Financial crime risks associated with corporate cards and digital payments

The digital world has made it easier for criminals to commit financial crime. Because the consequences can be damaging to your business, you should remain vigilant every day.

On this site, you can read more about what to be aware of to prevent your business from becoming a victim of financial crime when you and your business’s employees use corporate cards are make digital payments.

Good advice for employees

  • Adhere to the security procedures for payments and purchases. Do not skip any steps, no matter how much pressure there is to complete a transaction quickly.

  • Be particular wary if you receive an email or text message that appears to come from a manager or other senior member of staff urging you to quickly and confidentially transfer money or buy goods.
  • Never click on any suspicious links or respond to inquiries asking you to disclose confidential information.
  • Always verify the identity of the sender before transferring money or providing confidential information. If you are in any doubt, contact the person or business using the phone number you would normally use – not on the number provided in the email or text message.
  • Use secure passwords and change them often. Our cybersecurity site provides tips and tricks to secure passwords.
  • Be on the lookout for spelling and grammar mistakes because scam emails and messages often include errors and have unusual-looking layouts.

Good advice for management

  • Make sure that there is a high level of fraud awareness across your business and ensure that employees remain vigilant at all times.
  • Establish a single point of contact (SPOC) at all the businesses you regularly make payments to, and consider keeping a list of vetted and authorised vendors and business associates who have undergone and been validated by your due diligence checks.
  • Implement a process system that checks for unusual transactions.

 

  • Ensure that secure payment controls, processes and procedures are in place for employees to follow and update these regularly.
  • Limit the number of employees in the business who are authorised to handle transactions.
  • Set up effective and ongoing employee awareness training and testing. Make sure employees understand the importance of not opening any links or files attached to an email from an unknown, suspicious, or untrustworthy source.

Tips to detect and avoid becoming a victim of financial crime

  • Using corporate cards at physical points of sale

    Using corporate cards comes with risks that you and your business should be aware of. Here are some tips to have in mind and guidelines to implement for everyone in your business who uses corporate cards to make payments at physical points of sale.

    • Always keep corporate cards and card details secure by not leaving these unattended – never lend your card to somebody else.
    • Limit employees’ access to the business’s corporate cards.
    • Educate cardholders regularly about being vigilant when they use their corporate card at a physical point of sale.
    • Never write the PIN down or reveal it to others.
    • Always cover the keypad when you enter the PIN.
    • Be aware of your surroundings when you withdraw money, ensuring no one is looking over your shoulder, and never have the card’s PIN written down on a note.

  • Making payments and transfers

    To protect a business from financial crime, there should be clearly defined procedures and processes governing payments and transfers. Below, you will find some advice on how to protect your business.

    • Check the bank details of the receiver multiple times and ensure the payment or transfer is being made to the correct bank account.
    • Fraudsters typically take advantage of a hectic workday or they strike during holiday periods and other situations when managers or other senior employees are likely to be away. So be particularly on the alert for emails, text messages or phone calls at these times.
    • Be on the lookout for changes in or unusual invoices and payment requests from unknown suppliers.
    • Verify invoices before issuing payments to avoid becoming a victim of invoice fraud.
    • Always validate new or changed beneficiary account details by making a phone call to a trusted contact (single point of contact (SPOC)) or from the official website.
    • Make sure that the right procedures for transfers and payments are always followed and avoid using any contact details stated on the invoice – use the contact channel you normally use.
    • Use the security options in District to receive notifications for important transactions on the business’s accounts or set up two-user authentication of all invoice payments – this can help prevent fraud.
    • If you want us to assist you with a payment or if you have questions regarding a payment, please contact us through eBanking or District.
  • Making online purchases

    Making purchases and transfers online is easy, which makes it easy for fraudsters as well. Remember to ensure that your business’s online security procedures are in place to reduce the risk of fraud.

    • If you need to visit a website, you should enter the web address directly in the browser’s address bar rather than clicking on provided links – unless you have verified that they the links are genuine.
    • Check that the vendor’s website also lists a physical address, email address and telephone number. If there is no contact information, the website may be a scam.
    • Be wary of ads that offer unbelievable deals or miracle products – if it sounds too good to be true, it probably is!
    • Check your trading partner’s website to make sure it is genuine and that the information it provides matches what you know about them.
  • Spotting an unusual transaction

    Always monitor activities on bank accounts and educate employees to stay alert for unusual transactions. The advice provided below may help you prevent suspicious activity on your business's accounts.

