Business Banking: Understanding Account Takeover Fraud and the Importance of Dual Control within your Digital Banking Platform
In 2014, the case of Choice Escrow & Land Title vs. BancorpSouth Bank made headlines. Choice Escrow & Land Title, a corporate account holder with Bancorp South, became a fraud victim when over $400,000 was stolen by external hackers who accessed an employee’s account via a phishing scam. Choice Escrow & Land Title became one of the most notable cases of corporate bank account takeover fraud.
Since the ruling of this case, account takeover fraud attempts have exploded, and are becoming more difficult to detect. Statistics report that account takeover fraud surged by 250% year-over-year in 2020, with the financial services industry amassing for 72% of attacks.
In this blog post, we’ll discuss the impact of account takeover on business owners and best practices that your financial institution can implement to ensure the best protection.
Bank Account Takeover and Its Impact on Businesses
Account takeover (ATO) is a form of identity theft and includes, but is not limited to, email, online shopping, and online banking accounts. Cybercriminals use a luring method like phishing emails to obtain a victim’s login credentials to gain access and make fraudulent purchases or steal funds. In the case of business banking, corporate account takeover (CATO) occurs when fraudsters gain access to a business’ account to initiate unauthorized transactions like fund transfers, ACH or wire transfers. They can also alter payroll files, edit account information, and hijack sensitive information from both employees and account holders.
CATO is costly for an organization to repair, and can cause permanent damage as a result of:
- Reputational damage - Regardless of the source of fraud, customers of the business and account holders of the related financial institution may view them as untrustworthy.
- Financial damage – Unlike consumer accounts, business accounts are not always protected from unauthorized activity and may be held responsible for chargebacks and transaction disputes.
- Legal and regulatory fees – if sensitive customer or member information is taken, regulatory bodies and consumer protection entities can levy fines or fees on a business.
The Importance of Dual Control
Although CATO greatly affects the organization, this fraud can also negatively impact the relationship a business has with its primary financial institution. As a result, business partners may opt to bank with another institution, increasing attrition.
Ensuring dual control settings are enabled on digital banking platforms gives business account holders a “second set of eyes” on account activity, helping to impede fraud attacks.
What is Dual Control?
Dual control within an online banking solution is a built-in feature and ‘security check’ that requires at least two separate individuals, or “sub-users”, to approve and complete transactions or ACH batches over a set limit - one person may either initiate or approve a transaction, but that person cannot perform both. This prevents a single user having full control – in this case, prevents a fraudster from moving money out of accounts.
Benefits of Dual Control
Dual control functionality protects both your institution and your business banking account holders:
- Enables approvals for transfers and payments over specified dollar thresholds
- Increases control over what data can be viewed
- Permits which transactions, updates, and modifications can be performed and by whom
- Decreases the potential of data errors
With more control over what can be viewed and accessed, fraud risks can be greatly reduced as business data is more protected.
Understanding the risks and impacts an account takeover can have on your business banking account holders is vital to delivering quality customer and member services. Download a copy of our rock-solid security best practices to reinforce your institution's security processes.
NXT, Alogent’s unified online, mobile, and digital banking platform marries consumer and business banking functionality, marketing, branding, and enterprise-grade security in a single, turnkey solution.
NXT: Watch a 2-Minute overview video
Download: rock-solid security best practices
Be the first to know! Click below to follow us on LinkedIn for news and content updates!