By Andy Clark
With an increase in the use of online banking and a rise in cybercrime, businesses need to understand their use of online banking and have controls in place to circumvent risk and potential fraudulent activity. Controls will vary based on the size of the entity and the resources available to that entity. The following are common controls that should be considered when online banking is being utilized.
Access security – Each individual with access to the businesses online banking accounts should have their own unique ID and password. Passwords should contain various attributes and the more complex the password, the better chance that it will protect against unauthorized attempts to gain access.
Volume limits – Limiting the number of transactions per day and having a threshold for each individual transaction can protect against potential loss if unauthorized activity occurs.
Limited payees and positive pay – Management should review a list of vendors regularly to ensure the list is accurate and complete. Positive pay allows a company to send a list of checks and the details of those checks to their bank. When those checks are submitted on the account, it will allow the bank to confirm the details and reject unauthorized disbursements.
Bank reconciliations – Management should ensure that timely reconciliations are being performed on all bank accounts.
Notifications – Most online banking accounts allow the user to set thresholds, and if those thresholds are met, a notification email is sent to the users listed. Having a notification system in place that cannot be overridden by any one individual can decrease an entity’s susceptibility to questionable transactions.
Activity logging – Management can obtain activity logs for their online accounts and review each employee’s activity. If employees know their activity is being monitored, it can decrease the risk of fraudulent behavior and make the employee feel as if they lack opportunity.
Regardless of the entity’s size and resources, some of the above controls can be utilized in order to limit risk. Each level of security put into practice decreases the entity’s risk of fraudulent activity.
Read the full article on the AICPA’s website.