Here’s how you can keep your small business safe from fraudsters
At Tide, we’re dedicated to keeping you and your business safe. We make sure our risk systems are robust and conduct thorough checks on all payments and new members. But there are some types of fraud that are harder to stop.
So our Financial Crime team have launched the Keep Your Business Safe series, discussing some of the most common types of financial crime and fraud in the UK – and how you can protect your business.
Our Head of Financial Crime, Matt, witnesses fraud cases every day. He’s on a mission to educate our members and help small businesses protect themselves from fraud. His advice for protection against APP fraud?
“If in doubt don’t respond immediately, wait until you have proof. Criminals play on panic!”
“We’ve come to realise, the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided, its time to do something new. I would say, if someone is telling you that something has changed with your contract or billing, reach out to the person you know directly and find out if its legitimately come from them. If in doubt don’t respond immediately, wait until you have proof. Criminals play on panic tactics to encourage you to act instantly. By giving yourself more time you can make the right decision. Stop, consider and confirm.”
What is APP Fraud?
Authorised Push Payments (APP) is a type of fraud where people are scammed into paying money to criminals, believing that it’s a legitimate payment. In 2017 alone, there were close to 44,000 reported cases of APP fraud, costing small businesses over £236 million. In the age of instant payments, by the time the victim has made the payment and realised that they’ve been a victim of fraud, the money has been moved on and it’s near impossible to be retrieved. Unlike other types of fraud, such as card fraud, banks and financial institutions don’t have to reimburse victims of APP fraud, making it particularly devastating for victims.
How can I protect my business?
To help keep your business safe from APP fraud, get smart about the most common ways it happens:
1. Invoice fraud
One of your normal suppliers emails you saying that they’ve changed their bank account details, and asks you to pay an outstanding invoice to their new bank account. The email address looks legitimate, and it’s come from your normal contact there – nothing out of the ordinary, right?
Not quite. Fraudsters spend time researching your company to know who your suppliers are, how often and how much you pay them – and they’ll try to use that information to defraud you. Your supplier’s “new account details” actually belong to a fraudster, and by the time you’ve paid the outstanding invoice and realised the email wasn’t legitimate, it’s too late and the money has long gone. This is called invoice fraud.
What can you do to protect your business from invoice fraud:
- If you ever receive a notification from a supplier saying they have changed their bank details, pick up the phone and verify it with them.
- Make sure anyone in your company that can authorise payments is alert to this type of fraud.
- Follow up with the supplier once you’ve made the payment to ensure they have received it, that way if you have made a payment to a fraudster you’ll realise immediately and may be able to retrieve the money.
- Where possible, remove any information you have publicly about suppliers or companies you work with, to make it harder for fraudsters to research your company and target you.
2. Social engineering fraud
You receive a call from your banking provider saying that your account has been hacked, and you need to move your funds into a new account. They’ll quote a few recent transactions you’ve made or they may even be aware that you’ve previously been the victim of fraud.
More often than not, it’s actually a criminal posing as your banking provider. The new account that you’ve moved your funds to is operated by them. By the time you let your banking provider know, the fraudster’s moved the money out of the account through a series of complicated transfers to make it near impossible to trace it.
What you can do to protect your business from social engineering fraud:
- If you ever receive a phone call from someone claiming to be your banking provider, don’t make the transfer. Find your banking provider’s phone number (usually on the back of your card) and ask them to confirm whether or not the request was valid.
- Tide will never ask you to move your money to a new account. If you receive a call from anyone claiming to be from Tide, end the call and let our Member Support team know immediately via the in-app chat.
3. CEO fraud
CEO fraud is where a fraudster impersonates the CEO or manager of the company. They’ll instruct an employee, usually in the finance department, to make a high-value payment to an account in the fraudsters control.
This type of fraud is also on the increase and one that we want our members to be aware of.
We’ll go into much more detail about CEO fraud, including some case studies and tips, in the next Keep Your Business Safe blogpost. Stay tuned – and stay safe!