By CLAY HOLTZMAN
Puget Sound Business Journal

SEATTLE - For Susan Brown, president and CEO of Seattle-based Kids Co., constant vigilance over her nonprofit organization's finances wasn't enough to stop it from becoming a victim of electronic theft.

One Monday in September, Brown's staff noticed that $25,000 had been transferred from the organization's savings account into its checking account, which already contained $5,000. Although an employee alerted the bank, it was too slow to react, and the money was transferred - in a transaction disguised to look like a payroll payment - to a Florida bank and immediately withdrawn.

The Seattle Police Department is still investigating the case, but to date no one has been charged in the crime. The theft is a textbook example of how tech-savvy thieves are seizing on the growing business trend of making online payments to commit fraud.

"These people are very smart," said Brown, who co-founded Kids Co. 20 years ago to provide child-care services. "The problem is, these people are probably four or five steps ahead of everyone else in the world."

As more organizations use the nationwide fund-transfer network known as the automated clearing house (ACH) system to make payments, the number of electronic-fraud cases is increasing. Ignorant of the risks posed by tech-savvy criminals, many companies wrongly assume that their bank provides adequate safeguards. And when a theft does occur, victims often have a difficult time recouping their losses, as most fraud-protection laws are focused on protecting consumers rather than businesses.

While fraud takes many shapes, stealing legitimate payments or disguising an unauthorized transaction to make it appear legitimate are increasingly popular ways to target companies and nonprofits. Today, one-third of all instances of payment fraud occur via ACH transactions, according to the Association of Financial Professionals.

Additionally, the recession is driving up the instances of fraud as financially pinched workers use insider knowledge to steal, and layoffs reduce internal monitoring of company finances, according to a 2009 member survey by the Association of Certified Fraud Examiners.

Fraud is a massive problem. In 2008, total losses from fraud in the U.S. were nearly $1 trillion, according to a membership survey conducted by the fraud examiners' association. The survey found that on average, companies lost 7 percent of their revenues to fraud and that the median loss was $175,000. More than one-quarter of all fraud-related crimes resulted in losses of more than $1 million.

It's fortunate for Brown that she did take some protective steps.

Kids Co. employees were in the habit of checking account balances daily, and the nonprofit had a limit on how much could be transferred out of its accounts. Because of staff members' quick response, they prevented a second theft from being executed.

But the bad news is that she is still trying to recover the stolen $25,000.

"Clearly, we have a responsibility to get that money back so we can continue to serve the children and families we serve," she said. "I didn't start this organization so people can steal from us."

Compounding the damage caused by ACH fraud, many organizations discover that unless they pay for specialized protection services, there isn't a guarantee that their bank will recoup or replace the losses.

"There is a huge difference between consumer laws and business laws," said Mike Thomas, senior treasury adviser with KeyBank. "We have no obligation to make the (business) client whole."

Who is responsible depends upon case-to-case circumstances, experts say. Organizations that do not ward against ACH fraud could be left empty-handed.

Thomas says criminals need only an organization's individual routing number and an account number to initiate a bogus transaction. "ACH does not require prior approval" to make a withdrawal, Thomas said.

He advises clients to monitor their accounts daily and act quickly if they suspect a theft. Account holders should also set controls such as transfer and payment limits, which can at least limit losses. For all organizations, it is essential to understand how trends can be abused.

"The days of (forging) a check, those days are dying. Now with technology, all I need is the bottom of your check and I can be invisible and make that debit," Thomas said.

Brown said Kids Co. has since switched banks to one with more robust fraud-protection services, and all electronic transactions are now made on one computer that is unplugged from the Internet when not in use.

Her advice to others is to get educated about how criminals operate.

"It is not as safe as some would like you to believe," Brown said. "We all need to learn how to pay better attention."