Open Forum

Expand all | Collapse all

#Accounting - Fraud

  • 1.  #Accounting - Fraud

    Posted 5 days ago
    Hello,

    I wanted to get some information from the group on how your organization handle fraud when receiving banking information from vendors?

    For example, do you ask vendors to fill out a "direct deposit form?"  If so, how do you receive that information and what steps do your organization take to protect from fraud?

    Thanks and looking for to your replies.

    Best,
    Karen

    ------------------------------
    Karen Kellibrew
    Administrative and Accounting Assistant
    American Society of Health-System Pharmacists
    Bethesda MD
    ------------------------------
    Conference-GPUG_200x200


  • 2.  RE: #Accounting - Fraud

    SILVER CONTRIBUTOR
    Posted 5 days ago
    Hi Karen,
    In addition to having a standard form we ask vendors to provide us with, we also have a policy of always verbally confirming the info over the phone. Our bank (JPMorgan) is pretty insistent on that practice.

    Best,
    Mary

    ------------------------------
    Mary Palmer
    Director of Reporting
    Motion Picture Association, Inc.
    Sherman Oaks CA
    ------------------------------

    Conference-GPUG_200x200


  • 3.  RE: #Accounting - Fraud

    Posted 5 days ago
    Hi Karen,
    Here is what I have discussed with our Finance Department.

    We have a form or we would take the information via email.  Once we get that, someone from Finance would call to verbally confirm the numbers with the phone number we have on record.  If they leave a voicemail, when the person calls them back, I instructed our people to tell them they will hang up and call them right back.  We want to verify not only that we have the right account numbers, but we are talking to the right person.  Technology these days allow people to spoof Caller ID.

    Here is a possible scenario that we are considering and have steps in place to mitigate:
    Customer gets breached.  So Hacker can read Customer A email.  Hacker sends email with bogus account numbers to Finance.  Finance receives email, and calls to verbally confirm, leaves voicemail.  Customer has a modern phone system where voicemails are delivered to the user's inbox.  Hacker gets voicemail, deletes it from the inbox, and calls Finance to confirm numbers as Customer.  We would have a problem.

    So to mitigate, we would have Finance tell the caller we are going to call them back and does so with our number on file to confirm we are talking to the company and not someone spoofing the Caller ID.

    Just another layer of protection we can add that takes an extra moment.

    ------------------------------
    Dave Magalen
    IT Manager
    Aurora Plastics
    Streetsboro, OH
    ------------------------------

    Conference-GPUG_200x200


  • 4.  RE: #Accounting - Fraud

    Posted 5 days ago
    No matter what kind of written information request form you have, each and every time you send money electronically, you should call and verbally confirm that the information is still accurate.  Never confirm via email.  Always call your known contact.  We still verbally confirm ACH debit and wire instructions verbally for each and every transmission with vendors we have used for 20 years.

    ------------------------------
    Laura Susko
    Director, Tax & Accounting
    Levy Family Partners
    ------------------------------

    Conference-GPUG_200x200


If you've found this thread useful, dive deeper into User Group community content by role