Small businesses can protect themselves by making employee fraud prevention a priority

Helping protect your business from fraud. We provide a variety of resources to help you protect your business.

Solutions to help safeguard your business

Consider these guidelines when developing a fraud prevention program:


  • Monitor account activity and statements. Reconcile and monitor account activity frequently to identify suspicious transactions. Protect access by going paperless and sign up for Online statements
  • Protect all accounting documents by securing check stock, signature equipment, invoices and critical account information
  • Use only approved vendor listings. Routinely check the list of approved vendors. Be wary of unknown vendors, vendor names that are similar to other vendors, vendors with no physical address or phone number and a vendor’s address that matches an employee's address
  • Centralize payroll check distribution. By centralizing payroll, management can help eliminate "ghost" employees; including fictitious persons on the payroll, employees still on the payroll that no longer work for the company, or friends and relatives of an employee
  • Implement dual controls. Institute dual control for high risk self-administration services. For example, the person writing the check should not be the person reconciling accounts and transactions
  • Conduct employee background checks. Verify educational and employment history, as well as references, to ensure no previous history of fraud or other illegal activity exists. For employees that will manage company assets, it is especially important to conduct credit checks, if authorized by the candidate
  • Create a fraud policy. Design, publish and implement a fraud policy that establishes expected employee conduct, prohibited actions, how fraud can be reported and the punishment for non-compliance
  • Conduct routine and unannounced checks on high risk areas of your business, including the financial and inventory departments for vulnerabilities and possible fraudulent activities
  • Train employees in fraud prevention. Employees serve as the eyes and ears of a company and by ensuring that your staff is knowledgeable about basic fraud prevention techniques, you'll establish a first line of anti-fraud defense
  • Ensure employees take vacations. Employees undertaking fraudulent activity may not take time off because they are fearful of someone catching on to their indiscretions. Ensure all employees take vacations so no one in the organization has physical in-person control over their area of responsibility each and every day of the year
  • Contact your business insurance provider and review your business insurance policy to determine if it provides coverage for employee dishonesty

If you notice suspicious activity on your Bank of the West accounts, call us at 1-800-488-2265. TTY 1-800-659-5495.

Additional resource:
FCC Small Business Cyber Planner: http://transition.fcc.gov/cyber/cyberplanner.pdf

Business account takeover prevention

What is business account takeover?

Business account takeover occurs when cyber criminals gain control of an account by stealing the business’ online banking credentials. Most commonly, they gain access by utilizing malware, commonly distributed via email links, phishing scams, social networking sites and malicious websites.

To get access to financial accounts, cybercriminals target employees, (often senior executives, accounting or Human Resources personnel and business partners) and trick the targeted individual into spreading malicious software (malware) which steals personal information and log-in credentials.

Once an account is compromised, the cybercriminal is able to electronically steal money from business accounts. These criminals also use various attack methods to exploit check archiving and verification services letting them issue counterfeit checks, impersonate customers to arrange funds transfers, copy legitimate communications from financial institutions to verify transactions, create unauthorized wire transfers and ACH payments, or initiate other changes to the account. In addition to targeting account information, cyber criminals also seek to gain customer lists and/or proprietary information.

How to help prevent business account takeover:

  • Establish a business account risk management program
  • Perform a risk assessment on medium- and high-risk business accounts
  • Review annually the funds transfer program, remote deposit capture program, and other commercial online banking services
  • Enhance your computer security and networks
  • Minimize the number and restrict the functions of, computers that are used for online banking and payments
  • Conduct online banking and payments activity from one dedicated computer that’s not used for other online activity
  • Don’t leave computers with administrative privileges or monetary functions unattended unless logged off or locked. Log off or turn off and lock up computers when not in use.
  • Use, install and maintain spam filters
  • Educate your employees in fraud prevention:
    • Bank of the West will never send customers emails asking for customer, user IDs, passwords, account numbers or other sensitive information
    • Don't open attachments or links in unsolicited emails. If a message appears to be from your financial institution and requests account information, don’t click on the links, and don’t respond to it
    • If you receive an email from a seemingly legitimate source (IRS, Better Business Bureau, Federal courts, UPS, etc.) contact the sender through a means other than the email, to verify their authenticity. Be wary of unsolicited or undesired email messages ("spam") and the links in them
    • Be wary of pop-up messages claiming your computer is infected and offering software to scan and fix it. This could be malware that will give the fraudster remote access and control of your computer
  • Install and maintain anti-virus and -spyware firewall and malware detection and removal software. Ensure that all security software for all computers is up to date
  • Enhance the security of your processes and protocols:
    • Implement dual custody. Initiate online payments under dual control using two separate computers. Reduce the risk of fraud and promote security by requiring two different users, each with their own user ID and password, to review and approve online transactions including: wire transfers, ACH, external account transfers, basic payroll payments and tax payments
    • Positive Pay. Help protect your company from theft and fraud by keeping control of your disbursement process. Receive daily alerts to potentially fraudulent items. Improve audit capabilities and save time verifying checks issued against checks paid
    • Monitor and reconcile transactions and accounts daily
  • If you notice suspicious activity, stop all online transactions and remove from the network any computer systems that may be compromised
  • Contact local law enforcement to file a report

