Electronic payments are becoming more popular among small and midsize businesses. In a recent report by consulting firm Greenwich Associates, 43% of small companies and 55% of large middle market companies said they expect to increase the number of e-payments they make over the next 12 months.
Greenwich said companies are embracing electronic payments because they want to increase cash flow, improve security and lower costs. But e-payments come with their own security pitfalls.
Small and midsize companies may not realize that banks are not required to protect them from payment fraud, says Peter Bible, chief risk officer at accounting firm EisnerAmper. Under Regulation E, a regulation established by the Federal Reserve, banks are only responsible to protect “natural persons” (human beings), not corporate customers, from fraud.
“The law is written for people like you and me,” Bible says. “Until two or three years ago, when things were still done with checks and security was not really an issue for wire transfers, most companies had very good controls in place to keep theft from occurring. But the hackers have really taken this to a new level.”
Under the Uniform Commercial Code, banks are required to have “commercially reasonable security procedures” in place to protect corporate customers from, for example, unauthorized payments from their accounts. But beyond that rule, businesses are liable for payment fraud.
Even the banks that do make efforts to prevent payment fraud “don’t do a very good job,” Bible says. “Financial hacking has really been elevated to an art form over the last two or three years,” he says. “The credit card companies are very good at finding fraud. But the banks’ systems are just not that sophisticated.”
Payment fraud is a “huge concern,” particularly for smaller companies, says BC Krishna, president and CEO of MineralTree, an online payment tool provider. “It’s a very complicated problem, because fraudsters are generally ahead of the game,” Krishna adds. “There’s a gap between the current state of the defenses and the nature of the fraud itself.”
Though payment fraud is difficult to quantify, “many people say it runs close to $1 billion a year and that it’s growing,” Krishna says. “It tends to affect small and medium-size businesses, because they’re the ones that have the weak controls, as opposed to the larger corporations.”
Bible agrees. “For larger entities, they’re going to catch it if someone has hacked their bank account,” he says. “Most major companies have very good controls and they look at their cash activity daily if not hourly. But you just don’t have that luxury in a small organization.”
The Greenwich Associates survey also found that while companies are eager to embrace electronic payments, many are reluctant to recommend their current banks for e-payment services. The survey defined small businesses as those with revenues between $1 million and $10 million and large middle-market companies as those with revenue between $100 million and $500 million.