indicatorCybersecurity and Fraud Protection

How to protect your business from wire fraud

By ATB Financial 1 April 2021 5 min read

What is wire fraud?

Fraud is a form of theft, where the fraudster misrepresents themselves for their own personal or financial gain. There are many different types of fraud—wire fraud involves the transfer of money using some form of electronic payment processing, such as a wire transfer or Interac e-Transfer®. Commonly, this looks like a seemingly reasonable request to pay off an invoice, change a contractor’s banking information, or transfer funds to help someone in need. 

Protect your business

To help protect your business from wire fraud, begin with these 4 steps:

  1. Educate yourself and your team on potential red flags.
    Ensure that all staff involved in sending money electronically become proficient at identifying these behaviours.
  2. Use the security measures provided by ATB Business.
    In particular, take advantage of custom permissions, approval processes and limits. 
  3. Consistently apply mitigation strategies.  
  4. If in doubt, reach out. Wire transfers can’t be cancelled once sent, so if you or your staff have any concerns or questions, it would be wise to contact ATB Client Care at 1-800-332-8383 before proceeding.

Read on to learn more about how each of these steps can help protect you and your business.

1. Educate yourself and your team on potential red flags. 

Make sure that you and your staff can recognize these common red flags, which can  include:

  • Requests to change a beneficiary’s information
    Confirm changes directly with a verified contact of the beneficiary, such as your vendor, client or another reliable source.
  • Inconsistent behaviour
    The nature of the request is inconsistent with previous behaviours. For example, a request to send a wire overseas when a similar request has never occurred previously with that vendor.
  • Odd timing
    A request for a wire to be sent at an odd time of the day—in the middle of the night, for example.
  • Targeted fraudulent emails, also called spear phishing
    Fraudsters can be extremely well researched in the types of transactions your business conducts. With this research in hand, they send targeted emails directing employees to execute a series of wire transfers without following regular protocols.
  • Request for confidentiality
    It’s unlikely that a genuine request from a verified beneficiary needs to be kept completely confidential. At a minimum, confirm the request with your administrator.
  • Urgent requests
    Requestor says that they’re too busy to verify the request in person or on the phone. They might say they’re just getting on a plane and will have no access for an extended period of time, for example.
  • Poor grammar
    Spelling mistakes, use of odd or inappropriate words, awkward phrasing, grammatical errors.
  • Spoofed email address
    A fraudster may use an email address that looks very similar to that of a real vendor or client that you have completed several legitimate transactions with. For example, the email address may end in .com when it should end in .ca. Carefully review the email address, as well as the sender’s name.
  • An elaborate story
    Use of a story that incites sympathy, such as a death or tragic illness when requesting a wire. Changes to beneficiary information should always be considered with caution, especially in a business context. 
  • Avoiding in-person or phone communication
    If the requestor won’t confirm details in person, over video chat or on the phone, this may be a sign that their voice or face would identify them as a fraudster.
  • Requesting a wire be sent to a sanctioned country
    The requestor asks for a wire to be  sent to a country that is considered high risk (such as China, Indonesia, Russia or Iran).

2. Security Measures

Here are some security measures that have been put in place to help protect your business.

  • Permissions
    ATB Business allows you specify which individuals within your organization can send a wire transfer, based on their role. Exercise caution when setting these permissions, keeping in mind that wires are irrevocable. This means that after a wire has left ATB it may not be possible to retrieve the funds. Only assign wires permissions to trusted staff, trained to recognize red flags and risky behaviour.
  • Approvals
    The use of the approval process is strongly recommended, especially as it relates to the wires service. You can choose to set up an approval process organization-wide, on individual user roles or both. A wire which has not received the sufficient number of approvals will automatically be rejected at 2pm on the day that it was scheduled for. This process helps ensure there is oversight into any wire sent from your organization’s accounts.
  • Limits
    Limits can work in tandem with approvals. They can be set as either single transaction limits or daily limits. They can also be customized according to the user role. This would allow you to enforce stricter limits to less experienced or senior staff, for example. It also allows you to mitigate the risk of wires requests which are outside the normal pattern for your business. For example, if you regularly pay invoices for $25-50K, it might make sense to enforce a limit at $55K.

3. Create a fraud mitigation plan

“Exceptions to the rule” are a fraudster’s best friend. The more consistently your organization works to train staff, look out for red flags and take advantage of built-in security measures, the better protected the organization will be from fraud.

Simple, easily integrated plans and processes will allow employees and executive teams to remain calm in the event a cyber security issue arises. 

Your plan should include the following:

  • Rules and regulations on how to protect your sensitive business information, computers and networks from cyber attacks.
  • Thorough employee training on security principles and how to identify red flags for fraud.
  • The creation and distribution of an easily accessible contact list so your employees can get a hold of the right person, at the right time.
  • A yearly mandatory fraud training program to equip your employees with the knowledge and confidence of detecting and mitigating fraud.
  • As part of your fraud training, you should establish steps on how to respond to a cyber security issue. Customize these steps and action items based on each individual’s role in the organization to ensure the right processes are being implemented at the right time, by the right people. 

4. If in doubt, reach out

Remember, wire transfers can’t be cancelled once sent, so if you or your staff have any concerns or questions, contact ATB Client Care at 1-800-332-8383 before proceeding.

Protect your business from cyber threats

ATB's Cyber Security Toolkit is full of tips that are easy to implement in your business.

Need help?

Our ATB Business Solutions team will be happy to assist.