How does a change of banking detail scam happen?
The scam operates by an innocent recipient receiving an e-mail or letter informing them that a particular supplier of theirs is changing their bank account details. The correspondence will almost certainly include the details of the new account. The letter/email will ask you to update your records accordingly with the consequence that future payments will be made to this account. The details are, of course, fraudulent with the consequence that monies are paid to the fraudster and not the supplier.
How can you prevent becoming a victim of this type of fraud?
There are a number of basic steps that can make it extremely difficult for your company to become a victim of this type of fraud. Below we set out some measures that you and your staff should consider employing to ensure that you do not become a victim:
- Maintain a good relationship with existing suppliers and know your contacts and be able to liaise with them.
- Always be wary of changing account details. If a request is received, confirm in writing and by telephone to the supplier.
- If talking to this ‘supplier’ on the telephone beforehand, they may ask about when you last sent payments to them, looking to see if you are still an active client. Again, ask to speak to contacts that you recognise and if necessary ask your contact to call you back.
- Confirm notifications for any changes of banking details via official correspondence with your suppliers (such as a letter) using their contact details that you have in your database, preferably before processing the next payment.
- Beware of supposedly confirmatory e-mails from almost identical e-mail addresses, such as .com instead of .co.za, or addresses that differ from the genuine one by perhaps one letter that can be easily missed.
- Instruct staff with the responsibility for paying invoices to scrutinize invoices for irregularities and escalating suspicions to a known contact.
- It is essential to make sure that you are certain of the identity of the person your business is dealing with at all times. Consider setting up designated ‘Single Points of Contact’ with companies to which you make regular payments.
- Ensure that your company’s private information is not disclosed to third parties who are not entitled to receive it, or third parties whose identities cannot be rightfully verified.
- Rather shred your business and suppliers invoices or any communication material that may contain letterheads, than to discard in rubbish bins.
- Consider reviewing previous requests to change account details to confirm whether they were genuine or not
- To avoid your customers acting on an instruction purporting to be from you, alert them to this type of fraud.
- Ensure that you confirm any change of banking details with someone you usually deal with at the organisation before making any changes to beneficiary accounts. When calling the organisation to confirm the changes to banking details, use a number from the telephone directory and not the number on the letterhead or fax, as you will in all likelihood be calling the fraudster.
- Question whether well-known companies would change their banking details without notifying people through more formal channels.
What can you do as a victim of this type of fraud?
Once you are a victim of this type of fraud it is always prudent to first notify the Police.
- You can also commence a civil recovery of these monies against the fraudster. It may also be necessary to use tracing proceedings to trace the identity of the fraudsters or even freezing injunctions to freeze their assets of the fraudsters.
- Finally, check with your insurer to see if it is an insurable loss.
Please remember that electronic payments are made based on the account number only. Any account name given is not routinely checked as part of the automated payment process. This is the same for all South African Banks. It is your responsibility to ensure the account details being used are correct, by conducting an independent verification.