Fraud prevention checklist

January 31, 2022

Help protect your organization against fraud.  

 

Protect your organization through established controls and scheduled periodic reviews. 

Use the checklist below to help maintain a strong fraud prevention program. View a PDF version.

 

Internal procedures and controls

Establish fraud prevention best practices and responsibilities

  • Educate personnel regularly on the importance of safeguarding sensitive information, following established procedures and preventing fraud losses
  • Ensure your staff understands they have the most important role in preventing fraud losses
  • Refresh training regularly
     

Establish clear division of duties and access 

  • Separate account receivables and account payables functions and processes
  • Limit financial data access only to employees if there's a business need; follow the need-to-know principle 
     

Ensure procedures are being followed

  • Conduct surprise audits 
  • Review transactions before they leave the company
  • Verify out-of-pattern payment instructions from internal employees
  • Review downstream processes for cyber security and fraud mitigation
     

Use a second communication channel to validate payment related requests, including:

  • Payment requests from customers and company personnel, including senior officials
  • Requests from vendors to change payment instructions 
     

Update signing authority

  • Review and update bank signature cards routinely
  • Remove executive signatures from your annual report to prevent illegal scanning and use

Online fraud protection and controls

Protect your workstations

  • Update operating system, software, anti-virus, and malware protection
  • Limit personal email and Internet use on computers used for online banking activities
  • Back up data on separate servers regularly as this helps mitigate ransomware attacks

Prevent malware infection

  • Use caution when downloading applications, documents, installing software, opening email attachments
  • Beware of download requests from pop-ups or advertisements
  • Consider using an anti-malware application, as well as a firewall
  • If you believe that your cyber environment was compromised, engage an outside cyber forensics firm to complete a comprehensive review

Safeguard your communications and confidential data

  • Avoid using email to send confidential information but if you must, consider using encryption software
  • Truncate all but last four digits of account numbers in communications

Establish separate controls for your business online banking application

  • Require approvals to authorize ACH, wires, remote deposits and adding users or changing user profiles
  • Ensure initiators and approvers use different workstations and require DUAL approvals
  • Require use of security tokens, with strong authentication, for payment applications
  • Review employee access privileges and limit system administrative rights
  • Remove privileges for terminated employees
  • Ensure user access and entitlements are up to date and accurate
  • Ensure users know their system webpages and functionality, so suspicious content is easier to spot and is reported quickly to the bank

Monitor account balances and activity daily

  • Report any suspicious activity immediately to your bank and alert your users
  • Activate notification features in online banking applications

 

Paper check controls

Check approval practices

  • Preauthorize high dollar value checks before the checks are written
  • Do not sign checks without the recipient and amount information completed

Review your check stock controls

  • Select a highly qualified, established check vendor
  • Use a different style of checks for each account for easy recognition
  • Incorporate security features into check design
  • Store blank checks and check printing equipment securely
  • Limit the working supply of checks removed from the secure area

Check processing controls

  • Monitor check orders to ensure receipt of exact quantity

 

U.S. Bank fraud prevention solutions

For SinglePoint® online access

  • Install IBM® Trusteer Rapport® to detect and eliminate malware (free to SinglePoint users)
  • Receive payment service alerts by email, text, or fax: SinglePoint Alerts & Notifications

For paper check disbursements

  • Review exceptions daily and make payment decisions: SinglePoint Positive Pay
  • Review payee exceptions daily, make payment decisions: SinglePoint Positive Pay - Payee Option
  • View check images online, eliminate storing cancelled paper checks: SinglePoint Image Access and SinglePoint Image File Delivery
  • Reconcile accounts daily or monthly: U.S. Bank Account Reconciliation (ARP)
  • Outsource check processing to eliminate the storage of check supplies: SinglePoint Check Payables

For deposit-only

  • Place blocks on accounts to prevent unauthorized debits: U.S. Bank Check Filter Service
  • Reconcile deposits weekly or monthly: U.S. Bank Deposit Reconciliation Service

For ACH transactions

  • Ensure dual authorization is required: SinglePoint ACH Origination
  • Ensure approvers are vigilant in their final review and approval of all outbound monetary transfers
  • Set appropriate transaction limits for each initiator and approver of monetary transfers
  • Review exceptions online for incoming ACH (debits): SinglePoint ACH Positive Pay
  • Track ACH Positive Pay authorization status: ACH Filter Rejected Item report, ACH Filter Authorizations report: SinglePoint Information Reporting
  • Prevent ACH originators from debiting your account: ACH Block, Business Check Block
  • Control access to your account by customer ID and dollar amounts: ACH Filter

For wire transfers

  • Ensure dual authorization is required, especially for non-repetitive transfers: SinglePoint Wire Transfer 

For regular review of your account information

  • Review your accounts online, at any time: SinglePoint Information Reporting.

