Fraud prevention starts at home for independent agencies

Insurance agencies are particularly attractive targets. They routinely handle large dollar amounts, manage premium trust accounts, issue checks, and initiate ACH and wire transfers. Fraudsters know that a single successful transaction can yield significant returns.

Independent agencies face structural challenges.

Agency size plays a major role in fraud exposure. Larger agencies typically have well-defined accounting departments, clear segregation of duties, and layered approval processes. Medium and smaller agencies, however, often rely on the agency owner or a single trusted employee to handle multiple functions such as bookkeeping, online banking, wire approvals and carrier payments.

This concentration of authority creates risk. Even the most trusted employee can fall victim to a phishing email or a convincingly spoofed wire request. From a banking perspective, the absence of dual control is one of the most common weaknesses seen in independent agencies.

Bank administration: Where control really begins

One of the most overlooked steps of fraud-prevention is proper bank administration. Banks strongly recommend that authorized account signers also serve as the head administrators for online banking platforms. This allows agency leadership to control user permissions, set transaction limits, and enforce dual authorization for high-risk activities like wire and ACH transfers.

For smaller agencies, this does not require hiring additional staff. Instead, it means assigning defined roles. One employee may initiate a transaction, while another must approve it. Wire transfers should always require two approvals, ideally from two different individuals.

Fraud prevention is a shared responsibility. Banks provide the tools, but agencies must activate and use them.

People matter more than technology.

Modern banking platforms deploy sophisticated transaction-monitoring systems that analyze behavior using geolocation, device fingerprinting and pattern recognition. Multi-factor authentication (MFA) adds another critical layer of defense, and many insurance carriers writing cyber insurance are now requiring MFA as a condition of coverage.

Yet technology alone is not enough. Banks consistently emphasize employee education as one of the most effective fraud-prevention measures. Phishing and smishing attacks rely on urgency, such as an email demanding immediate action, a text warning of an "urgent" transfer, or a message appearing to come from a trusted executive or bank representative.

The safest response is simple but often ignored: Stop and verify. A simple phone call to a known number, rather than the one provided in the message, can prevent six-figure losses.

Positive pay: A powerful but underused tool

Among the most effective bank-provided fraud tools is Positive Pay. This service allows banks to match checks and ACH transactions against a list of authorized payments submitted by the agency. Any mismatch is flagged before funds are released.

Despite its effectiveness, Positive Pay adoption remains inconsistent. Many agencies only implement it after experiencing fraud. While there is a fee, bankers stress that the monitoring and protection it provides far outweighs the cost, especially when compared to the disruption of closing and reopening compromised accounts.

In cases of significant fraud, bankers recommend that the affected account be closed entirely. For insurance agencies managing payments to multiple carriers, this can be operationally painful. As an alternative, banks may require Positive Pay on accounts that remain open after a fraud incident.

Wires, trust accounts, and premium payments

Premium trust accounts tend to have predictable transaction patterns, making them easier to monitor. Operating accounts, by contrast, involve wires, checks, ACH payments and vendor activity, creating more opportunities for fraud.
Wire fraud remains one of the most damaging threats. In one example, an independent agency lost $1 million through a fraudulent wire transfer initiated via business email compromise. Although most of the funds were eventually recovered, the process took months and caused significant disruption.

Banks strongly recommend human validation for wires. Even if a request comes through an online system, a secondary verification, such as a callback, is essential.

Lockboxes, alerts, and additional safeguards

Banks also offer tools like transaction alerts and lockbox services. Alerts notify agencies in real time of unusual activity, allowing rapid response. Lockbox services remove check processing from the agency altogether, placing it in a secure, bank-controlled environment that enforces segregation of duties and reduces internal risk.

These services are particularly valuable for agencies processing high volumes of checks or operating with lean staff.

Bringing risk management home

Independent agents understand that insurance works best when prevention and protection go hand in hand. The same principle applies internally. Strong banking controls, dual authorization, employee education, and the thoughtful use of fraud-prevention tools can significantly reduce risk.

Fraud may be inevitable, but losses are not. By applying the same discipline to their own operations that they recommend to clients, independent agents can protect their finances, their business relationships, and provide for continuity of their operations.

Patricia Smith is vice president and director of cash management services at InsurBanc, a division of Connecticut Community Bank, N.A. InsurBanc is a community-focused commercial bank specializing in products and services for independent insurance agencies.

See also:

• PC360's Agency of the Year Award scales up with Insurance Luminaries
• 2026 Trend Forecast: The insurance workforce
• 7 Trends for insurance agents & brokers in 2026