    • Check account movements regularly and be aware of any suspicious transactions that you cannot recognise.
    • Use the security options provided in our eBanking solution District, such as managing payment limits and receiving notifications about balances and payments above a certain amount.
    • Contact your bank immediately if you detect any unusual transactions.
    • Block your card if you suspect any fraud on your corporate card.
    • If there are transactions on your account that you do not recognise or accept, you should submit a dispute on card related transactions.
    • If the transaction you do not recognise or accept is a transfer, please contact us on +45 70 123 456.

  • Receiving emails, text messages and phone calls

    A common tactic used by fraudsters is social engineering, and many security breaches occur when employees unwittingly click on unsecure links or hand over passwords or confidential information on channels that are not secure. So always stay vigilant when you receive emails, text messages and phone calls. Follow the advice below to reduce the risk of social engineering attacks.

    • Educate your employees to be careful when they disclose confidential or personal information over the phone or by text or email – even if the request seems genuine. Danske Bank will always ask that sensitive information be provided only via secure channels such as eBanking or District.
    • Implement a support process so that phishing emails can be reported – early reporting means that quick action can be taken to reduce exposure to risk.
    • Never open suspicious links or attachments received via email. Be particularly wary if you open personal emails on one of the business’s computers.
    • Be wary if the email has poor spelling or grammar, and double-check the authenticity of the sender. If a message says it is from Danske Bank but you think it may be suspicious, you should contact us on +45 70 13 30 00 or via eBanking or District.
    • If you have any misgivings about an email or text message, you should delete it immediately. If it claims to be from a sender who you know, contact that person directly on the phone number you would normally use – do not use the number given in the email or text message.
    • Be wary if you receive an urgent-request email, text message or phone call from someone in a senior management position who you are not normally in contact with. This is a sign of CEO fraud.

    Read more about fake emails, text messages and fake phone calls.

Be safe online

On our cybersecurity site, you can read more about cybersecurity and how to be safe online



Strong passwords increase security and make criminal acts more difficult for fraudsters



Have an IT-policy



Have procedures for updates of programs

How our responsibility as a bank affects you as a customer...

Protecting your business from financial crime

Transfers and payments are financial transactions that help customers to manage and dispose over their money. Most financial transaction have a completely logical and legitimate purpose, but criminals also use financial transactions to hide illegitimate money.

Filtering illegitimate money through the financial system is known as layering, and it is the most difficult part of the money-laundering process. Banks and other financial institutions are important allies for authorities when it comes to monitoring and analysing unusual transactions.

Below, you can see what measures we employ at Danske Bank to meet our obligation to prevent financial crime by monitoring and screening transactions. We also encourage businesses to have and maintain their own financial crime defences and policies.

 

Watch the video on this site to learn how the measures we employ at Danske Bank to fight financial crime can have implications for you as a customer.

Why are you asking for proof of my identity?

  • We use the knowledge we have about our customers to understand what behaviour is expected or usual for each customer.

Why are you asking about my transaction?

  • At any given time, thousands of transactions pass through Danske Bank’s systems and processes.
  • All transactions – including card payments, digital payments and investment-related payments – are monitored to ensure that they are in line with the expected or usual behaviour of the customer.
  • Transactions are compared against the information we have about the individual customer and in relation to the type of transaction.
  • Whenever a transaction is not in line with how we would expect a customer to behave, we investigate the reason. This is why you may be contacted by us and asked questions about specific transactions, which we do to protect both you and Danske Bank.

Example: If your business usually does not deposit or withdraw cash but then starts doing so, we may ask why your banking needs in relation to making cash deposits and withdrawals have changed.

Why is my transaction stopped?

  • Like all financial institutions, Danske Bank has an obligation to ensure that its customers and those who its customers do business with do not violate sanctions.
  • To meet this obligation, we screen all transactions against international sanction lists and protocols.
  • We adhere to international sanctions, such EU and UN sanctions, and sanctions issued by individual countries, such as the US, UK and the Nordic countries. Read more here.
Disclaimer: The content of the above is not, and should not be considered as, a substitute for legal advice.

Others also viewed...