How You Can Safeguard Your Community Association’s Finances against Fraud

How You Can Safeguard Your Community Association’s Finances against Fraud

By Lisa Elkan / Published April 2023

Photo by

Payment fraud is nothing new. Even in the Stone Age, someone likely tried to pass off a cheap stone ax for a nicer one. Fraudsters evolve as quickly as advances in payment methods and technologies, but new fraud-prevention tools can help protect your community association against deception and theft. 

     The dollar amounts of fraud are eye watering. In 2021 internet fraud resulted in losses of $6.9 billion, according to the FBI’s Internet Cyber Crime Center Report at In Florida alone losses of nearly $193 million, according to, were attributed to business email compromises (BEC) or email account compromises (EAC). 

     As much as those statistics boggle the mind, the numbers become very real when considering your community association’s finances. A LexisNexis study at found that fraud costs $4 for every $1 affected.

     While some associations still choose to pay vendors by check, electronic payment methods are becoming the industry standard, and the share of ACH debits affected by fraudulent activity increased accordingly, from 33 percent in 2019 to 37 percent in 2021. Phishing scams and BEC can compromise the processes leading up to payment initiation. Thefts may involve anything from malware to elaborate fraudulent emails and websites. 

     On the other hand, check fraud typically involves counterfeiting, rerouting of checks, or physical alteration known as check washing. While check fraud had been on the decline—primarily due to people moving from using physical checks to electronic payments—it increased by 84 percent in 2022 according to this CNBC report at, says the Financial Crimes Enforcement Network, a unit of the U.S. Treasury Department. According to the American Banking Association (ABA) as quoted in the aforementioned CNBC report, this rise is partly due to social media channels, specifically Telegram, that allow users to hide their identities and encrypt messages. Telegram enables fraudsters to operate a robust network connecting check thieves with so-called “walkers,” who deposit altered checks into bank accounts in exchange for a fee.

     Tackling these two key types of fraud requires a two-pronged approach encompassing electronic and physical security. To safeguard your payment processes, you may wish to consider implementing these best practices as follows:

Train management and employees about fraud methods, including BECs. 

     Knowledge is power. It’s essential to scrutinize each payment, especially new vendor payment requests or any unusual request from a board member. Take care to access financial systems only from secured connections, avoiding home networks or unsecured networks at locations like hotels, airports, or other public places. Also, confirm that email addresses are correct as fraudsters sometimes change minor details, such as vs. You can strengthen your defenses by calling the vendor, board member, or colleague to confirm the information before submitting a payment. 

Modernize your business tools and practices. 

     Many community management companies have been using the same tried-and-true tools for years. Indeed, that software and methodology may work just fine when it comes to accurate calculations. Often, though, it may not offer safeguards such as direct integration with your bank accounts to make fraud protection more accessible and more powerful. 

Document appropriate processes and approval steps, and make sure your team uses them. 

     You’ll want to make it a habit to remain vigilant and build policy into your company’s everyday operations. The faster you identify fraudulent activity, the greater the chance of minimizing losses. And, of course, encourage well-known practices like using strong passwords, never reusing passwords on different accounts, and not sharing passwords, especially when asked over email or text. Developing a wire transfer policy that documents your established processes and corresponds with your bank’s products and services is also wise. Periodically review these procedures with all parties involved. 

Consider cyber insurance. 

     One customer recently experienced a system compromise in which scammers locked the company out of its data and demanded a $1 million ransom. Fortunately, the large company had insurance coverage and significant profits. A smaller, less prepared company might have had to close its doors under the pressure. Cyber insurance for your company—and your client associations—can mitigate your risk. 

Stay vigilant with recordkeeping. 

     Successful organizations immediately inspect financial statements against internal records to ensure payments are ones you’ve authorized and review checks for duplicate check numbers. Auto-reconciliation tools can simplify the process of validating entries. You may wish to ask your banking representative if they offer auto-reconciliation.

Adopt secure payment and deposit methods. 

     For example you can make it a policy to pay vendors with ACH credits rather than allowing ACH debits from your account. Using a single, dedicated computer for critical online banking functions can reduce the risk of corruption introduced through BEC or other non-secure sources. If a vendor changes their mailing address or account-to-credit information, call and speak to someone who can confirm the changes are accurate. To guard against physical theft, it’s wise to deposit outgoing paper checks directly in a secure mailbox before the day’s mail pickup rather than leave them in an outgoing mail basket where they might be stolen.

Take advantage of your bank’s resources. 

     Today, a wide variety of sophisticated digital treasury management solutions are available to optimize your company’s efficiency while helping to prevent fraud. These services are more accessible and affordable than ever for small and mid-size businesses. Key offerings include the following: 

  • A/P automation allows companies to pay vendors with easy digital payments, eliminating paper checks and associated check fraud.
  • ACH Debit Block automatically returns ACH debit requests to the originating bank to ensure they do not post to your account.
  • ACH Positive Pay allows you to set up payment rules by account, defining them by vendor ID and amount. You can automate the process or review exceptions and approve or deny them.
  • Check Positive Pay compares each check to your records and denies payments that do not match. By integrating reconciliation activities, you can stay on top of your activity daily.
  • API integrations enable companies to connect their internal enterprise resource planning (ERP) platform to the bank through APIs to create even more seamless workflows.

     If you’re interested in learning more about how a knowledgeable banker can help you safeguard your payment transactions, contact an Alliance Association Bank at relationship officer today.

Lisa Elkan, EBP®

Vice President, South Florida Region for Alliance Association Bank

     Lisa Elkan, EBP®, is the vice president, South Florida Region for Alliance Association Bank, a division of Western Alliance Bank, Member FDIC. With her diverse background in banking, she offers the insight and industry experience Alliance Association Bank customers rely on for their deposit and lending needs.
     Alliance Association Bank, a division of Western Alliance Bank, Member FDIC, delivers a tailored suite of deposit, financing, and technology solutions designed for community management companies and homeowner associations nationwide. Our relationship officers provide a broad spectrum of innovative and customized solutions to help community associations succeed, all with a high level of expertise and responsiveness. Alliance Association Bank is part of Western Alliance Bancorporation, which has more than $65 billion in assets and ranked #1 among top-performing large banks in 2021 by both American Banker and Bank Director. For more information, visit Alliance Association Bank at