By Theresa Wiese, Managing Director of Compliance & Risk Management
When payment fraud hits businesses’ checking or savings accounts, it can be challenging to determine the next steps. How do you mitigate the risks and losses including operations, legal, and monetary? Like many business owners, you may presume you have the same protections against liability as consumers do, but this is just not the case.
Electronic payments include automated clearinghouse (“ACH”) transactions, wire transfers, and debit card transactions. If you are a business account holder, you have much less time than consumers to report cases of fraud. You also have more liability and less protection as compared to consumer account holders. For example, personal account holders have upwards of 60 days to report any case of electronic payment fraud to their financial institution; businesses have only 24 hours to report fraudulent electronic payment fraud.
Are banks just tougher with businesses? No, personal and business accounts are governed by different rules and restrictions. Consumer electronic transactions are governed under Federal Reserve Regulation E (12 C.F.R. Part 205) and National ACH Association (“NACHA”) rules. According to Regulation E, the consumer is not liable for an unauthorized ACH (debit) transaction unless the consumer fails to dispute it within 60 days of the bank sending the statement showing the unauthorized transaction. Under the NACHA rules, if a consumer disputes an ACH transaction within 60 days of the settlement date, the bank (as the receiving depository financial institution) must recredit the consumer and may return the transaction to the originating depository institution. Even though Regulation E and NACHA rules start the clock at different times (the date the statement is sent versus the settlement date), both indicate that the consumer will not be liable for an unauthorized transaction if that consumer disputes the transaction within a reasonable timeframe. This ensures the consumer is reimbursed for lost funds due to fraudulent activity.
Business clients do not have the protections of Regulation E. Federal protection for businesses that experience ACH fraud falls under the Uniform Commercial Code (“UCC”). The burden is on the business to notify the financial institution immediately if there is a disputed transaction. Within 24 hours, all the liability for fraudulent transactions shifts from the financial institution to the business. As a result, First Business Bank recommends you reconcile your accounts and review online activity daily to catch fraud quickly and reduce your risk of losing money and time to remediate the fraud.
The 2020 AFP Payments Fraud and Control Survey found that checks are the payment type most often targeted by fraudsters. Among the surveyed firms, 74 percent of organizations experienced check fraud in 2019 — up from 70 percent in 2018. Additionally, 33 percent of businesses experienced ACH debit fraud.
Many financial institutions, including First Business Bank, have Commercial Client Standards of Care language within the terms and conditions of their Deposit Account Agreements. Commercial Client Standards of Care generally state that the bank offers products and services and security procedures that serve as precautions that the business must take to decrease the risk of unauthorized transactions and are designed to detect and/or deter fraud. These services may include ACH Debit Block, Positive Pay, Payee Positive Pay, and ACH Positive Pay. The terms and conditions also note that, should a commercial client fail to take reasonable precautions to mitigate the risk of fraud, they hold the bank harmless and assume all liability resulting from any losses or damages that could otherwise have been prevented by such security procedures or precautions, including, without limitation, losses or damages resulting from any unauthorized, altered, counterfeit, or fraudulent check or ACH transaction.
First Business Bank recommends taking a proactive role in dealing with fraud risks:
- Learn about First Business Bank’s fraud mitigation services and consider enrolling in them.
- Review and understand the provisions of your Deposit Account Agreement.
- Contact First Business Bank immediately if you suspect fraud.
- Enroll in online banking and monitor your accounts daily.
- Set up fraud alerts to notify you immediately via email or text message.
- Review your liability insurance policy and consider adding coverage for loss due to account fraud.
- Check out our fraud protection checklist for other best practices to mitigate payments fraud.
For more about preventing payment fraud in your business, view or listen to our Managing Payment Fraud Risk episode of the First Business Bank Podcast.ACCESS PODCAST