Law Firm Gets Scammed – Here’s How It Happened. . .
Note: My friend J.R. Phelps, Director of The Florida Bar’s Law Office Management Assistance Service (where I used to work as a Practice Management Advisor) shared the following heads-up with me & gave permission to post to the Blog to warn my readers:
Last Friday, I received a telephone call from a bookkeeper for a law firm that had just been scammed by the IRS (or so they thought.) Here is how it worked…
The bookkeeper received a call from the IRS stating that the month end payroll tax had not been received . The caller insinuated that unless the IRS could track the payment electronically from her bank account – today- there would be a significant tax penalty assessed. They then asked her for the account number of the firm’s checking account, the bank’s routing number, and the amount of her payroll tax payment so IRS could track her check.
Of course, it seemed logical to her that IRS would need that information to trace a payment from her bank. Hearing nothing further from the IRS she thought all was okay until she received the following month’s bank statement. She could not balance the firm’s bank account and began looking for a reason why. She then noticed an amount equal to her payroll tax paid to a business she did not know with the notation TIL (Telephone Initiated Entry). AND her payroll tax check to IRS cleared. The firm, it seems, had been scammed.
Making A Payment By Phone With A Check Is NOT The Same Thing As Paying By Credit Card
A key difference between checks and electronic payments is that when funds are electronically debited though the ACH (Automated Clearing House) network the transaction is initiated by the business that is going to receive the funds, not by the person paying the bill. As an example, if you pay your electric bill automatically, each month the electric company, not you, instructs the bank to have money withdrawn from your account and deposited into its account.
The bogus IRS agent utilized a type of electronic payment called a "Telephone Initiated Entry," which the ACH network accepts. This is different than paying for something over the phone with a credit card, because you provide your banking account information off the bottom of your check. However, unlike other types of ACH transactions, no written approval is required and the potential for fraud is greatly increased.
The company initiating a telephone transfer through the ACH network is required to use "commercially reasonable procedures" to verify the identify of a customer. Businesses are only required to record your verbal authorization or hold off making the transfer until they send you written confirmation that you verbally authorized it. They seldom use written confirmations they just record your phone authorization. In this case the scammer recorded enough of the bookeeper’s conversation to make it seem she authorized the deduction.
SO…how do you protect your firm from this type of activity.
It is up to you to object to a questionable ACH withdrawal on your account. Your bank has NOTHING to do with authorizing these payment and has no way of knowing whether they are legitimate or not, until you complain.
You have 60 days from the time your bank statement is sent to you to contest an ACH debit on your account. Moreover, your bank is not liable for fraudulent ACH activity. Here again, ACH payments are different from other account activity.
Typically your bank is responsible for obtaining proper authorization to access your account – your ID if you visit your bank in person or your signature on a check. But ACH entries are different. By law, it is the merchant’s bank which originates the payment, and not your bank, that bears the final responsibility for any fraudulent entries.
By law you cannot be responsible fraudulent charges IF you report them in time. Your best defense is to review your bank statements regularly, and to protect your checking account information and checkbook as carefully as you protect your credit cards. Even if you have never paid a bill by phone or through automatic deduction, your bank account is vulnerable. Forewarned is forearmed.
The Smell Test
RJon here again…everyone whose attended one of my Trust Account Management programs knows what I mean by "The Smell Test" & knows exactly what steps to take with your trust account to catch this kind of fraudulent activity.
The same simple system & steps will protect your operating account too. If you haven’t attended one of my trust account management programs, they are actually kind of fun & show you how to use your trust account as a profitable business management tool to boost your income, cut down on billing problems & virtually eliminate your a/r headaches.
We turned that live program into a fun & easy Powerpoint presentation that takes about an hour. Working title (still in editing for the audio) is A Simple System For Managing Your Trust Account That Won’t Make You Feel Like A Schmuck
If you want to be notified when the program is available, send me an e-mail.