November 20199growth and development often includes only a minimal amount of time dedicated to the measures and tools needed to protect against fraudulent electronic transactions that can quickly destroy everything they have achieved. Recognizing Our Dual RoleFor most community banks, the majority of their commercial portfolio is made up of small and micro-businesses. The expectation from these businesses is their banker act as both a banker and a trusted advisor who will protect them from fraud that results in a monetary and reputational loss. The fact of the matter is, while our institutions do have control over the solutions we provide to our commercial clients, we do not have control over the strength of their IT perimeter, their internal controls or operational practices. It is the responsibility of each small business owner to create, manage, and enforce internal policies and practices that minimize their risk of loss. The question for them is, to what extent do they know, understand, and accept ownership for those responsibilities? And the question for us is, in addition to offering a full suite of treasury products, what else can we as trusted advisors do to protect our customers from the risk of becoming a victim of payment fraud? Executing Our Dual RoleI believe that it is our job to assist our customers in identifying gaps and vulnerabilities they may have when conducting their daily business. Are they taking steps to ensure their computer does not get infected with a virus or malware? Can they identify phishing attempts to gain financial information? Do they have good practices in place that will protect them while sending or accepting electronic payments both online and at their storefront? Many times, we can help identify vulnerabilities by asking these questions during the onboarding process of a treasury product and making sure we're fulfilling our dual role as a product provider and trusted advisor. Once we have identified the gaps, then we can:1. Make sure they are taking full advantage of any available treasury fraud prevention products like positive pay, real-time alerts, and token authentication. 2. Advise them on how they should structure operational rules and guidelines, manage cybersecurity at both the enterprise and endpoint, and offer continuous cybersecurity awareness training to their employees. 3. Tell the real and sobering stories (leaving out the names to protect the innocent of course) that we see far too often. Most small and micro businesses have an attitude that they are immune from payment fraud because they are too small to be the target of an outside threat. The fact is that most hackers and digital thieves see them as ripe for the picking. I have seen too many instances where an employee has followed through with transmitting a fraudulent request based on receiving a spoofed emergency email from "the boss" instructing them to wire money out immediately.Most of the time, the result of these fake requests is an unrecovered monetary loss, a hard conversation between the banker and the business owner, and the risk of losing the commercial relationship to a competitor. On the other hand, if you as a banker and trusted advisor, are willing to go the extra mile upstream in the process to identify gaps, educate customers, and have honest conversations about existing threats, you may be able to ensure you have a customer that is loyal to your institution for life. BCMost small and micro businesses have an attitude that they are immune from payment fraud because they are too small to be the target of an outside threatMichael Purifoy
< Page 8 | Page 10 >