Control Cash Flow

Anti-Fraud Controls Protect Your Company

When someone steals money from a business in a movie, it’s George Clooney and a team of con men. When it happens to your business in real life, however, it’s probably more like George from accounting. 

Whether it’s perpetrated internally by an employee or externally by a hacker, payment fraud is a major issue for businesses of all sizes. The good news is, it’s also largely preventable.

“For most fraud threats, it’s all about your internal controls being built right,” says Matthew Harper, head of client security management and group vice president at SunTrust. “That’s where a lot of companies fall flat.” 

According to Harper, these controls can help reduce the likelihood of fraud:

  • Reconcile your accounts quickly and often
  • Use Positive Pay, which ensures that posted checks match your records
  • Frequently monitor internal and external payments
  • Ensure that only certain people have payment access

“It’s not exciting, it’s not some whiz-bang tool—it’s old-fashioned, internal controls,” Harper says. “It’s not fun, but it works.”

Here are three payment fraud schemes that Harper says mid-sized businesses should be especially aware of, along with tips for preventing them.

Credit cards

One of the primary risks to mid-sized businesses is employee misuse of payment tools, Harper says. That largely means corporate credit cards.

To combat this, many purchasing platforms offer the ability to set limits and merchant categories. For example, if you owned a trucking company, you could limit purchases to gas stations and a few other related areas.

Harper suggests limiting who receives the card. “Ensure you’re giving the cards out on a business-need basis,” he says. “Not everyone needs a corporate card.”

Lastly, businesses should reconcile the appropriateness of the amount being spent. If one driver is within the limit and spending money only on gas, but is significantly higher than other drivers, that might signal an employee who has used the company card to fill up personal cars.

“A commercial card is a line of credit,” Harper says. “You’re extending a level of trust to the employee. You need to trust, but you also need to verify.”


A second risk is the misuse of internal payment processes, such as basic accounts payable functions.

To deter this, many companies rely on Positive Pay verification. Positive Pay requires a bank to examine a check that’s presented to be cashed against those the company issues. The system will flag the check if the serial number or dollar amounts don’t match. This helps ensure that only authorized checks get cashed.

Harper says other internal controls may include: rotating job duties, keeping payables up to date, ensuring ex-employees can’t access financial tools and resources, and having a person handle payroll rather than a machine.

Manipulating payment processes

One common type of online external fraud takes advantage of internal controls. This fraud often unfolds with a third party pretending to be a member of senior management. Posing as an executive, a hacker will send an email from a plausible-sounding address requesting an immediate payment.

Harper says it’s important to instill payment procedures and follow those even in the case of an escalated or urgent situation. Even if the person is the CEO, there should be a risk-compliance step where an accountant has to complete paperwork before the money is sent. With this type of fraud, it’s generally a matter of watching out for a sense of urgency when there usually isn’t one.

By setting up good internal controls and then monitoring the consistent execution of those controls, mid-sized companies can lower the odds of payment fraud and help keep their company finances secure.

This content does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.


Investment and Insurance Products:

Are Not FDIC or any other Government Agency Insured   Are Not Bank Guaranteed  May Lose Value 

© 2018 SunTrust Banks, Inc

equal housing logoSunTrust Bank is an Equal Housing Lender. Member FDIC

equal housing logoEqual Housing Lender. SunTrust Mortgage, Inc

SunTrust, SunTrust Mortgage, SunTrust PortfolioView, SunTrust Robinson Humphrey, SunTrust Premier Program, AMC Pinnacle, AMC Premier, Access 3, Signature Advantage Brokerage, Custom Choice Loan and SunTrust SummitView are federally registered service marks of SunTrust Banks, Inc. All other trademarks are the property of their respective owners.

Services provided by the following affiliates of SunTrust Banks, Inc.: Banking products and services are provided by SunTrust Bank, Member FDIC. Trust and investment management services are provided by SunTrust Bank, SunTrust Delaware Trust Company and SunTrust Banks Trust Company (Cayman) Limited. Securities, brokerage accounts and insurance (including annuities) are offered by SunTrust Investment Services, Inc., a SEC registered broker-dealer, member FINRA, SIPC, and a licensed insurance agency. Investment advisory services are offered by SunTrust Advisory Services, Inc., a SEC registered adviser. GFO Advisory Services, LLC is a SEC registered investment adviser that provides investment advisory services to a group of private investment funds and other non-investment advisory services to affiliates. Mortgage products and services are provided by SunTrust Mortgage, Inc.

SunTrust Mortgage, Inc. - NMLS #2915, 901 Semmes Avenue, Richmond, VA 23224, 1-800-634-7928. CA: licensed by the Department of Business Oversight under the California Residential Mortgage Lending Act, IL: Illinois Residential Mortgage Licensee #MB-989, Department of Financial and Professional Regulation, 100 W. Randolph, Suite 900, Chicago, IL 60601, 1-888-473-4858, MA: Mortgage Lender license #-ML-2915, NJ: Mortgage Banker License - New Jersey Department of Banking and Insurance, NY: Licensed Mortgage Banker—NYS Department of Financial Services, and RI: Rhode Island Licensed Lender.

"SunTrust Advisors" may be officers and/or associated persons of the following affiliates of SunTrust Banks, Inc.: SunTrust Bank, our commercial bank, which provides banking, trust and asset management services; SunTrust Investment Services, Inc., a registered broker-dealer, which is a member of FINRA and SIPC, and a licensed insurance agency, and which provides securities, annuities and life insurance products; SunTrust Advisory Services, Inc., a SEC registered investment adviser which provides Investment Advisory services.

SunTrust Private Wealth Management, International Wealth Management, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups and GenSpring are marketing names used by SunTrust Bank, SunTrust Banks Trust Company (Cayman) Limited, SunTrust Delaware Trust Company, SunTrust Investment Services, Inc., and SunTrust Advisory Services, Inc.

SunTrust Bank and its affiliates do not accept fiduciary responsibility for all banking and investment account types offered. Please consult with your SunTrust representative to determine whether SunTrust and its affiliates have agreed to accept fiduciary responsibility for your account(s) and if you have completed the documentation necessary to establish a fiduciary relationship with SunTrust Bank or an affiliate. Additional information regarding account types and important disclosures may be found at

SunTrust Robinson Humphrey is the trade name for the corporate and investment banking services of SunTrust Banks, Inc. and its subsidiaries, including SunTrust Robinson Humphrey, Inc., member FINRA and SIPC.