Is your Business Protected Against Bank Cybertheft?

In the past few years, we have become increasingly aware of the potential threat in cyberspace that that our personal banking information could be obtained by so called “cybercriminals.” Most likely, if it has happened to you or someone you know, they were reimbursed for the fraudulent transaction from their bank as consumers. However, unlike consumers, business under the Uniform Commercial Code (UCC) could make it difficult to recover funds stolen from bank accounts leaving the victim (the business) to suffer the loss. One of the largest areas of concern, for businesses is the threat of a fraudulent electronic funds transfer (EFT). These thieves are mainly targeting small to medium sized business because of the ease of accessibility due to weak or non-existent controls. On August 26, 2009, the Federal Deposit Insurance Corporation (FDIC) issued an alert warning (FDIC SA-147-2009) that there has been an increase in reports of fraudulent EFT transactions resulting from compromised login credentials. The statement issued by FDIC specified how the cyber thieves maybe able to access accounts.

“Web-based commercial EFT origination applications are being targeted by malicious software, including Trojan horse programs, key loggers and other spoofing techniques, designed to circumvent online authentication methods. Illicitly obtained credentials can be used to initiate fraudulent ACH transactions and wire transfers, and take over commercial accounts. These types of malicious code, or "crimeware," can infect business customers' computers when the customer is visiting a Web site or opening an e-mail attachment. Some types of crimeware are difficult to detect because of how they are installed and because they can lie dormant until the targeted online banking session login is initiated. These attacks could result in monetary losses to financial institutions and their business customers if not detected quickly.” FDIC SA-147-2009

Generally, a business must notify the bank within two days of a fraudulent ACH transaction or the business may be liable for the loss. Identifying risks are key to understanding how vulnerable your business is to EFT fraud. Once the risks are accessed, the business can determine the appropriate steps (implementation of controls) to limit the risk.

Assessing your Business’ Risk for ETF Fraud?

Here are a few key items to consider when evaluating general fraud prevention: 1. Is your business in compliance with the bank’s recommended security procedures to facilitate a recovery of funds in the event of a fraudulent transaction? 2. What is the maximum dollar amount the entity could lose in a wire transfer, and does the business have insurance to cover that amount for fraud? 3. Has the business given proper education and/or training to key employees with online access so they understand the risks, how the fraud is perpetrated and the precautions they should take? 4. Does the business have security settings on computers to prevent malicious code (malware) from being installed into its systems?

Establishing Controls to Mitigate the ETF Fraud

Once you have determined the Company’s risks, a system of controls needs to be developed in order to limit that risk. The following is a list of potential controls in which might limit the risk: 1. Dedicate a computer or system for online banking, especially for EFT. If significant risk, use a computer that is not used for e-mail, web browsing, or other high-risk online activities associated with contracting malware infections. 2. Use an authentication with independent mechanism. For example, require login credentials and a temporary PIN sent to a pre-determined cell phone or a security code device (provided by the bank). This method makes attack more difficult because the authentication factor is not communicated through the compromised computer. 3. Segregate EFT controls so that one person performs online EFT functions, and a second person approves the transfer or verifies/reconciles that transaction. 4. Review bank accounts on a daily basis in order to detect unauthorized transactions timely. 5. Dedicate clearing accounts using “just-in-time” deposits. For instance, make deposits into a separate designated “EFT transfer” account from a different computer into that account just before a wire transfer. 6. Use “run as needed” bootable CD (such as the Ubuntu operating system) that cannot be contaminated by a virus or malware for the computer accessing online EFT. This is an FDIC recommendation.

There are many prevention and detection controls in which a business can implement into its day-to–day operations to protect from EFT fraud. However, selection of such controls is a tricky process. Too many controls can cause inefficiencies and have a negative impact on the business. Don’t hesitate to give dbbmckennon a call or email today, to discuss your particular business’ risks and potential internal controls in which you may implement to mitigate such risks.

Year of the…Roth?

The 2010 year presents a unique opportunity for high-net work individuals.  Prior to 2010 most individuals making over $100,000 per year, were restricted from converting a Traditional IRA or 401(k) to a Roth IRA.  However, 2010 presents an opportunity to those previously restricted. Not only will high earning individuals be able to complete these conversions during 2010, they will also be able to do so without incurring the normal 10% penalty for early withdrawal, and the tax burden can be deferred over a two year period (2010 and 2011 tax years). 

So why is this important to you as a high earning individual?

Let’s face it; taxes aren’t going down in the foreseeable future.  With increasing federal and state deficits and additional programs being proposed on a daily basis, there is more of a chance taxes will increase over the long-term as opposed to them decreasing.  Thus, taking a smaller hit now may be more beneficial than taking a larger hit down the road depending on the circumstances.

Also consider this: the market is still down from its high in 2007 and is at approximately the same level it has been for the past five years.  Taking that into consideration, any money put into a pre-tax account during that time frame, will likely have little if any capital gains to pay taxes on

So who would benefit from this most?

Not considering other factors unique to each individual, people that stand to benefit the most are:

  • Wealthy Individuals
  • Those seeking to reduce estate settlement
  • Individuals who won’t need to draw income from converted accounts
  • Young high-earners
  • Those who believe their tax bracket will be higher in retirement

The kicker in all of this is (and golf fans will love this), you get a mulligan.  If for any reason you regret the decision or it becomes a bad decision due to market fluctuation, you can reverse the transactions without any tax consequence within six months of the tax return due date (i.e. April 15, 2011 due date would give you until October 15, 2011). 

Here at dbbmckennon we would be more than happy to answer any questions you may have about these conversions, the tax consequences, and discuss what is in your best interest as a unique individual.  We can also refer you to one of our trusted financial advisors, who can assist you in a Roth conversion; even if you don’t have one set up yet. 

Plan today, to give yourself a brighter future tomorrow.