It’s Nothing Personal … Just Business!
People use the phrase “it’s nothing personal, just business” all the time. It covers a wide range of topics and situations. If you change that statement by one word so it reads, “it’s nothing personal, everything business,” you would have accurately described an exposure to loss many businesses overlook – computer fraud.
If a computer hacker breaks into your personal banking account and funds are illegally transferred out of your account, what do you personally owe? Nothing. Under federal law, as long as it is a personal account only, the loss is the bank’s problem to solve.
If a business banking account is compromised and funds are illegally transferred, what does the business owe? Everything!
There are a few important risk management practices to keep in mind with respect to protecting businesses against financial computer fraud. Among them:
- Never mingle business and personal accounts. If business and personal accounts are allowed to be combined, the protections that personal accounts have when it comes to loss are lost.
- A business owner should discuss with his or her bank what procedures the bank follows to protect online access to corporate accounts. One question to ask is whether the bank’s software uses digital tokens. Digital tokens are decoding chips that allow the actual password to be changed every few seconds, thus making it difficult for computer hackers to identify the true password.
- Some banking institutions will provide a stipulation requiring money transfers to foreign institutions be done in person. This is an important safeguard, as many wire transfer schemes end with the money eventually being sent overseas.
- As in any risk management situation that you can not properly control, transfer the risk to a third party. In this case the third party is the commercial insurance company, and the coverage that applies is Commercial Crime Coverage Form F.
Commercial Crime Form F
Commercial Crime Form F pays for loss o Commercial Crime Form F pays for loss or damage to money, securities or other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the business premises or banking premises to outside premises. In order for the coverage to be triggered, the computer must be the direct cause of loss.
For example, if a computer hacker breaks into a business’s online account and transfers funds from the business account to his or hers, that is a covered loss. But if a computer hacker breaks into the account and only uses the access to create false invoices or ledger balances, that claim is not covered. A fraudulent invoice would be paid with the insured writing a check – because the computer was not directly used in the transfer, the claim would be denied.
One major exclusion applies to all scenarios: If the person committing the crime was an employee of the company, the loss would not be covered. Each of these scenarios can be addressed with other crime coverage provisions.
Other Exclusions, Limits
There are two other major exclusions that need to be noted in the standard ISO Crime Form F: credit card fraud and inventory shortages.
Theft of inventory, which never appears on a spreadsheet because a computer hacker is altering the report, is not covered because the direct cause of loss is the actual theft of the property. The use of the computer is to conceal the theft, which has already occurred.
Likewise, credit card fraud is viewed separately from computer fraud.
What limit is appropriate for computer fraud? The simple answer is: Whatever the maximum amount of funds a business would have in an account that could be accessed online. As with all insurance – the greater the coverage limit, the greater the premium will be.
While most banks analyze transactions greater than $10,000, computer hackers are ever-evolving and are able to make multiple transfers. Their ability to move funds around between several banking institutions quickly makes their transactions more difficult to track.
We have seen claims from financial computer fraud that range from thousands of dollars to $1.2 million. Business owners and managers need to meet with their risk managers and talk with their bank representatives about these issues. It is crucial to design a comprehensive strategy that protects business assets against one of the fastest growing areas of loss today – computer fraud.