If you notice suspicious activity on your Bank of the West accounts, call us at 1-800-488-2265. TTY 1-800-659-5495.

Additional resource:

Sound Business Practices for Financial Institutions to Mitigate Business Account Takeover: https://www.nacha.org/content/account-takeover-resource-center

Payment fraud protection

Protect your company by considering the following fraud tools and security tips.


  • Use Positive Pay. Help protect your company from theft and fraud by keeping control of your disbursement process. Positive Pay regularly compares checks presented for payment to your issued-check files to find serial numbers and dollar amounts that don't match
  • Use check stock with high security features. Security check features include: watermarks, heat sensitive ink, fluorescent fibers, micro printing, warning bands and chemical wash box
  • Establish tight controls over check stock. Keep an inventory and conduct audits. Shred outdated checks and statements
  • Ensure separation of duties. Check writers shouldn’t reconcile accounts. Delegate separate individuals for invoicing, collecting and posting funds to Accounts Receivable. Conduct periodic reviews
  • Use an ACH debit block/filter to specify which companies are authorized to post ACH debits to your accounts. Automatically block companies that aren’t authorized. Set dollar limits or block all ACH debits
  • ACH transaction review. Review and confirm ACH debit and credit transactions that post to your account. Determine if the transition is authorized and return any transactions that are not. Filter transactions you want to review by setting review thresholds based on debits, credits, company ID and dollar amounts.
  • Initiate ACH and wire payments under dual control, with one person originating the transaction and another approving it before it's sent

Know how your business works


  • Understand your organization's specific fraud risks. Conduct a thorough audit of your organization's particular vulnerabilities to design and implement internal safeguards and fraud prevention programs. Commercial online banking customers should perform risk assessment evaluations periodically
  • Protect access credentials. Never give out passwords, IDs or other authorization credentials. If you receive an email, call, or text claiming to be from your financial institution, asking for your credentials, it is likely a "phishing" attempt. Don’t respond to it
  • Update security software. Update anti-virus and anti-spyware software and firewalls regularly
  • Implement dual control. Institute dual custody for all online payment services (ACH, wire transfer, foreign exchange) and self-administration services (checks). Accounts should be reconciled daily to spot suspicious activity. The employee reconciling the account should not be a signer on, or have access to, the business account
  • Protect all accounting documents. Lock away check stock, signature equipment, invoices and critical account information

Know your employees & vendors


  • Conduct employee background checks. Verify education and employment, as well as references, to ensure no previous history of fraud or other illegal activity exists. For employees that will manage assets, it is especially important to conduct credit checks, if authorized by the candidate
  • Train employees in fraud prevention. Employees serve as the watchdogs of an organization and by ensuring that the staff is knowledgeable about basic fraud prevention techniques, they can be a first line of defense
  • Use "approved vendor" listings. This can help protect you from billing schemes and dealing with phony invoices. Management should routinely check the list of approved vendors and beware of unknown vendors, vendor names that are similar to other known vendors, vendors with no physical address or phone number or if a vendor’s address that matches an employee's address
  • Centralize payroll check distribution. By centralizing payroll, management can get rid of "ghost" employees, including fake employees on the payroll, former employees kept on the payroll, or friends and relatives of an employee
  • Create a fraud policy. Design, publish and initiate a policy that states expected employee conduct, prohibited actions, how fraud can be reported and the punishment for non-compliance
  • Conduct routine and unannounced checks on high risk areas. Check the financial and inventory departments for vulnerabilities and possible fraud

If you notice suspicious activity on your Bank of the West accounts, call us at 1-800-488-2265. TTY 1-800-659-5495.

Additional resource:

Report fraud or identity theft

Contact us to report

Fraud or suspicious activity
1-800-488-2265
TTY 1-800-659-5495

Lost or stolen credit cards
1-800-996-2638

Suspicious Bank of the West emails
abuse@bankofthewest.com