Risk Management · June 24, 2025

Fraud counterattack: Protecting your business from threats

Financial scams and fraud continue to be a significant issue for businesses of all sizes. Advanced tools such as artificial intelligence are being integrated into fraudster playbooks along with the more traditional approaches like check fraud.

In a recent webinar, Fraud Counterattack: How to Protect Your Business from Financial Threats, fraud authorities from First Citizens and McKinsey shared a number of tactics that can help you defend your business from today's biggest financial scams and frauds. We'll look at a range of fraud-fighting tools and controls you can add to your arsenal.

How to launch your defense strategy

An effective fraud management playbook is made up of several critical elements working in concert. The goal is to mitigate the fraud risks to your business without negatively affecting the customer experience.

To help you develop and implement your defense strategy, we'll examine the benefits of a range of bank-provided resources, internal controls and procedures, and the establishment of a comprehensive disaster recovery plan. Adding these four components to your fraud playbook can help you shore up your defense.

1Protect your business with bank-provided fraud fighting tools

There are several financial tools available that are easily implemented through your bank that can combat fraud attempts proactively. Results from the 2025 Payments Fraud and Control Survey Report conducted by the Association for Financial Professionals, or AFP®, show which fraud prevention tools have been effective for many organizations.

Bank tools & services

Definition

Implemented

Very Effective or Effective

ACH debit blocks and filters

Controls which ACH debits and credits can post to an account

92%

96%

Positive Pay

Compares checks and ACH debits to a list provided by customers

93%

96%

Post no debits accounts

Blocks debits from posting to an account

73%

91%

Two-factor authentication or other security layers for payments

Security method that requires two forms of authentication to submit payments and other banking activity

92%

91%

Tools to protect your business from financial threats

In our Fraud Counterattack webinar, panelist Kristen Saranteas, treasury management services executive at First Citizens, shares about how these banking tools can strengthen your fraud protection program.

Fraud Counterattack: How to Protect Your Business From Financial Threats

First Citizens Bank®

Fraud Counterattack: How To Protect Your Business From Financial Threats

Equal Housing Lender | Member FDIC

Kristen Saranteas, Treasury Management Services Executive: So let's go into some of the tools that we can use to protect ourselves. They can really ring-fence your business accounts in order to prevent any transactions hitting your account that you have not preauthorized.

I will say that Positive Pay, either through ACH Positive Pay or Check Positive Pay, is one of the most ubiquitous tools that is used by businesses. It is only as good, however, as those businesses interacting with that tool. When it comes to Check Positive Pay, that means that you as a business are uploading a file of the checks that you've issued.

When those checks come in for clearing, the bank is cross referencing those checks against that file and only authorizing payment if it matches what you've told us you've authorized to pay. Payee Positive Pay takes that to the next level because instead of just looking at the checking account, the dollar amount and the check number, we're also going to do best case to look at the payee name of that check as well so that if it was washed, the person or company that that was made out to has been altered. Those are extremely effective.

You also could block your account completely from debits, or you can have a filter to make sure that only some of the transactions that you've authorized get through. They are way more effective and are certainly going to cost much less than the debit transactions that could be hitting against your account.

Watch the full webinar

Fraud Counterattack: How To Protect Your Business From Financial Threats

First Citizens Bank®

firstcitizens.com

Member FDIC

This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation. First Citizens Bank and its affiliates are not responsible for the products, services and content for third party vendors. Any and all third-party trademarks, logos and service marks referenced herin remain the property of their respective owners.

©2025 First-Citizens Bank & Trust Company. All rights reserved. First Citizens Bank is a registered trademark of First Citizens BancShares, Inc.

Equal Housing Lender | Member FDIC

2Establish controls to mitigate external fraud

To reduce your exposure to fraud from external sources, consider including some of these methods in your fraud program:

  • Ask your accounting firm to conduct periodic audits to uncover any account anomalies that your internal team may have missed.
  • Ensure that your IT team is keeping your hardware and software up to date with the latest security updates and patches.
  • Maintain the safekeeping of confidential information, files and checks with a document management policy.
  • Ensure your company's financial information and procedures are fully documented and communicated to key staff members who restore your systems in case of a successful financial attack.
  • Engage outside professionals to test all external controls set up at your business.

