Small Business Banking Risks

As a Business, You're on your Own

Image Source/Getty Images

To run a business successfully, you need to do a lot more than just serve your customers – you also need to manage the business. Handling the company bank account might not be the most difficult task in the world, but business accounts are different from your individual account in an important way: they come with a lot more risk.

No “Consumer” Protection

With your personal accounts, there’s less at stake.

Federal law protects you if somebody hacks into your account or uses ACH to make unauthorized withdrawals from your account (to get your money back, you need to notify the bank quickly – within 2 days is best, but you can limit your losses to $500 if you notify the bank within 60 days). But those laws don’t apply to business accounts, so you might have to eat the loss if it happens in your business account.

Banks are of course allowed to replace any money that left your account fraudulently, but they aren’t required to. In a 2012 study, Guardian Analytics found that banks replaced funds lost to ACH or wire fraud only 25% of the time. If your bank doesn’t replace stolen funds, you can take legal action against your bank (showing that it was their fault), or you can try to recover the funds from the thief yourself, but you don’t have many attractive options.

To make matters worse, thieves can steal money that you don’t even have.

If your business has lines of credit open, somebody can get into those as well and you’ll have to repay the loan just as if you used the funds for operations. If you made personal guarantees on those loans, the problem can quickly move from your business to your personal life.

The Risk

Just how vulnerable are your accounts?

It depends on numerous factors, including how you access your accounts and whether or not you have employees. Even if you’re a sole-proprietor who does everything at the branch, the threat is increasing.

You already know that running a business is risky, and you can’t let fear ruin all the fun. However, it always helps to know what could go wrong.

Hackers: hackers are very interested in business accounts. They know that those accounts hold large balances, and large withdrawals are common in business accounts. Multiple people within the organization might have access to those accounts, so it’s easy for everybody to assume that somebody else authorized a transaction. Hackers can get into business accounts by installing malware remotely (which helps them steal account credentials or other useful information), or by using social engineering.

Employees (and former employees): it’s hard to imagine anybody you know doing this, but sometimes people steal from their employers’ bank accounts. Anybody who has access to bank accounts could potentially cause problems, whether they make withdrawals in-person, print fake checks, or set up electronic withdrawals to fake vendors. Occasionally you’ll see the signs of this type of activity, but the best way to protect your business is to keep an eye on your accounts and understand every transaction.

Small businesses are especially vulnerable to hackers and employee theft. Larger enterprises have the resources for more robust security controls, but small operations tend to make do with less.

Types of Accounts

If you don’t think of yourself as a “business,” are your bank accounts protected? In general, any account that is not a personal account is at risk, including:

  • Nonprofit organizations (charities, HOAs, etc.)
  • Individuals operating a business as a sole-proprietor
  • Trust accounts

If you’re not sure what type of account you have, contact your bank and ask. Find out what types of protection are (and are not) available to you. You might find that your bank – or a card issuer like Visa or MasterCard – offers some level of protection, even though it’s not required by law.

Prevent Problems

What can you do to protect assets in your business bank accounts?

The main thing is to monitor accounts so you can detect problems before they get out of hand. But there are also ways to make it harder for thieves to steal cash.

Be sure to use all of the security features available from your bank (you might already be required to use many of these, but some features are optional). In addition to bank solutions, you can train staff and limit how you use your accounts. Finally, you can try to insure against loss.

Multi-factor authentication: to make it harder for thieves to login, use tools that require at least a “trusted” computer – or better yet, a password that’s bolstered by a text message sent to your phone. If an additional code is required to log in, thieves will have a harder time getting into your accounts. Learn more about Multi-Factor Authentication.

Dual control: to reduce the risk of employee theft, set your accounts up so that multiple people have to approve transactions. You’ll always have at least two sets of eyes on your accounts (and you can be one of the approvers if you want), which means one bad apple can’t get away with anything significant.

Debit block and Positive Pay: you can also instruct your bank to block certain transactions – or only approve the ones that you’ve authorized ahead of time. This prevents people from printing fake checks that draw on your account and from making electronic withdrawals that might look like routine payments to vendors or service providers. For more information, see How Positive Pay Protects Against Fraud.

Alerts: although it’s best to prevent problems before they happen, alerts can at least help you discover ongoing theft. Instruct your bank to send text messages or emails based on certain criteria (like large transactions or password changes).

Cybersecurity insurance: even if you’re careful, thieves may find a way to steal money. If you want to be especially safe, consider an insurance policy that will replace stolen funds. The market for these products is still developing, but there are a few options out there.

Dedicated computer: hackers find a way into your bank account by installing malicious software (like keyloggers) on your computer. As you surf the web (reading news, using social media, and even researching suppliers), you increase the risk of picking up malware. Instead of using the same computer for everything, set up a computer that you only use for financial transactions like online banking. Of course, you’ll want to keep that computer’s security software up-to-date. Another option is to use a virtual machine or live CD for banking.

Beware social engineers: hackers can get a lot done with automated software, but sometimes you and your employees give them a hand. Thieves may call or write about seemingly insignificant topics – but they’re really gathering information that they’ll use to get into your bank accounts. They can find a lot of what they need online (so it’s easy to sound like they know you and have a relationship with you or your company). Be cautious about who you give information to, and train your staff to watch for social engineering.