I thought explaining a lockbox would be helpful for other members. <wt-ignore uuid="0d40f7a7-7cbd-467b-b981-2d2dd968e025" source="wt-feature-result">Lockbox</wt-ignore> services provide a PO box for customers to use for mailing checks and other forms of payment. With lockbox <wt-ignore uuid="b06f6b14-d397-497f-aa36-2326260ffd71" source="wt-feature-result">services, customer payments are directed to a specific post office box instead of <wt-ignore uuid="d6b83a6b-a742-4910-8b2e-9f2849f74bf1" source="wt-feature-result">being sent</wt-ignore> to the company. <wt-ignore uuid="30975ae4-19c5-45df-86b7-f844ab9c1153" source="wt-feature-result">Payments from the box are retrieved, processed, and deposited directly into the company's bank account.</wt-ignore> <wt-ignore uuid="1a6b5125-4fa3-43cc-85f4-855b4ec76a0d" source="wt-feature-result">The shift to direct digital payments means many people aren't using paper checks and money orders anymore. Still, lockbox services are used by many companies. </wt-ignore></wt-ignore>
While we don't have a specific assessment for Lockbox services, there are some specific risks to consider, especially regarding the actual payment processing.
Lockbox services vary, but fraud and error are the primary concerns if they also provide processing. Lockboxes still require tedious manual processing, and because of this, high employee turnover or outsourcing of the function is typical. That means there is a higher chance of human error if the processors are less experienced.
Fraud is a significant concern. <wt-ignore uuid="71cd6925-f5ae-4261-84bf-5b0441daddca" source="wt-feature-result">All the necessary components to counterfeit a check can be obtained from a lockbox payment.</wt-ignore> <wt-ignore uuid="67249219-59c9-4009-89df-60df7097903a" source="wt-feature-result">Because of the high volume of lockbox payments, slipping a fraudulent check among the legitimate ones becomes relatively easy.</wt-ignore> <wt-ignore uuid="821de9d1-d93d-4216-9661-bf7c2a0667b5" source="wt-feature-result">Poorly designed processes and staff with less experience can be exploited by bad actors.</wt-ignore>
In light of these issues, your risk assessment should consider the following:
· Physical and information security
· Background checks for employees
· Employee training
· Frequency and type of audits done on processed payments
· Separation of duties between personnel processing payments and those auditing the process
While that is not an exhaustive list of considerations, I hope it is helpful. And would love to have other members weigh in.
Original Message:
Sent: 06-05-2023 08:58 AM
From: Anonymous Member
Subject: LockBox
This message was posted by a user wishing to remain anonymous
Is anyone willing or able to share their lockbox risk assessment template?