Business account security featured image
IN THIS ARTICLE

Business account security: protecting your company from rising financial fraud

Good business management means preparing for the worst-case scenario. That includes financial fraud, a serious crime that can have devastating consequences for small businesses. Learn the best practices to protect your company and safeguard your financial future.

Fraud is evolving — and small businesses are a target

For all of the internet’s benefits, it has also provided unscrupulous actors with a playground in which to commit new crimes. You may have already seen alarming headlines about fraud in recent years, with news reports screaming that online financial fraud is evolving faster than banks can keep up. The message is clear: it's a scary world out there.

There is some good news, though. With the correct due diligence, business owners can protect themselves against fraudsters. This is one area where following best practice guidelines to the letter really matters, and cutting corners can lead to disaster.

Why business accounts need extra protection

Unfortunately, business accounts are ripe targets for fraudsters. For one reason: they tend to involve more transactions. If you run a coffee shop, you might have dozens of transactions in a couple of hours as you take payments during the busiest time of the day. That's catnip for fraudsters.

There are also often larger amounts of money moving through business accounts than through your average personal account, especially if you're taking out loans. To make matters worse for business owners, business bank accounts often have less legal protection than personal accounts. All this means that they're seen as juicy targets for online criminals.

Common scams and how they work

There are dozens of scams out there, and professional fraudsters think of new tactics regularly. Realistically, you're not going to become an expert on every single type of scam; there aren't enough hours in the day, and as a business owner, you have enough on your plate. However, you should take the time to educate yourself on some of the most common scams. They include:

Invoice fraud

Businesses with lots of different suppliers, such as restaurants, are particularly vulnerable to this kind of scam. In invoice fraud, a fraudster will pose as one of your suppliers. They'll tell you that they've changed their details, including, crucially, their bank account number. Often, they'll request an urgent payment to this new bank account. Alternatively, they may provide an "easier" payment option, such as a QR code or a link, and request that you use it. Many victims only find out about this kind of scam sometime later, when the actual supplier gets in touch.

Prevent invoice fraud by always taking careful steps. You already have your supplier's contact information; if you receive an email or a call that seems suspicious, hang up and contact the supplier using the information you have on file. Be aware that some sophisticated fraudsters can spoof phone numbers, so it may appear that your supplier is calling you from a recognised number. Always check by calling the number you have saved, rather than hitting the "call back" button.

Keep in mind that fraudsters will often attempt to drive you into an emotionally fraught state; they may shout at you, demanding payment now, accusing you of being late on payments and threatening legal action. Always remain calm, and don't make any payments to a new bank account or use a new payment method unless you have absolutely verified that the information is correct.

Phishing and fake bank emails

You've probably heard of phishing before, as it's a very well-known scam, but people still fall for it every year, so the fraudsters don't give up. Phishing emails appear to come from a legitimate source, such as PayPal or your bank. Sometimes scammers even impersonate the tax office; in this case, they may try to make you panic by claiming that you owe a large amount in tax and you're facing imprisonment.

A phishing email might look very convincing, but there are telltale signs that it's fake. These include bad spelling and grammar, an unusual sense of urgency (phishers will often claim that you must respond within 24 hours or your bank account will be frozen), and requests for sensitive data like your password or bank account details. You may also notice that the sender's email address is actually slightly off: "Barc1ays" rather than "Barclays", for example.

Never click on a link in a phishing email. If you're not sure whether an email is real or not, call your bank, but don't call them using any phone numbers contained in the suspicious email, as it may also be part of the scam.

Account takeover attempts

An account takeover may be one of the scariest types of fraud. In a corporate account takeover, fraudsters gain unauthorised access to your business account. They may do this by using stolen credentials or bot attacks. An account takeover can also follow a successful phishing attempt.

Losing control of your business account presents huge problems for business owners. If you're a victim, contact your bank immediately, and report the crime to Action Fraud.

Practical steps to secure your business account

Small business cybersecurity is something that people often neglect. After all, you're not an IT expert. It's very easy to fall into bad habits, but doing this leaves you vulnerable to attacks. Business account fraud is a growing threat, but you can take proactive steps to reduce your risk.

To stop a devastating account takeover or other kinds of business banking fraud, follow these steps:

  • Use strong, unique passwords. You should never reuse passwords. Strong passwords are at least 14 characters long, with a combination of uppercase and lowercase letters, numbers, and symbols. Do not use words that can be found in a dictionary or anything that can be linked to you, like the name of a loved one or place. Change passwords regularly.

  • Enable two-factor authentication. When this is set, you'll need to use your email address, phone number or fingerprint to verify transactions or account information changes.

  • Monitor transactions daily. This doesn't mean a full bookkeeping audit, but it does mean checking your account for unexpected transactions.

  • Educate staff on scam awareness. Your staff training programme should include information about scams, particularly if your team members have access to your SumUp Dashboard or Business Mastercard.

Paying attention to cybersecurity can save your business from absolute catastrophe. Luckily, with the right habits and tools, you can run your business with confidence.

Remember, no business is too small to be targeted. Even if you're running a simple market stall, you could be targeted by scammers. All business owners should be vigilant.

How SumUp protects your account

One of the best ways to protect your business finances is by using a secure bank account. Security is a shared responsibility: your provider protects the system, you protect access to it. The SumUp Business Account is encrypted with 256-bit SSL and TLS protocols, designed to offer extremely strong data protection.

SumUp also gives you other business account security features. You can add two-factor authentication to your account, and use 3D Secure technology to verify payments made using your Business Mastercard.

If you have a SumUp Business Account, you'll find it easy to spot card fraud. Any transactions with your Business Mastercard are automatically added to Expenses: get into the habit of checking it regularly, looking out for payments you don't recognise. You can also turn on real-time alerts and get a notification every time the card is used. Pay close attention – scammers often make a small transaction as a test. If it goes unnoticed, they'll make another, much larger one a month or so later.

Arm yourself with the best tools to protect you from fraud

Get the secure account designed for small business owners.

Learn more

What to do if you suspect fraud

SME fraud protection is something that you must take seriously. If anything raises red flags, even if you don't actually fall for a scam, you should report it immediately to your bank or account provider. By proactively reporting, you can alert your provider to a potential risk. Fraudsters rarely give up, so awareness of possible scams is essential. Your provider may also be able to provide you with crucial steps you can now take to stop further attacks.

A second important step is contacting Action Fraud, the UK's national reporting centre for cybercrime and fraud. The more evidence you have, the better. Working alone, you're unlikely to get very far, but the team at Action Fraud have the experience and the tools to investigate. They also collect information to learn about how fraudsters operate, which is very useful in an age when fresh scams are constantly appearing. Alerting them protects you, and it helps other potential victims.

SumUp Team