Preventing thieves from taking over your business checking account

Yesterday I warned about the dangers to business checking accounts from the tax information hacked from the SC Department of Revenue. 

There is concern that armed with the checking account and routing numbers, the thieves might be able to fool your financial institution and directly pull money out much in the same way a credit card company or other vender would be paid.  It is my understanding that if this happens, the financial institution would be responsible for replacing the lost funds.   (If I’m wrong about the financial institution being libel for this, please contact me.)

But who needs to have this worry and possibly face writing bad checks because the balance you thought was in the account wasn’t there.  So I’ve been recommending that businesses simply close down their checking accounts that have been compromised (and 700,000 were) and re-open them.  You’ll have to pay for new checks but you’ll also have a new account number that the thieves won’t have.

However, yesterday I also talked about corporate account takeover.  This happens when the thieves target a business based on the financial information they now have (thanks to the Department of Revenue) and manage to infect the business computers with malware.  (Think this isn’t easy?  Ask the Department of Revenue.)

The malware finds the computer used for online banking and it monitors the checking account.  When the time is right, the malware instructs the financial institution to make a payment to the thieves.  This fraud is not the financial institution’s fault because the instructions for the fraudulent transaction came from the business computer.   And while such fraud perpetrated on a personal checking account would be covered by the financial institution because of federal regulation, there no requirement for the financial institution to cover a business loss (just read your online business banking agreement).

Scary isn’t it?  So what can you do? 

I only know two options.

The first is inconvenient.  Stop using online banking.  This might be a solution for some businesses but not all.

The second will cost.  Buy protection against corporate account takeover. 

Yes, this does exist.  One company will provide your business with software to download to hopefully block the account takeover malware.  But if this doesn’t work the protection plan provides for fraud loss reimbursement up to $100,000 per checking account and $500,000 per customer.  There is no underwriting and no deductible.   The price for this protection runs about $200 a year.

If you want more information about this option, just email me at sbchamber@scsbc.org.

The businesses of this state didn’t ask to be put in this position and we certainly didn’t ask to be inconvenienced or have added costs.  But here we are.

The question is—how much risk and worry are you willing accept for years into the future before you do something to protect the money in your business checking account?