Spencer Fane LLP Logo

Payment Fraud Losses Increase for Community Banks

The 2012 payments fraud survey conducted by the Federal Reserve Bank, in coordination with the Independent Community Bankers of America, reports that 96% of the financial institutions surveyed have experienced payment fraud losses, and that over 50% of the financial institutions reported their payment fraud losses had increased over 2011. That’s no surprise to community banks in Missouri. I receive at least one telephone call every day regarding a payment fraud situation so I know that these fraud losses are increasing for Missouri banks.

Signature debit card fraud topped the list with the greatest number of fraud incidents according to the national survey. The next greatest number of incidents was from PIN debit card fraud, followed closely by traditional paper check fraud. The most used fraud schemes are counterfeit or stolen debit cards used at point of sale (80%), counterfeit or stolen debit cards used online (68%), counterfeit checks (41%), altered or forged checks (29%), fraudulent Internet or other electronic payments (20%), and account takeover of customer accounts (7%). The electronic takeovers of corporate accounts generally constitute the most significant dollar losses when they occur but, fortunately for community banks, only 7% of community banks report experiencing corporate account takeovers. For community banks, debit cards continue to be the area responsible for the highest dollar losses.

Although the fraudster has ultimate liability for the fraud loss, the fraudster rarely can be found so the liability for the fraud loss generally is shifted to the bank. If it is a consumer account, the Electronic Fund Transfer Act and Regulation E limit the consumer’s liability to a maximum amount of $50 provided the consumer promptly reports the fraudulent activity, making the bank liable for the remainder of the fraud loss to the consumer. On the other hand, if it is a commercial account, the Missouri Uniform Commercial Code Article 4A generally permits the bank to shift the liability for fraud loss to the commercial customer if the following four requirements are satisfied: (1) the bank has adopted commercially reasonable security procedures; (2) the bank and the customer have agreed to use these security procedures to verify the authenticity of the customer’s payment orders; (3) the bank has in fact employed these security procedures; and (4) the bank has acted in good faith and in compliance with any written instruction from the customer. Conversely, if the bank does not satisfy all of these four requirements, the bank generally will be liable for the entire fraud loss.

The obvious question is: How can community banks in Missouri reduce the risk of payment fraud? The national survey reports that 68% of financial institutions said that key changes in risk management practices would reduce payment fraud.  The top key changes are enhanced fraud monitoring systems, staff training, enhanced internal procedures and controls, increased use of risk management tools offered by financial service providers, and enhanced method to authenticate customers.   To give you an idea of some of the ways to reduce the risk of payment fraud, the survey listed the following internal controls and procedures ranked by financial institutions as to their effectiveness: (1) reconcile bank accounts daily, (2) dual control and separate duties within the payment processes, (3) dedicated computer to conduct transactions with financial service provider, (4) authentication controls to payment processes, (5) logical access controls to network and payment applications, (6) address exception items timely, (7) physical access controls to payment processing functions, (8) periodic internal and external audits, (9) verify controls applied via audit or management review, (10) transaction limits for payment disbursements, (11) review card-related reports daily, (12) transaction limits for corporate card purchases, (13) separate banking accounts by purpose or payment type, (14) employee hotline to report potential fraud, and (15) restrict employee Internet use from bank’s network.

As a closing note, payment fraud losses continue to increase for Missouri community banks. I hope that this article has given you some ideas on how to combat these fraud losses in your bank.