing and responding to suspicious activities can significantly enhance your business’s security.

2 Sign up for online banking and enable alerts.

Gaining anytime, anywhere access to your accounts and enabling alerts makes it much easier to monitor debit activity. Regularly checking your account activity helps keep you aware of potential threats.

3 Consider a business credit card.

Compared to business debit cards, dedicated business credit cards may offer more robust fraud liability protection.

4 Explore insurance solutions.

Many businesses are now investing in cyber insurance to help mitigate the risk of EFT fraud. Fidelity bonds may also provide protection against employee misconduct.

What To Do If You’re Targeted

If you suspect EFT fraud –such as an unrecognized transaction or lost credentials – immediately contact your bank to report the issue. To stay informed of suspicious activity, enroll in online banking, monitor your accounts daily, and set up fraud alerts.

Protect Your Bottom Line

For personalized guidance on keeping your business safe from fraud, contact our business banking representatives.

0