As outlined in Javelin’s recent 2016 Small Business Fraud Report, the three biggest fraud threats to small business banking customers are data breaches, malware, and business email compromise (BEC). Unfortunately, from a prevention perspective, this threat makeup remains widely misunderstood among small business owners and decision makers.
In fact, most business owners think of fraud as if they were consumers protecting their personal accounts. When asked about the greatest fraud threats to their business, entrepreneurs — especially operators of microbusinesses — indicated they were most concerned with malware stealing online banking credentials and data breaches of payment information. Those concerns are certainly justifiable, but there exist more enterprise-specific threats that should be part of a business owner’s concerns.
When it comes to data branches, the most common targets are business plans, financial account information, and personal or payment data of employees. Much of that data is sold to other criminals to either perpetrate fraud against individual members of the company, or to use the information for attacks targeted at the business like an email compromise. Direct breaches of payment information are actually of lower concern than the types of breaches listed above, despite being No. 2 on the list of concerns for respondents.
And the most underrated, and perhaps most dangerous, threat is business email compromise, especially for those with international suppliers. BEC is a scam in which a fraudster compromises the legitimate business email accounts of owners or employees and uses them to request and/or authorize wire transfers or check payments. Total domestic losses from BEC reached $1.2 billion in 2015.
- Educate and deputize -- Banks have opportunity to educate businesses of all sizes that may be vulnerable to certain fraud risks or unfamiliar with fraud risks. But most importantly, it represents an opportunity for banks to deputize their customers against fraud.
- Mandate account alerts -- help mitigate the risk of fraudulent transactions, breaches, and changes of account information by keeping the business owner and trusted users abreast of activities via email, text, or push notifications.
- Develop and provide business owners the option to use more comprehensive solutions -- dual authorization for transactions, client-side malware or a secure browser, and biometric authentication. Setting up workshops in the branch for customers and helping them work through new features and specialized needs would go a long way in deputizing customers, and making them feel like they have a partner in preventing fraud losses.
Fraud is a large growing issue with $3.1 billion in losses for small and micro businesses in 2015. About 6% of businesses experiencing an unauthorized payment on one or more of their accounts. That compares with $15 billion in fraud losses among U.S. consumers as a whole. And when compared to consumers, the average fraud amount for an individual case committed against small businesses is eleven times greater.
Banks that are slow to act in preventing fraud against small business customers face a twofold threat: devastating amounts of customer attrition and potentially costly litigation.
This blog is an excerpt from Top Opportunities in Small Business Digital Banking. The report outlines nine key opportunities for small business bankers to reverse the trends of relationship fragmentation and commoditization, and create services that build engagement and demonstrate the bank’s role as a trusted financial partner.