Protect Yourself from Fraud by Verifying Payment Requests

Protect Yourself from Fraud by Verifying Payment Requests

At Pinnacle, we have an obligation to know our clients. We need to make sure that requests to withdraw funds, change information, authorize payments, open/close accounts and provide account details come from the rightful owners or authorized agents of those accounts. Fraudsters pose extreme threats to our clients if we fail to know who we are working with and ensure they have the authority to provide instructions for payments or alter account information.

We strongly recommend that our clients perform similar due diligence.

Why is this so important? Because money sent by wire transfer is highly unlikely to be recovered. Working together, we can protect you from phony requests.

Here are a few examples of scams that could affect your company:

  • Someone poses as an employee and requests a change of their direct deposit information, thereby routing their pay to an identity thief.
  • Someone alters the wire, ACH or check mailing instructions on an invoice, creating a significant loss to your business if internal controls aren’t effective at identifying fraudulent requests.

Just like your bank, it’s important to have sufficient control processes at your company to ensure you are dealing with an authorized person and a legitimate request.

Check the controls around your invoices and payments.
Criminals can hack email accounts, create look-alike email addresses, mask the true sender and address, comb social media for password clues, steal confidential information and more. For that reason, no one should initiate or request payment from their account (wire, ACH, Bill Pay or check) based solely on an email, fax or letter with an invoice or instructions for payment without first verifying that it’s a legitimate request.

A verbal confirmation call to a known contact at a known number is the best way to protect yourself against monetary loss due to a fraudulent payment request.

The following steps will help when researching the authenticity of any payment request:

  • If funds were sent to the beneficiary previously, look for changes in the routing and account number or the mailing address.
  • Has the invoice changed in any manner? Look at the time of month, payment type/terms, format, differences in font, tone, or delivery (a fax to Joe is now emailed to Joseph, etc.)?
  • Is the invoice unexpected? Did you already pay it, or is it requesting payment for something you don’t recognize?
  • Did an officer in your organization request payment for a new vendor or service provider?
  • Does the request for payment contain grammatical errors, unusual language or include “USD” or “USA” terms?
    • Examples: “Please revert back to me once the payment has been issued.”
  • Is there any unnecessary urgency or pressure being applied to send funds quickly?

If any of the above red flags exist, stop the payment request and conduct further research.

  • Do not communicate with your party via email or a phone number contained within the message or invoice. Use a known phone number from your company’s database or historical correspondence and explain your suspicions, i.e., bank number changes.
  • Notify your company leadership and your Pinnacle contact, outlining your suspicions.
  • If you received this request for payment from an internal source, make verbal contact with the submitter using your company’s internal phone list. Make sure you or the submitter made verbal contact to vet the request and confirm its authenticity before issuing payment or modifying account instructions.
  • Do not submit the payment or maintenance change unless you are 100 percent certain the request is valid.

If you determine the payment request is fraudulent, notify your company leadership and IT contact, then call your financial or treasury advisor to alert them, as well.

From there, you should find out how it happened and patch any holes in your systems and processes.

  • Determine if an email breach occurred or information was stolen in your office or with a vendor you use. Communicate accordingly.
  • Contact your Pinnacle financial advisor, financial advisor assistant or Treasury Management advisor and alert them to the fraud attempt, where the breach occurred, and how it was identified and being remediated.

Quick Links