Nonprofit Accounting Basics

Preventing Nonprofit Banking Fraud!

Note: Articles published before January 1, 2017 may be out of date. We are in the process of updating this content.


When it comes to banking, there are many types of fraud schemes out there, and new types being engineered every single day. Fraudsters typically test their schemes with small amounts to see if the transactions go through unnoticed, and then gradually increase to the big paydays. Fraud is happening both externally via hackers and vendors, and internally by employees who are improperly scanning checks for payment.

Some specific examples of the types of fraud occurring from a banker’s perspective, as well as some real solutions you can implement to protect your organization follow. Finally, there are best practices and preventive measures your organization can implement to reduce financial fraud to your organization. Here are a few examples and recommendations:

Problem: Check fraud.

Through remote deposit capture or mobile phone deposit technology, check fraud involves individuals double debiting. For example, an organization issues a check to an individual and the individual deposits the check through a scanner or smartphone. The individual then quickly takes it to another bank to cash it. Both transactions flow through the check clearing process, which could result in the account being debited twice. This could go undiscovered until the account is reconciled. Another way is for the fraudsters to get access to your money is to create counterfeit checks through stealing your check stock or obtaining a legitimate check and copying it.

Solution: Check Positive Pay.

An anti-fraud service offered by banks to help protect businesses against altered checks and counterfeit check fraud. The system matches the account number, check number, and dollar amount of each check presented for payment against an Issued File(s) submitted by the business. Any mismatches with the three components will create an “exception item” that will enable the business owner and clients to make a decision to pay or return the check.

Problem: ACH fraud.

The fraudster targets nonprofit organization accounts in search of bigger payouts. Fraudsters will steal online banking credentials by hacking computer networks and installing key logging software or malware. Once the thief has the right credentials, they can access the organization's accounts and send out wires or ACH’s to another country and into their own bank accounts.

Solution: ACH Positive Pay.

Designed to protect business-client accounts from unauthorized electronic charges. Two methods of protecting your organization are detailed below.

Solution: ACH Blocking.

All ACH debit transactions are blocked and clients make daily pay or no-pay decisions for each item.

Solution: ACH Filtering.

Automatic payment of ACH transactions is based on pre-established organization ID’s, Standard Entry Class, or dollar amounts. The client makes a decision to return or pay any exception items.

These are just several examples of the types of financial fraud that can negatively impact your organization. Here are some other administrative controls you can implement into your organization:

1. Educate your employees. A strong security program paired with employee education about the warning signs and safe practices you can implement to lessen the risk of fraud.

2. Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.

3. Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes, and batch limits to help protect you from fraud.

4. Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity, and remove any systems that may have been compromised. Keep records of what happened.

5. Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your organization. It is critical you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.

You can also visit the following websites to learn more about how to protect your nonprofit organization:

• Nonprofit Accounting Basics:

• Federal Communications Commission: Small Biz Cyber Planner:

• Federal Communications Commission: 10 Cybersecurity Strategies for Small Business

• Better Business Bureau: Data Security Made Simpler: • NACHA—The Electronic Payments Association: