If a computer hacker breaks into your personal banking account and funds are illegally transferred out of your account, what do you personally owe? Nothing. Under federal law, as long as it is a personal account only, the loss is the bank's problem to solve.
If a business banking account is compromised and funds are illegally transferred, what does the business owe? Everything!
Here are a few practices to keep in mind with respect to protecting your business from financial computer fraud:
-Never mingle business and personal accounts. If business and personal accounts are allowed to be combined, the protections that personal accounts have when it comes to loss are lost.
-A business owner should discuss with his or her bank what procedures the bank follows to protect online access to corporate accounts. One question to ask is whether the bank's software uses digital tokens. Digital tokens are decoding chips that allow the actual password to be changed every few seconds, thus making it difficult for computer hackers to identify the true password
-As in any risk management situation that you can not properly control, transfer the risk to a third party. In this case the third party is the commercial insurance company, and the coverage that applies is the Commercial Crime Coverage Form F.
Commercial Crime Form F pays for loss or damage to money, securities or other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the business premises or banking premises to outside the premises. In order for the coverage to be triggered, the computer must be the direct cause of loss.
For example, if a computer hacker breaks into a business's online account and transfers funds from the business account to his or hers, that is a covered loss. But if a computer hacker breaks into the account and only uses the access to create false invoices or ledger balances, that claim is not covered. A fraudulent invoice would be paid with the insured writing a check -- because the computer was not directly used in the transfer, the claim would be denied.
One major exclusion which applies to all scenarios: If the person committing the crime was an employee of the company, the loss would not be covered.
We have seen claims from financial computer fraud range from thousands of dollars to $1.2 million. Business owners and managers need to meet with their risk managers and talk with their bank representatives about these issues. It is crucial to design a comprehensive strategy that protects business assets against one of the fastest growing areas of loss today -- computer fraud.
Information gathered from Insurance Journal. For more information on your Risk Management contact Sean Leigh.