2 Simple Steps To Make Your Online Banking Safer24th January 2017
Here’s an awkward moment: You’ve just sent off a payment to D Smith, but unknown to you, there are two D Smiths on your accounts and you’ve sent the money off to the wrong one...
That is exactly what happened to one of our clients.
They had two employees with the same surname and initial – a woman and a man. One, the man, had just left the company, but was never taken off the beneficiaries list on their online banking.
The next month, the lady in charge of payroll set up a payment to the wrong D Smith, to the tune of £3,000 – approximately three times his monthly salary.
They never got the cash back.
Mistakes like this happen the whole time with online banking.
It’s quick and convenient – which is both a strength and a weakness.
It also lacks checks and balances.
Once an employee has access to your online account, it can be hard to supervise what they are doing.
We live in a paperless age, and there is no paper trail. Nor is there necessarily anyone looking over their shoulder, to check they’re doing what they’re supposed to.
I know of at least one company owner who placed all the online banking administration in the hands of one member of staff in another corner of the building. Even the directors weren’t sure what she could do and what she had access to.
So how do you avoid mistakes – and even fraud – with your company’s online banking?
As I’ve emphasised over the past few blogs, you can’t rely on your bank to make sure that all your transactions are correct and above-board. While they all talk about IT security, they can’t control what happens in your offices, from your end.
It is up to you to create robust processes yourself, internally, so that your online banking is as safe and secure as it can be.
I recommend two steps.
First of all, no payments should be made online without a director having to sign a piece of paper authorising the payment. This creates the internal paper trail - just like, 10 years ago, a director had to sign all cheques.
Second of all, make sure as many people as possible are involved in each transaction.
For example, at Insight Associates, we make online payments on behalf of many of our clients (including payroll).
Each payment goes through four pairs of eyes before it is authorised. One person decides what payment is being made, another person altogether sets it up on the system. A third person will check that this has been set up correctly, and a fourth person approves it.
This dramatically reduces the chances of mistakes and of fraud. Had the client who sent a payment to D Smith had this in place, the mistake could never have happened – because a third party (quite literally….) would have checked all the payments were set up correctly.
We’ve had plenty of opportunities to refine our processes because we handle payments on behalf of so many companies – over the years, we’ve seen every scenario that can go wrong! So our methods are particularly robust.