Frauds involving electronic transfers of funds from the accounts of small and midsize companies that bank online exploded last year. A recent survey of smaller businesses by the Ponemon Institute and Guardian Analytics found 55% had experienced fraud in 2009, with 58% of that involving online banking.
"We've really seen a marked increase in the level and severity of fraud attacks perpetrated on the small business community," says Terry Austin, CEO of San Francisco-based Guardian, which provides fraud detection software for banks.
Regulators have taken notice, with the Federal Bureau of Investigation and the Federal Deposit Insurance Corp. among the agencies that have issued warnings.
Austin says the increase reflects both the growing sophistication of hackers and the fact that criminals have shifted their focus from consumer accounts to those of small businesses, which usually involve larger balances.
The online banking frauds generally occur after cyber criminals introduce viruses into a business's computer systems to harvest its banking passwords, which they use to transfer funds. "Spear fishing" e-mails that hackers use to get a virus onto a company's computers have become much slicker, Austin says. "We're facing very, very sophisticated-looking correspondence that names the person within the company, knows their job title, knows who they correspond with." Viruses can also be introduced if an employee clicks on an infected Web site.
According to the survey, banks were unable to recoup all the lost funds in 87% of the fraud cases. Companies don't enjoy the same protections in cases of bank fraud that consumers do, and the survey found that businesses were not fully compensated for their losses in 57% of the banking fraud cases, and were not compensated for any of their losses in 26% of cases.
Austin says companies should be aware of their bank's policies on reimbursement in cases of fraud and should educate finance staffers about the extent of the threat. They should also check that the software protecting their computers against viruses is up to date, and "should regularly monitor their accounts for missing funds," he says. Businesses also need to understand the extent of their bank's investment in technologies to protect against such frauds, Austin says.