man pressing data protection button
Corporate Account Takeover is an evolving electronic crime typically involving the exploitation of businesses of all sizes, especially those with limited to no computer safeguards and minimal or no disbursement controls for use with their bank’s online business banking system. These businesses are vulnerable to theft when cyber thieves gain access to its computer system to steal confidential banking information in order to impersonate the business and send unauthorized wire and ACH transactions to accounts controlled by the thieves. Municipalities, school districts, large non-profit organizations, corporate businesses, and any customers that perform electronic transfers are potential targets. Losses from this form of cyber-crime range from the tens of thousands to the millions with the majority of these thefts not fully recovered. These thefts have affected both large and small banks.
This type of cyber-crime is a technologically advanced form of electronic theft. Malicious software, which is available over the Internet, automates many elements of the crime including circumventing one time passwords, authentication tokens, and other forms of multi-factor authentication. Customer awareness of online threats and education about common account takeover methods are helpful measures to protect against these threats. However, due to the dependence of banks on sound computer and disbursement controls of its customers, there is no single measure to stop these thefts entirely. Multiple controls or a “layered security” approach is required.
A current scam targeting corporate clients is Business Email Compromise in which a legitimate business email account is compromised through social engineering or computer intrusion techniques to impersonate an executive and conduct the unauthorized transfers of funds. The key to reducing the risk from BEC is to understand the criminals’ techniques and deploy effective payment risk mitigation processes. (See the News and Resources section below for more information.)
Losses associated with these frauds can be substantial and devastating to the business. As banks have implemented controls to detect, prevent and respond to these frauds, businesses must do the same. Banks play an important role in this partnership by educating their corporate clients on the evolving risks, providing them with tips to identify these threats, and ensuring the customers take advantage of security controls offered by the bank to protect them.