Stop Fraudsters from Destroying your Business

Last weekend, those suspicious charges from the Philippines came back.

Honey, did you buy two blenders from Target?

Of course not. Who buys two blenders?

Lucky I caught it in time - the fraudsters had gotten my card # and were racking up the bills.

But it could have been a lot worse.

I’ve seen breaches cost millions, and even cause startups to implode.

Unfortunately, most founders are just burying their heads in the sand, ignoring this:

Fraud will destroy your business - but only if you let yourself be the fool.

Most founders will say:

• Our company is too small
• No one’s gonna target us
• We don’t have a budget for that

But the thing is, protecting yourself from fraud is actually pretty simple.

Here's how, step by step:

Step 1: Spring cleaning

If you don’t use a password organizer, it’s time. I’m a proud affiliate of 1Password who I’ve used basically forever.

If you have an iPhone, start with Apple Vulnerability.

Delete any passwords or logins you don’t use anymore (there will be hundreds if you’re like me)

Especially focus on any businesses that would have your payment information stored for future purchases: Amazon, Hotel booking, Ecommerce websites. For me, it was Target.

Protect it all, starting with two-step verification, and use a passkey where possible.

Step 2: Limit your exposure

Listen, I worked in a bank for years.

I’ve seen more fraud than you can imagine - but I never knew about this.

And if I don’t know it, you probably don’t either.

There’s now something called a Digital Wallet - it came about in recent years, and it’s not what it sounds like.

Here’s what you need to know:

By using a Digital Wallet, essentially you’re giving certain “trusted” merchants the ability to still run your card on file, even if you change the number.

Meaning: EVEN IF YOU FRAUD-ALERT THE CARD, if the merchant is in the digital wallet, you’ll keep getting fraudulently charged!

Your homework: Check your bank account’s Digital Wallet. Make sure no one is there that doesn’t belong there

Beyond that, basic financial controls:

• Bank: Require two signatures for withdrawals & transfers
• Implement a spend management system like Ramp
• Verbally confirm all wire transfer details
• Wherever possible, use ACH instead of card numbers with trusted merchants
• Use virtual credit card numbers

Step 3: Set up your contingency plan

I was all good in the end because I was able to immediately lock our operating account and transfer funds to the backup account.

No real big deal except for the “payment failed” emails after my card was closed.

But I was prepared for it.

…how about you?

Is it gonna be a speed bump?

Are you going to be screwed for a day, a week or months?

What you need in your response plan:

• Stop the bleeding immediately
• Lock down your systems
• Lock your credit file (e.g. Experian)
• Keep business continuity

It’s not hard. You just have to do it.

If you don’t have the bank’s fraud phone number on speed dial, and a backup bank account already open to send money to… then you’re not ready.

Get it done, and I’ll see you next week.