3Implement procedures to protect against internal fraud

Another area for fraud to occur is within your organization. Internal fraud typically occurs when an employee is subject to these three elements:

  1. Pressure: When the employee is feeling financial pressure outside of work
  2. Opportunity: When the fraud in question wouldn't be discovered quickly and easily
  3. Rationalization: When the employee feels they can justify the theft as temporary or pass off as a loan that they plan to repay

To address instances of internal fraud at your business, consider the following guidelines:

  • Stay up to date on your system security
    • Observe and pursue unusual behavior and transactions
    • Focus on procedures related to Accounts Receivable and Accounts Payable functions
    • Perform daily reconciliation of accounts
    • Move away from paper-based transactions
    • Move to cloud-based storage options
  • Establish or enhance your employee controls
    • Segregate duties and approval levels, allowing for checks and balances
    • Put in place hiring procedures that integrate fraud training and protocols
    • Frequently test your established processes
    • Institute a company fraud hotline

4Establish a disaster recovery plan that includes fraud recovery measures

Having a well-documented plan prepared before any type of catastrophe occurs allows you to execute your recovery without making impulsive or emotional decisions. A key part of any plan is ensuring you have a team of trusted advisors in place to ensure damage of any sort can be addressed in a prompt and orderly fashion when disasters or financial fraud take place.

Essential members of your disaster recovery planning team include:

  • An attorney to protect your interests and address legal issues that occur
  • An accountant who will work together with your forensic accounting team to trace transactions
  • Your bank relationship manager who will work closely with their treasury management partner to safeguard your business accounts
  • An insurance professional who will ensure that you have sufficient financial protection in the case of disaster
  • Key company leadership, including members of your executive management team, to ensure company goals, values and metrics are considered throughout the recovery process

“Each professional included in your disaster recovery plan will give you a vantage point of what they've seen in the industry and their unique vision of what protection looks like," explains Saranteas.

To ensure your business is fully prepared, your disaster recovery plan should also be reviewed and refreshed periodically to ensure any critical organizational changes are addressed in advance.

What to do if fraud does occur

Of course, even with a comprehensive fraud plan in place, there's always a risk that your business will become a victim of fraud. For example, according to the 2025 AFP Payments Fraud and Control Survey Report, 79% of organizations were targets of either an actual or attempted fraud attack in 2024. Given this percentage, it pays to be prepared to execute your fraud counterattack.

If you discover that your business has experienced fraud, quickly take action.

  • Implement your disaster recovery plan.
  • Call law enforcement after checking with legal counsel.
  • Don't have your IT personnel attempt to locate any systems problems.
  • Implement new controls.

It's important to note that, although counterintuitive, using your own IT personnel to locate vulnerabilities in your company network after an incident may severely compromise your investigation. Instead, you should employ outside forensics services to investigate the issue using an image of your network so no evidence is altered or compromised.

The bottom line

There are a variety of practical steps you can take to protect your business from financial harm. The fraud fighting tools and strategies we've reviewed here can help you build a robust defense. By developing and implementing a comprehensive fraud management plan, you'll have the resources needed to address financial threats as they occur.

In the fight against fraud, you're not alone

Contact our dedicated team of banking experts to explore smart solutions for fraud prevention services.

Learn more about fraud prevention services

Insights
Financial insights for your business

Risk Management

Be on the alert for three growing business scams

Learn how three increasingly popular types of fraud can cause financial harm to your business.
Businesses are increasingly becoming targets of fraud over consumers because fraudsters know that businesses are where all the money is.
Management

Get started on your compliance journey

A corporate compliance program is an investment in the defense of your business's future.
The best compliance policy has little value if employees aren't aware of it.
Risk Management

Bank fraud prevention tools to try

Business fraud can impact your business's finances, your reputation and customer trust.
Fraud incidents may disrupt operations, erode customer loyalty and trust and threaten revenue streams, leading to reputational damage. Implementing a proactive, multilayered fraud prevention strategy can become a competitive advantage, mitigating risk while building long-term value.

Normal bank approval applies.

This material is for informational purposes only and is not intended to be an offer, specific investment strategy, recommendation or solicitation to purchase or sell any security or insurance product, and should not be construed as legal, tax or accounting advice. Please consult with your legal or tax advisor regarding the particular facts and circumstances of your situation prior to making any financial decision. While we believe that the information presented is from reliable sources, we do not represent, warrant or guarantee that it is accurate or complete.

Third parties mentioned are not affiliated with First-Citizens Bank & Trust Company.

Links to third-party websites may have a privacy policy different from First Citizens Bank and may provide less security than this website. First Citizens Bank and its affiliates are not responsible for the products, services and content on any third-party website.

First Citizens Bank is a Member FDIC and an Equal Housing Lender icon: sys-ehl.

NMLSR ID 503941