Cybercriminals Crack the Code to Your Business Accounts

April 9, 2010

This month’s guest post is courtesy of Theresa Payton, the Chief Advisor and CEO of Fortalice, LLC.

Have you ever had your credit card company reverse a charge on your card because it was not you?  Sounds reassuring, right?  Well, if you are a business owner, those same protections do not extend to you.  Cybercriminals know this!  Business owners are a prime target of cybercriminals.  The cybercriminals target your business using hundreds of thousands of computers in their control, often called bots, short for robots.

It is a business owner’s worst nightmare – Imagine logging into your business banking account to make your payroll and the balance is zero.  Unlike your personal card or bank account which are protected under a law known as Regulation E, many people do not realize that banks are not always held liable.


ASSUME YOU ARE EXPOSED:  You may not be protected-These attacks are exposing something little known in the business world.  Those protections you have when your personal card is used by a fraudster or when someone steals money out of your personal account fall under the protections of Regulation E (electronic funds transfer) and they do not transfer to business accounts.

FINANCIAL RUIN:  Devastating consequences – one firm in NY is facing bankruptcy because thieves stole more than $160K from the company by hiding behind a computer virus and their bank says they are not liable

STAGGERING STATISTICS:  The Ponemon Institute and Guardian Analytics conducted a survey with over 500 executives and owners of Small-Medium Size Businesses across the United States.  As of March, 2010, here are the stats:

  • 55% of businesses reported experiencing fraud in the last 12 months, with 58% enabled by online banking activities.
  • 80% of banks failed to catch fraud BEFORE dollars were transferred out of their institution.
  • In 87% of fraud attacks, the bank could not fully recover 100% of the dollars taken.
  • 57% of the respondents that experienced a fraud attack were NOT made whole by their banks, in essence, the business ate the expense.
  • 26% were not compensated for any part of their losses.
  • 24% of businesses claim that their banks do not provide a policy explaining the bank’s responsibilities to secure and protect their companies’ accounts from fraud.


    •  EMPLOYEE AWARENESS YOUR GREATEST WEAPON:  Train your employees not to click on links in emails or open attachments.
    •  RESERVE A COMPUTER FOR BANKING:  Consider reserving one computer that is only used for your online business banking access and do not allow anyone to surf the net on that computer.
    •  ANTIVIRUS:  Keep you Antivirus software up to date.
    •  Windows Users:  If you use Windows, use Internet Explorer version 8.  Turn on the Protected Mode and set your Internet Zone Security to High
    •  Mac Users:  If you use Mac, pay attention when your Mac prompts you to allow software to be installed.  Make sure your security settings are set to high.
    •  SEEK PROTECTIONS: Talk to your banker to see what your protections are.
    •  DUAL CONTROLS:  Ask your bank to set up dual controls on your account so every transaction requires the approval of two people.
    •  SWEEPING:  Consider sweeping, or moving, your company balances into a consumer account to earn additional interest and protect your money.
    •  LIMITS:  Establish a daily limit on transfers to/from your accounts.
    •  CONFIRMATION:  Require that all transfers be confirmed via phone call or text messages.
    •  ELECTRONIC ALERTS:  Set up alerts on your online banking system to alert you via text or email every time money is withdrawn from your account.
    •  BALANCE CHECK:  Check you bank balances every day.
  • LOCK:
    •  RESTRICTIONS:  Ask for restrictions on adding new payees.
    •  CONSUMER OPTIONS:  Talk to your CPA to see if you could qualify using a consumer account for your business  and whether or not that is the right option for your company’s bank account.

What to do if you think you are a victim:

First Step-Call Your Bank:  Contact your bank immediately to see if they can reverse the transactions.

Notify Local Law Enforcement:  Contact local law enforcement to file a report

Contact the FBI:  Contract the FBI to report the internet fraud.  You can reach them via which is their Internet Complaint Center.

Creditors:  Contact all of your creditors and notify them of the issue.

Keep a log:  Keep detailed notes and records of everyone that you notify

If you want to learn more about Consumer Protections, look up Regulation E, also known as the Electronic Funds Act:

Theresa Payton is the Chief Advisor and CEO of Fortalice LLC.  Fortalice provides security, risk and fraud consulting services to small to large companies and the government.   She also hosts a weekly segment on Charlotte’s WBTV CBS station called “Protecting Your Cyberturf” with audio and webnotes posted at  For more information or to contact her, visit her company’s website at

Donna Bordeaux, CPA with Calculated Moves

Creativity and CPAs don’t generally go together.  Most people think of CPAs as nerdy accountants who can’t talk with people.  Well, it’s time to break that stereotype.  Lively, friendly, and knowledgeable can be a part of your relationship with your CPA as demonstrated by Donna and Chad Bordeaux.  They have over 50 years of combined experience as entrepreneurial CPAs.  They’ve owned businesses and helped business owners exceed their wildest dreams.   They have been able to help businesses earn many times more profit than the average business in the same industry and are passionate about helping industries that help families build great memories.