Business Fraud Awareness, Prevention & Reporting Resources

The agencies below provide resources to help you protect your identity and financial well being as well as reporting tools if you are a fraud victim.

U.S. Small Business Administration (SBA) Cybersecurity Resource Page

The SBA provides a great resource and tool for small to medium sized businesses. The SBA has a cybersecurity page that provides learning resources and tools to help prevent businesses from becoming a victim of cybercrime.

Learn More

Internet Crime Complaint Center (IC3)

IC3 is a joint effort between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center and the Bureau of Justice Assistance. The IC3 accepts internet crime related complaints from individuals that have been defrauded.

Learn More

Department of Homeland Security—Stop.Think.Connect Small Business Resource

The Department of Homeland Security provides a wealth of resources to help protect your business and provide cybersecurity awareness for small to midsize businesses.

Learn More

Business and Commerical Customer Fraud FAQs

In some instances, like card fraud, an affidavit or a police report won’t be required for a fraud claim. Regulations regarding card transactions allow the bank to pursue recovery without written documentation. In some instances, we may ask for proof that you engaged with a vendor or merchant in an attempt to resolve the situation, that documentation assists investigators with decisions on how to best attempt recovery on your behalf or the banks.
Other fraud types like wire fraud, check fraud or Automated Clearing House (ACH) fraud, are most common to business and commercial customers, often require a police report and a bank approved notarized declaration of loss (affidavit). This documentation serves several purposes for the bank. Most notably for customers it expedites our ability to recover your funds from other financial institutions and confirms for all parties involved that our customer is in fact a victim of some type of financial loss.

Much like your personal account, daily monitoring of items posting to your account is critical, you effectively become your own form of positive pay. If a fraudulent item is found, call the bank immediately. We will begin the process to prevent additional fraud, document the incident, and begin the recovery process. The bank’s best opportunity for recovery is within the first 24 hours of the event occurring, it is imperative that you act quickly.
If your organization does not have the resources to perform daily monitoring, Positive Pay services provide the peace of mind knowing the bank can protect your financial assets.
If you decline to participate in Positive Pay, the bank would no longer be able to honor most fraudulent check claims against your account. We will aggressively attempt to recover lost funds on your behalf, but with no guarantees. In many instances those recovery efforts are an extremely time-consuming process.

The inability to see or view your account in Digital Banking is due to a restriction on your account to prevent any further fraudulent charges from being posted to the account. This restriction allows the NBT employees to review and monitor all transactions that attempt to post and manually review each debit and credit to ensure any subsequent losses from posting to your account.
The NBT Treasury Management Team will be contacting you about adding Fraud Prevention products (Positive Pay) to your current account. This will allow the account to remain open and enable you to authorize any future check payments to your account.

Ultimately, the faster you get us the documentation needed to investigate the loss, the faster we can resolve your case. Our goal is to complete your case within 30 days, but a timely return of your documentation will help move the case along and may result in a reduced resolution timeframe.
If NBT is acting on your behalf to recover a loss from another financial institution, we will credit your account once funds are received. Exchange of funds between financial institutions in some fraud cases is dependent on the completion of a fraud investigation at both institutions. Regulations allow up to 90 business days for completion of that process. We have seen these investigations take up to 120 days at this point. Our goal is to credit your account within 1 business day of receipt of the funds.

Call your bank immediately. Fraudulent wire transactions often result in little to no opportunity for recovery. We will attempt a wire recall, but depending on timing this may not be successful.
In all instances of wire fraud after calling the bank you should quickly obtain a police report and report your loss to IC3.gov. Upon completion, update the bank with case numbers so investigators can document our investigation.
For both domestic and international wires, you will be instructed to initiate the Wire Fraud Kill chain utilizing IC3.gov. The bank can complete this for you if we have all the necessary information.
Remember knowing who your wire is going to and having good procedures to validate the recipient is imperative to protecting yourself against wire fraud.

The use of multiple check books on the same account within your company often generates false notifications by tools used at the bank to protect you. False notifications may result in a delay in our response to potential fraud.
Positive Pay also becomes ineffective at preventing fraud when you use multiple checkbooks due to the possibility of duplicate check numbers or unexpected changes in the check number from one processing day to the next.
In instances where we are concerned about fraud on your account we may take action that impacts your transaction. Our goal is to minimize the negative impact to your normal course of business. If we attempt to contact you regarding suspected transactions, a quick response on your behalf will help reduce that risk.

We have most recently seen stolen checks (car smash and grabs, theft from offices, parks, etc.) as a leading trend within our footprint. Secure your checks and cards!
Stolen mail is an industry problem. Never leave outgoing or incoming payments in an unattended mailbox. It is a best practice to maintain control of your check payments until your USPS provider takes possession of them. Theft of issued checks often results in alterations to the item for resale to malicious actor, refusal of the item for cash in branches using fake identity, or visibility into your check stock for creation of future counterfeit checks.
Stolen business critical information is most often the result of vulnerable digital hardware, response to malware of phishing attacks, or intrusion into third party databases containing your information and utilized in the normal course of business.
Remember your vendors are also often at risk for theft of business information also. Business email compromises (BEC) are the largest contributing factor for payment redirection fraud. Always verify with your vendors if they are requesting payment to a new account via email. Contact the vendor on the phone number you have on file to validate any payments requested via email.