Arm the SMB against the ‘Bad Guys’

 Author: David McDaniel, DMcDaniel@profitstars.com

You know, it occurred to me recently, while watching the original Die Hard movie, that one of the most glaring gaps identified by the FFIEC’s Supplement to Authentication in an Internet Banking Environment is the need to educate and arm the small- to medium-sized business (SMB) customer against the ‘Bad Guys’. Now, I know that a comparison of the BEST action movie EVER to a financial institution governance sounds like a stretch, but stay with me.

It seems every time I turn around, I read a story about how someone surfed somewhere they had no business surfing and clicked something they shouldn’t have. Then, some bad guy broke into their computer and took something valuable (private information, credentials, money, $600 million in negotiable bearer bonds…). Sadly, too often these SMB owners, busy struggling to keep their enterprise afloat, become the weakest link in the electronic payments network by cutting corners. Among other things, they fail to recognize the value in paying for safeguards and reconciling their bank accounts regularly. The results are fraudulent debit transactions going unnoticed until the very narrow commercial ACH debit return window has passed, or funds are illegally wired/ACH’d out to money mules, and ultimately, a bankrupt business.

Somehow, we must take the time to help our customers understand just how easy it is for fraudsters to take advantage of them if they do not take precautions, and just how easy it is to ward off those same fraudsters by simply putting the cookie jar on a higher shelf. If there is one truth here, it is that the bad guys tend to go for the easiest targets, so creating more barriers between the SMB and the villains will shift the bad guys’ risk/reward equation in the customers’ favor. I mean, if Mr. Takagi had put all those bonds in his wallet (where the safeguards = button, silk thread, and a silk pants pocket) instead of in that huge vault (where safeguards = 7 locks, Al-the-Pal, and Bruce Willis), Hans Gruber would have totally gotten away with it!

Even though most small businesses do not typically have hundreds of millions to protect, there are some great safeguards out there to help deter the Hans Grubers of the world from taking their life blood. Products that allow the SMB to review and approve incoming ACH debits, and maintain their wire and ACH credit recipients, all using out-of-band communication channels. These products will help them to do it, but unless these customers begin treating their online-accessible assets with the same care they give their cash, the bad guys will continue to take them down one at a time, and the banking industry, as well as the ACH network, will suffer.

Now, I understand you may still be scratching your head about the whole comparing Die Hard to the FFIEC guidance thing. Especially since Mr. Takagi was killed, the bad guys required quite a bit of convincing to get them to leave (die), and NO ONE wants to be in Holly Gennaro’s shoes, hanging by a wristwatch from a window 80 stories up! But since SMBs cannot put all of their valuable information in a Nakatomi vault, they need to be convinced of the value of safeguarding their private information, being diligent about reconciling their accounts, and taking advantage of the tools that can allow them to protect themselves and the future of their company…because, my friends, the future of their company truly is at stake, and Bruce Willis is just an actor with bad hair (still the best action movie EVER though).