Graham immediately called her bank, the retailer through which the orders had been placed -- and the police. The payoff for her quick work: Almost all the charges could be voided before the transactions were completed. (The thieves were able to keep the game tickets.)

But the problem wasn't solved. A few months later the company's accounts were found to have been compromised again -- this time when the bank noticed several transactions originating from outside the U.S. Again, most of those charges were rescinded because they were caught early. At the recommendation of her bank, Graham changed the company's bank accounts, and re-set all computers. That meant re-installing the software and requiring employees to change their passwords, according to Graham. "You have to remain diligent," she says.

Unfortunately, Graham's experience isn't unusual. And, in fact, since in most such cases there isn't such early detection, the impact usually is more severe. More than half --- 56% --- of small- to medium-sized businesses experienced fraud in the last year, according to ., a Los Altos, Calif.-based provider of online banking security products, and Traverse City, Mich.-based , a firm that conducts research on data protection, among other services. More than 60% were victimized more than once. These figures are nearly unchanged from the 2010 Study.

What's more, in late April the Federal Bureau of Investigation, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center issued . "Between March 2010 and April 2011, the FBI identified 20 incidents in which the online banking credentials of small-to-medium sized U.S. businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies," the alert read. As of April, victim losses totaled $11 million.