Scammers use DocuSign API to send fraudulent invoices
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
In short, giving your bank account number is generally safe as long as you do so with trusted entities and through secure channels.
Note that there is very little a scammer can do with a bank account number alone. They will not be able to use it to withdraw money from your account, write checks, or pay for items online.
Sharing a bank account number becomes potentially unsafe when it is accompanied by other information.
This includes your routing number, driver’s license, home address and other personal details that could be used to steal your identity.
With some or all of these details, there is potential for a broad spectrum of fraudulent activities.
Those with malicious intent could:
With the above in mind, here are some best practices for how you can stay protected when sharing sensitive information.
First and foremost, ensure that you only share your bank account number with trusted individuals and organizations.
Generally speaking, this includes:
Be wary of unsolicited requests for your account number as they could be part of a phishing scam or other form of identity fraud. This is especially true of email and phone requests (more on this below).
When in doubt, use common sense and err on the side of caution.
Always use secure channels to send your bank details.
As a consumer, the most secure channel is your financial institution’s online banking platform. Giving your bank account number over the phone is also safe provided you can verify the individual you speak to.
To receive payment, many businesses send their bank details via invoicing systems that integrate with Stripe. Others may use a more traditional method such as fax.
When it comes to sharing your bank account number, the context in which you do so plays a significant role in determining the level of risk involved.
If you’re sharing your number with an employer or using it to pay for something on Amazon, you likely don’t need to be worried.
However, some contexts where it is unsafe to share bank details include:
Where possible, use a credit card to make online purchases.
They do not require a bank account and routing number to be entered and many come with more fraud protection than a standard debit card.
If you don’t trust yourself with a credit card, money transfer apps and prepaid cards are a worthy alternative.
If you own a company or you’re working in a finance team, onboarding other financial service vendors may require you to opt for other ways to safely share your organizations bank account details. At Eftsure, in our onboarding and verification phase, we offer customers and their suppliers/vendors the option to use Eftsure Bank Link. Using Bank Link, rather than sharing bank account details directly with Eftsure or a vendor/supplier, finance teams can safely and securely login to their banking platform and verify their banking details direct.
If you suspect someone has stolen your identity or personal details, here are some of the steps you can take.
It is the duty of all bank account holders – whether individual or business – to monitor accounts for suspicious activity.
Look for large withdrawals, deposits or purchases and notify your bank immediately if a transaction seems out of place. Another potential area of interest is substantial variation in your apparent spending habits.
Also check your credit report for unauthorized credit card or loan applications.
Mail theft is a major problem in the United States with mail stolen from post boxes, doorsteps and even postal workers themselves.
Much is said about the theft of packages from Amazon and other eCommerce companies, but criminals also target checks, bank account statements and other documents that contain sensitive information.
Where possible, opt for digital payment methods and paperless statements so this information cannot be intercepted and used to commit fraud.
According to the Consumer Financial Protection Bureau, you will only be liable for a maximum of $50 if an unauthorized transfer is reported within 48 hours. If you report after this period has elapsed, however, you may not recover any of the lost funds.
For unauthorized transactions that occur on the Automated Clearing House (ACH) network, know that you have 60 days to dispute the transaction and be reimbursed by your bank.
Any instances of fraud should also be reported to the three credit reporting bureaus of Equifax, Experian and TransUnion. Each should have the option to freeze the report to stop new accounts from being opened in your name.
If the crime is serious and involves identity theft, consider filing a report with the Federal Trade Commission (FTC) and the police.
When suspicious transactions have been observed, change your password as soon as possible. This extends to the account’s security questions and also to other accounts that use the same password.
New passwords should incorporate:
Canceling your account is a hassle that many of us would rather avoid, but it may be necessary for severely compromised accounts.
Risk is inherent in any system, and the financial system is no different.
One common assertion is that checks increase the risk of fraud because they clearly show bank account and routing numbers.
However, fraud only results in a loss if the account holder fails to monitor their transactions and report suspicious transactions within the 60-day window.
Provided you follow the best practices in this article, the risk of fraud is extremely low. For perspective, consider that a mere 0.03% of the 31.5 billion transactions processed on the ACH network in 2023 were unauthorized.
For payments that are unauthorized, it’s important to note that banks are loss-averse and will readily reverse fraudulent transactions.
Banks also vet customers that send frequent ACH requests to pull money from other accounts and in the case of a criminal offense, their personal information is easily available to turn over to the police.
The ease with which transactions are reversed and the lack of anonymity act as an effective deterrent and lower the risks of this type of crime substantially.
In summary:
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Fraud is usually associated with deception, manipulation, and crime, but what many people don’t realize is that not all scams are illegal. …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.