It is undeniable that financial fraud incidents throughout the community association industry have escalated. As a trusted service partner, we want board members to be aware of the threat and provide community volunteers with insights and tools to better protect the association and its members. Highlighted below are two of the most common types of fraud that management companies and associations are currently experiencing, along with steps that can be taken to help prevent a loss. 

We also encourage you to seek additional guidance on fraud and loss prevention from your insurance provider. Fraud prevention is a top priority for management companies across the country. CAMS works diligently on behalf of our clients to do everything in our power to avoid financial loss due to fraud.

Submitting an Authorized Payment to a Compromised or Spoofed Vendor

Community management companies and your vendors are becoming a targeted business class by cybercriminals because of large association balances/payments and often lightly utilized security mechanisms. Cybercriminals are infiltrating vendor networks/email, spoofing vendor email addresses, and sending payment requests to management companies and board members. These payment requests appear accurate and in alignment with typical vendor communication but include payment remittance information for the criminal. Often unrecognized as a fraudulent request with fraudulent remittance information, the management company authorizes an ACH or wire payment to the criminal’s account, only to find weeks later the vendor never received the payment. The consequences of falling victim to such an attack can be severe as recoverability of funds is unlikely, and in some circumstances, insurance coverage is insufficient, or insurers deny the claim.

At CAMS, the Accounts Payable process incorporates strong controls, including vendor verification and dual authorization. It is incumbent upon all – including board members, service providers, the community manager, and financial accounting staff -to work carefully and take the time to recognize red flags that help identify and mitigate these attacks.

At CAMS, our protocol is to send payments via check. We generally do not set up ACH payments to vendors, and we do not send wire payments. We do enroll utility payments in the utility company’s auto-draft program, where possible, to avoid late payments for bills that tend to have very short remittance windows.

If an  ACH payment to a vendor is requested, this is handled on an exception basis. Best practices are below:

1. Verify the request by phone (i.e., callback) – Always contact the vendor directly by phone to verify the payment. Use a phone number previously provided by the vendor to verify the details of the payment request, including the amount and payment instructions, such as routing and account numbers. Do not contact the vendor via email or use the phone number provided with the payment request. The vendor’s email may be compromised, and the phone number on the request may be criminal.
2. Review previous payments – Review previous successful vendor payments and confirm the routing number and account number are consistent.
3. Look for red flags - Be aware of unexpected requests, poor grammar or spelling, urgency tactics, last-minute changes, and payments to uncommon banks and/or prepaid debit card brands. When in doubt or feeling rushed or pressured, do not send the payment.
4. Secondary approval – Have a secondary person review the request, confirm the information, and examine the callback confirmation. It is critical that the secondary reviewer is skeptical, reviews the request closely, and looks for red flags.

In addition to the steps above, Vendor setups should only be done by CAMS Accounts Payable and consistent with our Vendor Certification protocol, which requires a W9 and proof of insurance from all service providers.

Check Fraud & Positive Pay

There also continues to be an increase in check fraud. Check fraud occurs with the unauthorized alteration or creation of checks, which can also lead to financial losses. This typically happens when checks are intercepted in transit to a vendor through the postal service. To combat check fraud, CAMS uses Positive Pay with Payee Match. This service helps prevent check fraud by verifying the details of each check presented for payment against a list of checks that have been issued. If any discrepancies are found, the check is flagged for further review.

While these controls may result in some instances of delayed payment, our first priority is the security of our client’s funds.

Disclaimer: Despite our best efforts, it is not within the manager’s control to fully guarantee against fraud. Securing the association against fraud requires all stakeholders to be actively engaged.

About Community Association Management Services

In business since 1991, CAMS has grown to become North and South Carolina’s premier community management company. With experienced local managers in each of its nine regions, CAMS provides innovative solutions to the community associations it serves. To learn more, visit www.camsmgt.com/choose-cams.