DEALERSHIPS
SERVICESCLIENT TESTIMONIALSRESOURCESCONTACT US
AUTO DEALER ALERT
Dealerships > Resources > Auto Dealer Alert > 2006

Electronic Fund Transfer (EFT) Fraud — A Worst Nightmare Waiting to Happen?  
 By Jim Eagan
Auto Dealer Alert, May 2006

There are two categories of electronic fund transfers. These categories are Automated Clearing House (ACH) EFTs and wire transfer EFTs. In the next few Dealer Alerts we hope to expand your knowledge of both types of EFTs, make you aware of various internal control concerns regarding EFTs and finally offer to you some recommendations as to how you can minimize your vulnerabilities.

Imagine waking up in the middle of the night, shaken by a horrible nightmare.

  • You had dreamed that you had arrived at your dealership on a Monday morning and as soon as you entered the building, an employee from the office runs up and frantically informs you that the bank has called and that the dealership checking account is substantially overdrawn and her boss, the controller, has not arrived for work yet.
  • You run to your office and call the branch manager at your bank. She describes to you that by looking at the dealership cash account activity on her screen, she can tell that at the beginning of the day on the previous Friday, the account had a balance of a couple hundred thousand.
  • You ask the branch manager to share with you the major ins and outs of the account since that point. She replies that at about 9:00 a.m. that Friday, a very large electronic funds transfer deposit was received in the account from your manufacturer. You know that this is the normal receipt of manufacturer rebates, holdback, floor plan assistance, and other miscellaneous credits. The fact that it is so large doesn’t shock you because business as been good and you have been moving a lot of vehicles.
  • The branch manager further describes that at about noon that Friday, a large EFT deposit was received from the financial institution that the dealership uses to finance the majority of its customers. Again, nothing unusual strikes your mind concerning this EFT deposit, the financial institution is simply cashing contracts and crediting your account with the proceeds.
  • Next, the branch manager describes debits to the account for normal dealership checks. Again, you think nothing unusual about that activity.
  • At this point, the branch manager looks confused. She squints at the computer screen and says, “It looks like a very large amount of money was EFT deposited into your account coming from the financial institution where you floor plan your vehicle inventories.” You are stunned since you recognize that the amount is about the same as which the controller had mentioned to you last week was in the floor plan offset account and for which the dealership has a note payable to you.
  • What the branch manager tells you next, sends shivers up your spine. She mentions that at approximately 5:45 p.m. that Friday, fifteen minutes before branch closing time, a single outgoing wire transfer EFT was made which reduced the account ledger balance at that time to zero. She continues that the EFT was initiated and authorized by your controller, who is a check signer. The fraudulent EFT payment order was initiated at a branch of your bank located in another state and adjacent to a major international hub airport.
  • Your last image in the nightmare is that of your controller sitting in first class, drinking champagne, on a one-way flight to some third-world country. The dealership cash and a significant part of your net worth is waiting for him at his destination, and he is about to be never seen or heard from again.

If you are thinking that this nightmare couldn’t happen to you because you require two signatures on all checks, unfortunately, your sense of security may be unjustified. Absent specific formal written security procedures established with your bank, such as a call-back procedure to you, the owner, any one signer on the bank signature card likely would be recognized by the bank as an individual authorized to issue a branch initiated EFT payment order, in any amount, up to the balance in the account. Many of you probably have informal security procedures with your local bank branch.  Bank branch initiated EFTs are not very common for dealerships, and many a conscientious branch manager would undoubtedly call a customer they knew well, if a large EFT was initiated at their branch and they happened to be aware of it. However, as the nightmare illustrated, a thief may not go to a local branch to execute the fraud.

It is likely that your bank’s standard cash account resolutions and forms support the fact that any one check signer is considered “authorized” to execute any transaction related to the account. What this means is that even if your management policy is to require two signatures on all checks, it is likely that it only takes one authorized signature for a bank to process an outgoing branch initiated EFT or a check drawn on your account. We recommend that you review your bank account forms and discuss with your bank as to how these statements apply to your accounts. If your situation is as we suspect, then these facts should be important in your overall evaluation as to the adequacy of current dealership internal controls.

Note that in the nightmare, the controller first maximized the heist by drawing down the floor plan offset account into the checking account, prior to emptying the checking account. Most dealership controllers have access to move as much as they want between the offset account and the checking account. Many dealers believe that since the funds can only move into the dealership checking account and from there two people have to act in collusion to pull a fraud, that they are fairly well protected with respect to the offset account balance being ripped off. Unfortunately, this assumption is quite likely not true. The better control is to speak to your floor plan financial institution and establish two separate offset accounts. One account would have normal transfer back and forth capability with the checking account. This offset account would have a minimal balance. The second offset account should be set up so that it cannot be transferred anywhere. In effect, this offset balance, which should represent the “mother lode” of total offset funds, should be locked down so that to access these funds, the dealer him or herself would have to visit the financial institution and resign paperwork.

So what can you do to protect your dealership? We recommend that you consider the following protections:

  • Establish commercially reasonable security agreements with your bank concerning EFT transactions (such as a call-back procedure).
  • Limit the number of check signers.
  • Perform daily bank reconciliations. (Some notification requirements to the bank of defalcations are only 24 hours or you’re totally on the hook.)
  • Sign up for bank-provided software (it’s surprisingly inexpensive) that prevents an unauthorized outsider from tapping your account with an ACH debit.
  • Sign up for positive pay capability (also surprisingly inexpensive), which is a process whereby only those checks you electronically communicate on a batch basis to the bank are paid by the bank.
  • Effectively use your available ACH password-level controls.
  • Establish the separate “locked” floor plan offset account.
  • Reconsider whether it’s worth the fraud risk to leave large amounts of excess cash in the dealership. (Keep in mind that these funds are also at risk for a potential courtimposed freeze if a serious litigation storm hits the corporation).
  • Seek out higher dishonesty insurance coverage on check signers or anyone else with cash-handling or accounting responsibilities.

Conclusion

Dealers are particularly vulnerable to EFT fraud, if reasonable protections are not in place. Our discussions with bankers indicate that EFT fraud is a current “hot topic” in their industry and that they are very interested in meeting with their customers and assisting them in considering various protections available to minimize fraud risk. Our experience is that many CPAs and bankers aren’t well-versed on the subject of EFT fraud exposure and what a dealer can do about it. We feel our firm is in a position to assist you in discussing these matters with your bank and to help you in evaluating other internal controls that can be implemented on a cost-efficient basis. For more information, or if you’d like us to assist you, please call contact Jim Eagan at 800.544.0203, extension 3257, or you can e-mail jim.eagan@plantemoran.com.