7 steps to avoid signatory fraud

Last week, we wrote about the problem of authorised signatory fraud. In this week’s blog, we offer a series of points on how to prevent it.

How to prevent your organisation from signatory fraud: 7 key steps

For individuals, SMEs, and small organisations and charities, the below is the best piece of advice we can give:

  1. Be aware of how signatory fraud works. See part one from last week

  2. Do not assume anything digital is authentic. Always be aware of the possibility of convincing-looking imposters.

  3. When dealing with transactions ensure you have at least one, and preferably several individual points of contact with whom you are conducting business. The school that lost £250,000 might not have done so had they had several individuals at the contractor company from whom they take the same instruction. Make it harder for fraudsters so they don’t just have to imitate a company, they have to imitate several named specific individuals within that company.

  4. When setting up payment instructions with your known individuals, speak to them over the phone or via video call in the first instance.

  5. When establishing a recipient, especially for substantial sums, in the first instance send a nominal amount, £1, to the authorised recipient. Confirm they have received it in person or over the phone or via video call. This authenticates the recipient.

  6. Never allow the recipient's bank details to be changed in any way, including by anyone claiming to be the recipient, without repeating steps four and five.

  7. Be aware of changes in the contact information. They could be a forerunner to fraudulent changes in transfer details. Again, if in doubt, check by phone.

The challenge of keeping authorised signatory data up to date

The challenge with big, dynamic organisations is that the individual people authorised to perform certain financial transactions, including processing invoices and authorising payments, frequently change roles, departments and even organisations. In addition, absence through parental leave, promotions and retirements can all disrupt a seemingly straightforward and secure process.

As a consequence, it’s a challenge to keep authorised signatory lists and processes current and accurate. If an organisation such as Google is able to fall foul of gaps in its system, it’s reasonable to assume there are potential vulnerabilities in every company or organisation.

For these bigger organisations, including companies, charities, educational establishments and football clubs, there is an additional layer of security we at Cygnetise are able to provide.

The Cygnetise blockchain application is trusted by some of the world’s most respected companies as a time saving, admin burden reducing, fraud resisting solution.

To find out more, contact us to determine if this could be an appropriate measure.

 
 
GovernanceLara Pizzato