Business Debit Card Fraud

May 15, 2024

Compared to checks and cash, electronic funds transfer (EFT) can be a more convenient and secure way to pay for the goods and services your business needs.

However, EFT transactions – which include debit card payments, ATM withdrawals, and automated bill payments – aren’t immune to fraud. Business operators need to know how to respond.

In this article, we’ll explain the applicable laws, common EFT scams, how to proactively protect your business, and what to do if you’re targeted.

Understanding the Rules for Businesses
EFT fraud can strike individuals and businesses alike. But when it comes to reporting incidents, the rights and responsibilities of individuals and businesses differ significantly.

Personal account holders are covered by the Electronic Fund Transfer Act (15 U.S.C. ch. 41 § 1693 et seq.), implemented through Federal Reserve Board Regulation E. The Act says that if a consumer notifies their financial institution of a lost or stolen debit card or a suspicious transaction within two business days of discovering the incident, the consumer’s liability is limited to $50, and if they report it within 60 calendar days, their liability is limited to $500. Once a report is made, the financial institution must promptly investigate the claim and either credit back the funds or provide a detailed written explanation if it concludes that no fraud occurred.

Businesses, on the other hand, are not covered by the Electronic Fund Transfer Act. Instead, they are subject to the Uniform Commercial Code, specifically U.C.C. – Article 4A – Funds Transfer. Generally speaking, the Code holds businesses to a higher standard for monitoring their accounts and reporting anomalous activity. The Code does not specify an exact window in which a business must make a claim. Instead, the Code simply requires a “commercially reasonable” security procedure and “good faith” on the part of the financial institution, with the specifics left up to the agreement between the financial institution and the business.

In practice, this means that businesses are commonly required to report suspicious EFT activity within 24 hours. This is the case for business account holders at ENB. Your EFT agreement was provided at the time you opened your account, and you can request a copy at any time for your review.

It’s also worth noting that fraud protection services offered by debit card issuers (e.g., Visa or Mastercard) may go above and beyond these legal safeguards in qualifying circumstances. As with federal law, coverage typically differs between personal and business cardholders.

3 Types of Business Debit Fraud to Watch Out For
Like many other forms of cybercrime, debit card and ETF fraud is on the rise, and small and midsize businesses are increasingly at risk. Here are a few all-too-common swindles to guard against:

  1. Phishing: Scammers send emails posing as your financial institution or a supplier in an attempt to glean sensitive information like login credentials or account numbers. Tip: Navigate to sites yourself instead of clicking on emailed links.
  2. Invoice Fraud: Scammers send fake invoices that appear to be from a known vendor, but the payment instructions divert funds to the scammer’s account. Tip: Confirm payment details directly with vendors before making payments.
  3. Card Skimming: Scammers use a small electronic device known as a skimmer to capture your debit card information during otherwise legitimate transactions at ATMs or stores. Tip: Use your card’s tap-to-pay functionality whenever possible.

3 More Ways to Stay Safe
Beyond taking basic precautions to defend against EFT fraud, here are three more steps you can take to protect your business’s money and data:

  1. Sign Up for Online Banking: Gaining anytime, anywhere access to your accounts and enabling alerts makes it much easier to monitor debit activity. Sign in once a day to make sure that nothing is amiss.
  2. Consider a Business Credit Card: Compared to business debit cards, dedicated business credit cards may offer more robust fraud liability protection. Make sure you read all the terms and conditions carefully.
  3. Explore Insurance Solutions: Many businesses are now investing in cyber liability insurance to mitigate the risk of EFT fraud. Fidelity bonds may also provide protection against employee malfeasance.

What to Do if You’re Targeted
If your debit card, PIN, or online banking credentials have been lost or stolen, or if you notice a transaction you don’t recognize, call (877) 773-6605 for 24-hour assistance. For more tips on keeping your business safe, reach out to your business banker.