An executive at a 120-employee company receives a call at 10:50 a.m. from a representative at his bank, who asks him if the firm has made any recent wire transfers. The executive says no. In fact, 47 transfers have been made over the previous three hours, to accounts in far-flung places such as Russia, Scotland, Finland and China. The executive tells the bank rep not to honor any additional transfer requests, but over the next three hours, 38 more fraudulent wires are sent from the company's accounts, resulting in a loss of $560,000 for the company. This is just one instance of the growing trend of online fraud perpetrated against business bank accounts. In the case above, an employee of Experi-Metal Inc. (EMI), a manufacturer of specialty metal products in Sterling Heights, Mich., opened an e-mail that appeared to be from Comerica, its bank for over a decade. The e-mail said Comerica needed to perform maintenance work on its banking software and instructed EMI to log in to a linked Web site.
The employee logged in and provided the requested information. Alas, that information was obtained by fraudsters--most likely captured by so-called malware surreptitiously planted in the computer's operating system. The fraudsters "immediately began sending wire transfers out of EMI's bank accounts with Comerica, sending the funds to various foreign and domestic accounts," according to the complaint EMI filed in November 2009.
The time may come when such transfers become necessary, Evans adds. But for now, "I do not open that portal up to my account," he says. "The only way to get into the account is when I write a check or initiate a wire transfer with our letterhead, and the bank calls to verify" the transaction.
If more businesses adopt Evans' newly conservative approach to making payments because of concerns about online fraud, many of the efficiency gains that have bolstered banks' profits over the last few decades could erode. Some banks are clearly aware of that danger and have taken more steps to protect small and midsize business customers.
Some Basic Steps to Deter Malware
Timely "patches"--updating software--are critical for businesses to safeguard online access to their bank accounts from malicious malware used cyber thieves to hijack computers and pilfer corporate bank accounts.