12 Tips To Keep Your Church’s Finances Secure

BY JEFF HEINAMAN, EASTERN PA DISTRICT TEAM

“Ten thousand dollars just disappeared from the church accounts!?”

Just last month that kind of headache happened to one of our EPD churches when multiple fraudulent checks and electronic transactions passed. Thankfully, PNC Bank detected the first attempt, and their notification was acted on quickly, and a fraud lock prevented the loss of tens of thousands of dollars!

Take this as a reminder that financial and online security is no joke.

Churches are often targeted because criminals know that many churches rely on part-time employees and volunteers who don't have time to watch things daily.

Ask yourself: “How long would it be before someone noticed bank fraud in our church?”

Make your church a harder target with these 12 tips:

  1. Don't use the same password for multiple accounts, especially with financial or email accounts as they can be used to request password resets.

  2. Never write down passwords or keep them in spreadsheets on a shared computer.

  3. Use a password manager to remember multiple strong passwords. Check out Bitwarden, Lastpass, or 1Password in this review.

  4. Turn on multi-factor authentication to send code numbers to your phone when logging in.

  5. If you receive a fraud alert notification, follow up immediately! But, call your bank directly from a number you trust (like the one printed on the back of your card) rather than the number or link in the notification since it might be a phishing attempt to gain access to your accounts.

  6. If you receive notifications of attempted logins that you don't recognize, change your password immediately (again, don't use the link in the email). If you can't access your account, notify the organization of a potential hack.

  7. If you see microdeposits in your bank account (those two little deposits of less than a dollar used to validate accounts for future electronic transactions), notify your bank of potential fraud.

  8. Don't attach copies of void checks or include social security numbers or other ID numbers in emails (and protect copies of donor checks!) If you must send those details, upload them into a Google drive, OneDrive folder, or Dropbox and email the link. Then, after receiving, delete the files and folders so anyone who finds the link will not have access to your information.

  9. Run background checks on everyone who has access to your church finances and data. Sadly, theft of church property does not always come from outside the walls.

  10. Change passwords immediately if you receive a password or a user ID in an email.

  11. Keep current with software and firmware updates and patches.

  12. Log off and turn off computers when not in use.

If you have any questions, please don’t hesitate to reach out to me.