 

U.S. Bank is committed to helping you meet your treasury management needs including fraud prevention. To learn more, contact your U.S. Bank Relationship Manager or Treasury Management Consultant. To find a consultant near you, email a request to TreasuryManagementSolutions@usbank.com.

Related content

How to avoid being the victim of a digital payments scam

Cybercrisis management: Are you ready to respond?

Dear Money Mentor: What is cryptocurrency?

How to keep your assets safe

Webinar: How to stay safe from cyberfraud

Automate accounts payable to optimize revenue and payments

Recognize. React. Report. Don't fall victim to financial exploitation

Learn to spot and protect yourself from common student scams

Protecting elderly parents’ finances: 6 steps to follow when managing their money

Risk management strategies for foreign exchange hedging

How to spot an online scam

Is your employer long term disability insurance enough?

Small business growth: 6 strategies for scaling your business

Manufacturing: 6 supply chain optimization strategies

Healthcare marketing: How to promote your medical practice

Liquidity management: A renewed focus for European funds

5 questions you should ask your custodian about outsourcing

Reviewing your beneficiaries: A 5-step guide

How to protect your digital assets in your estate plan

Webinar: Approaching international payment strategies in today’s unpredictable markets.

10 ways a global custodian can support your growth

4 strategies for coping with market volatility

What is a CLO?

Webinar: Mobile banking tips for smarter and safer online banking

How to choose the right custodian for your managed assets

Webinar: How to fight off fraud

Webinar: Protect yourself or your loved ones from elder fraud

Authenticating cardholder data reduce e-commerce fraud

Increase working capital with Commercial Card Optimization

Fraud prevention checklist

30-day adulting challenge: Financial wellness tasks to complete in a month

The mobile app to download before summer vacation

4 ways to outsmart your smart device

Money muling 101: Recognizing and avoiding this increasingly common scam

What you need to know about identity theft

What you need to know about financial fraud

From LLC to S-corp: Choosing a small business entity

5 tips for seniors to stay a step ahead of schemers

Recognize. React. Report. Caregivers can help protect against financial exploitation

Is online banking safe?

Identity stolen? 5 steps to take immediately

How you can prevent identity theft

Webinar: U.S. Bank asks: Are you safe from fraud?

8 tips and tricks for creating and remembering your PIN

Alternative investments: How to track returns and meet your goals

Hospitals face cybersecurity risks in surprising new ways

Higher education strategies for e-payment migration, fighting fraud

Webinar: Cash management strategies for higher education

3 tips to maintain flexibility in supply chain management

5 steps you should take after a major data breach

Cybersecurity – Protecting client data through industry best practices

Why KYC — for organizations

Post-pandemic fraud prevention lessons for local governments

BEC: Recognize a scam

Fight the battle against payments fraud

The latest on cybersecurity: Vulnerability testing and third-party software

The password: Enhancing security and usability

Tactical Treasury: Fraud prevention is a never-ending task

3 timeless tips to reduce corporate payments fraud

The surprising truth about corporate cards

Understanding and preparing for the new payment experience

White Castle optimizes payment transactions

Protecting cash balances with sweep vehicles

Avoiding the pitfalls of warehouse lending

4 tips for protecting your business against Coronavirus-related scams

Proactive ways to fight vendor fraud

The latest on cybersecurity: Mobile fraud and privacy concerns

How to improve your business network security

The benefits of a full-service warehouse custodian

Webinar: A closer look at U.S. Bank AP Optimizer

How to improve digital payments security for your health system

Webinar: Fraud prevention and mitigation for government agencies

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Webinar: Robotic process automation

U.S. Bank and SinglePoint are registered trademarks of U.S. Bank National Association. IBM® and Trusteer Rapport™ are registered trademarks of the International Business Machines Corporation registered in many jurisdictions worldwide. U.S. Bank makes no warranty of any kind as to the effectiveness of the Trusteer Rapport software. U.S. Bank is not responsible for and does not guarantee the products, services, or performance of third parties.
Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.