Of all the lessons we should learn from the high-profile data breaches of the past few years, a few of them are probably ones small businesses and banks probably haven’t given enough consideration. I’ll pose them here:
- Lesson No. 1: Unless they are egregiously flippant and callous about the impact on their customers, most big companies will survive a fraud incident – albeit bloodied and bowed – no matter how dramatic and well-publicized the breach is. The corollary to this is that small and medium businesses aren’t as invincible in the wake of an event.
- Lesson No. 2: Ignoring lesson No. 1 can spell disaster for a small or medium business, yet many of them are doing exactly that.
- Lesson No. 3: Financial institutions need to step up and support their business customers’ fraud-prevention efforts, because these critical components of the American economy are struggling with the issue.
The Javelin study “SMB Payments Fraud Report” underscores these lessons and many others that SMBs and banks alike should take to heart. Among the key take-aways of the report:
Small and mid-size businesses are at higher risk of payments fraud, and they experience significant damage when it occurs.
Small businesses are foregoing adoption of electronic payment methods – despite the time and cash savings such methods can provide – due to security concerns.
SMBs’ use of mobile banking tools is robust, but they’re not taking vital steps to secure mobile devices. In fact, mobile BYOD vastly elevates already-high mobile security risks for small and medium businesses.
Javelin researchers suggest several measures FIs can take to support business customers’ fraud-prevention efforts. Let’s put some perspective on their recommendations, which include:
1. Communicate with business account holders about security.
In fact, financial institutions should not only be proactive about this dialogue, they need to be downright aggressive. Ensuring business customers understand exactly what your organization is doing to secure their accounts can help them better use those same tools, as well as underscore your FI’s role as their knowledgeable, effective partner in fraud prevention.
2. Don’t encourage poor security behavior.
The Javelin study specifically mentions email links as a fraud faux pas, but sending customers links in emails isn’t the only poor security behavior financial institutions should avoid. By modeling good security habits, such as requiring account holders to change their online banking passwords every 30 days, your financial institution can help business customers better understand what they need to do to improve security.
3. Emphasize mobile security.
If you offer mobile access to accounts, your business clients are almost certainly using it to some extent. Yet they’re less likely to take necessary steps to secure their mobile activities, including using locks and passwords on mobile devices and setting strict BYOD policies for employees. Your dialogue with business customers about mobile security should begin before they even enroll, and continue throughout their use of your financial institution’s mobile tools. When a small or medium business experiences fraud committed through mobile channels, it is almost never the fault of the technology, but rather the failure of the user to employ it wisely. Still, SMBs are likely to hold your financial institution accountable for mobile fraud.
4. Make e-payments workable for business customers.
It’s ironic that small and medium businesses are making such extensive – and risky – use of mobile, yet eschewing e-payment tools because of perceived security risks. E-payment adoption offers many benefits for both businesses and their financial institutions. Your organization can encourage business account-holders toward e-payment adoption by offering multiple layers of security tailored to the client’s needs, and by offering them a fraud liability guarantee.
Let’s wrap this up with a final lesson: Business account fraud victimizes both the business and its bank. When it comes to fraud prevention, financial institutions and small/mid-size businesses are in the fight together. Supporting your business customers’ fraud-prevention efforts is a win-win for everyone.