How is online banking a major gateway for fraudsters & scammers and how to avoid becoming a victim

30th Jun 2021
Brought to you by
Share this content

Earlier this month, the BBC reported that Lloyds Bank and Halifax were closing 44 branches. This comes just a short time after Santander announced it was closing over a hundred branches. These closures are yet more evidence that online banking is fully entrenched in the UK. It’s convenient and fast, so it’s no wonder that people are attracted to it. Unfortunately, as more people move to online banking, fraudsters follow. Online banking has become a gateway for scam artists looking to take advantage of businesses and their customers. If you run a small business and accept online payments it’s vital to understand online banking security, be aware of internet banking scams, and know what you can do to protect your business, including making payment requests securely. Ordo is a payment solution for small businesses that ensures you can issue invoices and receive payments online safely.    

Is online banking secure?

recent study of online banking apps shows that security varies by bank. The banks that offered the most security used strong encryption and required users to login using multiple pieces of information – a method referred to as Strong Customer Authentication (SCA).   

Even though the security of internet banking apps varies by bank, hands down, the biggest threat to online banking safety is use of a compromised device. In general, it is more secure to do banking on your mobile phone through a certified banking app than through a browser on your home or office computer. This is because the banking apps are evaluated by Apple and Google. Scammers can easily install software into computers to record your keystrokes and determine your username, passwords, debit card number, and bank account details, but it’s more difficult to install this type of software on mobile devices. Finally, if you do lose your mobile phone, it is simple to remotely lock the device, protecting your information. The same is not always true for your computer. 

Scams that impact small businesses

Although online banking is largely secure, fraudsters know its vulnerabilities. They take advantage of the fact that transactions occur remotely to pose as legitimate organisations in order to trick you and your clients out of money or gain access to your data. If you accept online payments, or if you accept card payments as a small business, from customers or issue invoices online, it’s likely that you have a lot of customer data in your system that fraudsters would love to get their hands on, not to mention all the PCI compliance you have to grapple with if you take card payments. Therefore, increasing your knowledge of scams not only protects you, but also your customers. Some of the most prevalent scams that target small businesses include: 

  • Phishing – Scammers create emails that aim to dupe you into thinking you’re dealing with a legitimate company or person. By clicking a spoofed link, you accidently provide access to your company’s data including bank account numbers and customer details. For a scam to be successful, it only takes one person to click a link, so usually the phishing email is sent to everyone in a company. 
  • Fake Invoices – This scam targets your accounts payable department. Fraudsters send a fake invoice that appears to be from a trusted vendor, but the bank account details are changed. It is only after you process the payment and send money that you realise you have paid the wrong business. 
  • Invoice interception – Fraudsters have a catalogue of algorithms that search for emails containing telltale words and phrases like ‘payment request’, ‘invoice’, ‘bill’ and so on. They will hack into these emails, change the bank account numbers in the email or on the invoice to their own, and forward the email onto its intended recipient. The loyal client pays, but of course, the money goes into the fraudster’s account and not the business – leaving behind two innocent victims, out of pocket. 
  • Bank Transfer Fraud - Bank transfer fraud or Authorised Push Payment Fraud, happens when a fraudster tricks someone into transferring their money to a fraudulent account. This commonly occurs when a person is contacted by a scam artist via email or phone impersonating a trusted business or a person they know. 

Protect yourself

What can you do to protect your business and ensure that you and your customers are not scammed? 

  1. Limit data access – Phishing attacks can be catastrophic for a company if the person who falls victim to the attack has access to all the data on the company’s server. Modify data access to meet the needs of specific employees instead of giving total access to everyone. This limits the repercussions of a data breach. 
  2. Don’t make hasty payment decisions – People make mistakes when they are in a rush.  Because of this, successful scams are designed to create a sense of a sense of urgency by claiming an invoice is late and you need to transfer money right away. If you receive an unexpected urgent invoice or a call requesting payment, don’t pay immediately. Give yourself time to think before proceeding.
  3. Don’t send invoices through email – Emails can be intercepted by fraudsters and the bank account number can be changed. Your customer will think they are paying you, only to find that they have paid a scam artist. Avoid the headache of invoice fraud by making payment requests using a payment service that allows you to send an invoice securely. This will put both you and your customer at ease.
  4. Report scams – Report any scam you become aware of. Forward suspicious emails to [email protected] and text messages to 7726. Doing so could ensure that other businesses and customers don’t fall prey to a scam.

Online banking is here to stay, so make sure it’s integrated with your business securely. If you want to accept online payments choose a service like Ordo that lets you make payment requests securely. Ordo is an online money transfer service that keeps your bank accountinformation hidden. It is never shared by Ordo between biller and payer. Plus, Ordo does not use credit card or debit card numbers, so none of this information is available to be stored and hacked by scammers, and you no longer have the PCI compliance burden – a win-win all round. Invoices can be securely attached to Ordo smart requests for payment and cannot be intercepted by hackers. In addition, Ordo is also easy to use and fast. As soon as a customer pays you, the money appears in your account instantly. Arrange a demonstration today and find out how Ordo can make your payments more secure.