Skip to main content

Don’t Let Your IOTA Account Fall Victim to Fraud

By Owen LaFave, Pinellas County Market President, and Tim Mann, St. Petersburg Market Director, at The Bank of Tampa

Thinking “it won’t happen to me” can leave your Trust and IOTA account susceptible to fraud.

The two most prevalent forms of fraud we see are the following:

  • Check fraud – counterfeit and/or “washed” checks, and

(2)  Wire fraud – primarily due to email takeover of your client’s account. This occurs when a perpetrator fraudster sends an email that looks as if it’s from your client with instructions to wire their funds directly to a bank account.

It is important to understand the full scope of the recent rise in fraud, how fraud can impact your firm and just how involved the steps in correcting fraud can be for any business, much less a firm.

Check Fraud:

  • If fraud is discovered, the bank will place the account on “restricted status.” This means from that point forward, no checks will be cashed from the account without verbal approval from the account holder. Depending on the activity in the account, this could mean every day you will be speaking with the bank to confirm the checks being presented on the account are legitimate.
  • The firm will be required to complete a fraud affidavit with its bank detailing how and when the fraud occurred and was recognized.
  • The bank will often require a police report to be filed as part of its investigation.
  • While every bank’s process is different, the first mitigating step when check fraud is reported is usually contacting the Federal Reserve, if the item is reported within 24 hours of posting to the client’s account.
  • If the Federal Reserve declines the return request, the information will then be sent to the financial institution where the check/wire was cashed or deposited. This can take 30 days or longer for it to respond, and it is not unusual for this entire process to take 90 days or more.
  • Once fraud has occurred on an account, most financial institutions will require the account be closed and a new account opened or, the account will be required to have a fraud protection procedure such as Positive Pay added to the account. At this point, the daily confirmation of legitimate checks will end.

Wire Fraud:

  • Wire transfers are a convenient way to send funds to a third party; however, once a wire is sent, it is difficult (and often impossible) to recall, even if deemed fraudulent. When a wire is determined to be fraudulent, the sending financial institution will send a service message to the receiving bank to request the funds be returned and alert of possible fraud. However, the response times vary depending on the financial institution but can take several days, and the receiving bank may not return funds if the account is already depleted. If it was the firm’s error in sending the wire to a fraudster (e.g., due to account takeover), it will be liable for the loss.


Regardless of the type of fraud, the firm may have to put its own funds into the IOTA account to cover the amount stolen during this time to ensure there are sufficient funds to disburse. Additionally, under the Florida Bar’s IOTA rules, the lawyer must notify the bar’s Lawyer Regulation Department immediately of the shortage in the lawyer’s trust account, the cause of the shortage, and the amount of the replenishment of the trust account by the lawyer.

How can you avoid fraud in your accounts? Fortunately, there are actions you can take to protect your firm and your clients from fraud attempts. While there is no “silver bullet” to protect against every type of fraudulent activity, The Bank of Tampa encourages businesses of all sizes to implement protocols and verification processes aimed at discovering fraud attempts early and stopping them before they occur.

  • To combat check fraud, consider enrolling in Positive Pay and ACH Blocks and Filtering type services. These are automated fraud detection tools that match incoming payments with a list of items previously authorized and issued by the firm. In addition, make sure your trust account checks have built-in security features such as a watermark and/or security strip.
  • To limit ACH and wire fraud, The Bank of Tampa suggests processing all ACH and wire transactions on a secure, encrypted computer under dual control. When sending a wire transfer, never rely solely upon email instructions. Verbal confirmation from your client should be required. Be wary of changes to wire instructions. While the recipient may have legitimate reasons for altering instructions, changes should be considered a red flag and independently verified with the recipient.
  • Limiting the dollar amount of daily transactions and singular transaction amounts is an effective way to reduce electronic payment fraud, as it limits access to funds.

Being vigilant and using security best practices can save a business thousands of dollars, hours of worry, and reputational damage with your clients and vendors. If you believe your business has been a victim of fraud, notify your financial institution and local law enforcement immediately. The Bank of Tampa fraud team would be happy to discuss the best fraud prevention practices with you. Please contact us at and, and we would be happy to connect you with our team of security experts.

About the Authors

Owen LaFave serves as Pinellas County Market President at The Bank of Tampa. Owen has more than 20 years of experience in banking, all of which has been spent in the Tampa Bay area. He is a graduate of the University of South Florida and holds a Bachelor of Arts in business finance.

Tim Mann serves as St. Petersburg Market Director at The Bank of Tampa. Tim is a Tampa Bay native and has more than 30 years of banking experience. He is a graduate of the University of South Florida and holds an MBA in finance and marketing and a Bachelor of Science in business management from Sterling College.

The Bank of Tampa I Member FDIC