Dental Office Fraud Protection Checklist

Fraud Protection

To ensure you have controls in place to protect your organization, use this checklist to assist with your periodic fraud prevention procedures review.

Review and update internal procedures and controls

  • Train personnel on fraud prevention best practices
  • Establish dual control procedures for ACH, remote deposit capture and wires
  • Review employee access privileges and limit administrative rights on company computers • Establish clear division of duties within accounting departments
    • Separate account receivables and account payables functions and processes
  •  Only provide employees with access to financial data if there’s a business need
  • Conduct surprise audits to ensure appropriate procedures are being followed
  • Preauthorize high dollar value checks before the checks are written
  • Do not sign checks without the recipient and amount information completed
  • Verify out-of-pattern payment instructions from internal employees
  • Validate all payment requests from customers and company personnel, including senior officials
  • Validate requests from vendors to change payment instructions; don’t simply reply to email
  • Review transactions before they leave the company
  • Review and update bank signature cards routinely
  • Remove executive signatures from your annual report to prevent illegal scanning and use

Ensure online fraud protection

  • Keep workstations current with security updates
    • Confirm all anti-virus software is up to date
    • Respond to software and security update alerts promptly
    • Ensure protection on all computers and schedule routine updates
  • Apply operating system updates promptly; beware of download requests from pop-ups or advertisement
  • Avoid using email to send confidential information; truncate all but last four digits of account numbers
  • Prevent malware infection
    • Use caution when downloading applications or documents, installing software and opening email attachments
  • Limit Internet use on computers used for online banking activities
  • Limit personal email and Web surfing access on computers used for monetary transactions
  • Use dual authorization for adding users and changing user profiles
  • Require use of security tokens, with strong authentication, for payment applications
  • Use dual authorization when initiating ACH or wire payments
  • Establish separate controls for your business online banking application
    • Use one computer to create online payments and a different computer for secondary approvals
  • • Monitor account balances and activity daily
    Report any suspicious activity immediately to your bank
  • Consider the use of an anti-malware application, as well as a firewall
  • Schedule updates frequently
  • Check your operating system on a regular basis
  • Install all the latest patches and updates
  • Activate all the notification features available in the bank’s online banking application
    • Ensure proactive notification to all users of any suspicious activity
  • Ensure users of financial applications are familiar with system screens and functionality, so suspicious screens are easier to spot and reported quickly to the bank
  • Ensure user access and entitlements are up to date and accurate

Evaluate your paper check supply

  • Select a highly qualified, established check vendor
  • Use one style of checks for each account for easy recognition
  • Incorporate security features into check design
  • Monitor check orders to ensure receipt of exact quantity
  • Store blank checks and check printing equipment securely
  • Limit the working supply of checks removed from the secure area

Leverage U.S. Bank fraud prevention solutions

For SinglePoint® online access

  • Utilize IBM® Security Trusteer RapportTM to detect and eliminate malware

Receive payment service alerts by email, text or fax: SinglePoint External Messaging

For paper check disbursements

  • Review exceptions daily and make payment decisions: SinglePoint Positive Pay
  • Review payee exceptions daily, make payment decisions: SinglePoint Positive Pay – Payee Option
  • Check images online and eliminate need for storing cancelled paper checks: SinglePoint Image Access and SinglePoint Image File Delivery
  • Reconcile accounts daily or monthly: U.S. Bank Account Reconciliation (ARP)
  • Consider outsourcing check processing to eliminate the storage of check supplies: SinglePoint Check Payables

For deposit-only accounts

  • Place blocks on accounts to prevent unauthorized debits: U.S. Bank Check Filter Service
  • Reconcile deposits weekly or monthly: U.S. Bank Deposit Reconciliation Service

For ACH transactions

  • Ensure dual authorization is required: SinglePoint ACH Origination
    • Ensure initiators and approvers use different workstations
    • Alert secondary authorizers to practice a high degree of vigilance in their final review and approval of all outbound monetary transfers
    • Set appropriate transaction limits for each initiator and approver of monetary transfers
  • Review exceptions online: SinglePoint ACH Positive Pay
  • Track the status of ACH Positive Pay authorizations in the ACH Filter Rejected Item report and
  • ACH Filter Authorizations report: SinglePoint Information Reporting
  • Utilize debit blocks to prevent all ACH originators from debiting your account: U.S. Bank ACH Block and U.S. Bank Business Check Block Services
  • Utilize debit filters to control access to your account by customer ID and dollar amounts: U.S. Bank ACH Filter

For wire transfers

  • Ensure dual authorization is required, especially for non-repetitive transfers: SinglePoint Wire Transfer

For regular review of your account information

  • Review your accounts online, at any time: SinglePoint Information Reporting

 

Posted via Jennifer Maschke, US Bank, Vice President, Business Banking Officer

usbankU.S. Bank and SinglePoint are registered trademarks of U.S. Bank National Association. IBM® and Trusteer RapportTM are registered trademarks of the International Business Machines Corporation registered in many jurisdictions worldwide.

U.S. Bank makes no warranty of any kind as to the effectiveness of the Trusteer Rapport software. U.S. Bank is not responsible for and does not guarantee the products, services, or performance of third parties.

© 2015 U.S. Bank. Member FDIC. U.S. Bank National Association. Member FDIC. (12/15) MMWR-80647

U.S. Bank is committed to helping you meet your treasury management needs including fraud prevention. To learn more, contact your U.S. Bank Relationship Manager or Treasury Management Consultant. To find a consultant near you, email a request to TreasuryManagementSolutions@usbank.com.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *