Cash theft is one of the most common types of fraud in not for profit entities, as cash donations are a key income stream for charities. Cheques may be seen by some as more reliable than cash, but they can still be risky as they can be easily cloned, intercepted and details or amounts amended. An alternative to cash and cheques may be online banking, which eliminates several external factors; however ultimately this is only as good as the internal controls in place.
Entities must consider their banks’ requirements for authorisation over electronic banking. Often the security levels for electronic banking required by the bank vary to those imposed on cheque payments, and entities may need to voluntarily specify authority levels and restrictions.
As a general rule, it would be wise to impose the same controls over electronic banking as already exist over cheque payments, such as dual authorisation depending on the level of payment and appropriate segregation of duties. It is recommended that one person sets payments up online, with a second (and perhaps third, depending on the payment level) person logging on separately to approve the payment. You must ask yourself the question 'can the controls be side-stepped?' and if so, you may want to think again.
Passwords should be changed regularly and the number of people who can access online banking is a bit of a balancing act – it is best to keep numbers with access to a minimum, whilst ensuring there is adequate segregation for processing and approval of payments. Passwords must never be shared or left accessible by those you do not want to have access to your money.
Finally, if you suspect fraud is occurring on your account, the first port of call should be to contact your bank and ensure that access to electronic banking systems are stopped. This should form part of your fraud response plan, which should guide you through the necessary steps and considerations at the point of fraud discovery.