Last week we wrote about the problem of authorised signatory fraud. In this week’s blog we offer a series of points on how to prevent it.
For individuals, SMEs, and small organisations and charities, the below is the best piece of advice we can give.
Be aware of how signatory fraud works. See part one from last week
Do not assume anything digital is authentic. Always be aware of the possibility for convincing looking imposters.
When dealing with transactions ensure you have at least one, and preferably several individual points of contact with whom you are conducting business with. The school that lost £250,000 might not have done so had they had several individuals at the contractor company from whom they take the same instruction. Make it harder for fraudsters so they don’t just have to imitate a company, they have to imitate several named specific individuals within that company.
When setting up payment instructions with your known individuals, speak to them over the phone or video call in the first instance.
When establishing a recipient, especially for substantial sums, in the first instance send a nominal amount, £1, to the authorised recipient. Confirm they have received it in person or over the phone or video call. This authenticates the recipient.
Never allow the recipient bank details to be changed in any way, including by anyone claiming to be the recipient, without repeating steps four and five.
Be aware of changes in the contact information. They could be a forerunner to fraudulent changes in transfer details. Again, if in doubt, check by phone.
The challenge with big, dynamic organisations is that the individual people authorised to perform certain financial transactions, including processing invoices and authorising payments, frequently change roles, departments and even organisation. In addition, absence through parental leave, promotions and retirements can all disrupt a seemingly straightforward and secure process.
As a consequence it’s a challenge to keep authorised signatory lists and processes current and accurate. If an organisation such as Google is able to fall foul of gaps in their system, it’s reasonable to assume there’s potential vulnerabilities in every company or organisation.
For these bigger organisations, including companies, charities, educational establishments and football clubs, there is an additional layer of security we at Cygnetise are able to provide.
The Cygnetise blockchain application is trusted by some of the world’s most respected companies as a time saving, admin burden reducing, fraud resisting solution.