Payment Fraud: Spot It and Stop It
Payment fraud is a serious problem for businesses. In the Association of Financial Professionals (AFP) 2023 survey report, 65% of respondents reported their organizations were victims.1 There were various payment instruments used to carry out the thefts. Check writing accounted for 63% of business fraud, followed by corporate commercial cards (36%), wire transfers (31%), and ACH debits/credits (30%).2
What are the most common types of payment fraud?
The damages payment fraud causes businesses is great and costs are staggering. In addition to common payment methods used to commit fraud, scammers also have preferred modes of attack.
Outside Individuals
Whether forging checks or stealing credit card data, individuals outside the organization perpetrate the most fraud. These criminals committed 54% of the fraud against businesses last year – an increase of three percent from the year before. The most highly targeted organizations were those with less than $1 billion in revenue (58%).3
How to prevent hacking:
Protecting your systems, software and devices is part of a larger cybersecurity plan. It is also critical to payment fraud prevention. Be sure to timely apply patches and other updates, as well as monitoring networks for irregularities. Hijacking company communications is another way fraudsters gain access to sensitive data. Encryption protects the data. Multi-factor authentication and password managers make it harder to access corporate email and other accounts.Business Email Compromise (BEC)
In this communication-based scam, criminals will either forge an email header to impersonate a legitimate source (74%), lead users to a lookalike, fake domain (57%), or access a compromised account to send fraudulent requests (54%).4 These emails may also have attachments or links to fake payment sites. BEC isn’t as popular as a few years ago, but the percentage of companies that experienced it last year rose three percent to 71%. Businesses with more than 100 payment accounts and annual revenue of at least $1 billion are more often targeted (63%), but all organizations are at risk.5
How to prevent BEC:
The first defense in any scheme is to understand the scenarios and tricks fraudsters use to gain access to your company’s email accounts. Train staff to identify and respond to scams, and to use strong passwords for every account they use. Also, secure accounts and devices with multi-factor authentication. Maintaining an overall solid cybersecurity posture is also important, as it protects systems and software and often includes safeguards against BEC.Vendor Impersonation
Thirty-seven percent of fraudsters pretended to be vendors, submitting fake invoices to trick companies into making illegitimate payments. Organizations with fewer than 26 payment accounts and annual revenue of at least $1 billion (49%) were the intended victims of these scams.6
Recent research reveals that invoice fraud costs businesses an average of $280,000 annually.7 Direct consequences include financial loss and reduced working capital that can inhibit company growth. Indirect costs might be loss of reputation, legal or regulatory actions, and disrupted operations.
How to prevent invoice fraud:
An automated solution works quickly and flags anomalies for investigation. Double-check vendor and invoice details, like whether you have a matching purchase order. Confirm payment details with known contacts at the vendor if something seems suspicious. Internal protocols like segregation of duties, regular audits and tiered approvals can also improve oversight.Account Takeover
This is a type of identity fraud in which criminals add their own information to a customer’s account. For example, a fraudster might hack into an account and change the address or email address or add his or her name to the account as an authorized user. The fraudster then hijacks the account. They may also insert spyware or malicious code. Twenty percent of business fraud – an increase of four percent – was attributed to account takeover, which is most often aimed at businesses with more than $1 billion in annual revenue and more than 100 payment accounts.8
How to prevent account takeover:
Limiting access to data, software and systems, via authorization and authentication, is the best way to prevent account takeover. Share sensitive information with only necessary staff and programs. Implement password management software to ensure employees and customers use strong passwords. It’s also important to establish baselines to understand and monitor account behaviors. With this knowledge you’ll be able to detect suspicious activity and prevent attacks.
Carrying out these destructive payment fraud schemes takes significant time, effort, and mental effort. Criminals are tenacious, and their end-goal is always financial. Businesses must stay one step ahead with timely, effective payment fraud prevention strategies.
Payment fraud detection is a critical tool to prevent risk.
Businesses need a fraud risk management solution that balances tolerance with positive customer experiences and operational efficiency. For low-cost transactions, companies and banks might have a relatively high risk tolerance but, for more expensive purchases, they usually require a higher level of assurance that the payment isn’t fraudulent.
Fraudsters won’t stop trying to steal from businesses. But vigilance and smart investments can help. These are four important steps to take to effectively protect your systems and data.
Perform a fraud risk assessment.
Examine what tools and processes you currently have and how effective they are against known risks. Ensure systems and software are up to date. Then understand emerging risks and what you need to protect against them.
Most AFP professionals realize the importance of fraud review. Sixty-one percent analyze their processes, whether internally (36%) or externally (25%). Organizations with less than $1 billion in revenue are more likely to perform fraud reviews internally, while those with at least $1 billion ask for assistance from their banks. Most internal reviews are performed by Treasury (56%), Risk Management (42%), Accounts Payable (37%) and IT departments (35%).
While 27% of respondents don’t currently review their fraud processes, 12% plan to within the next year.9Conduct a beneficiary validation.
Just over half of AFP survey respondents (53%) verbally confirm who will receive payments prior to processing. The remaining 38% either delegate this task to their banking partner (17%), use as external vendor (16%) or use some other means (5%). As important as beneficiary validation is to mitigating payment fraud, some businesses don’t take steps to do so (9%).10Invest in technology.
Artificial intelligence and machine learning are powerful tools in payment fraud detection. These solutions cull massive amounts of historical data for usage, payment and other patterns, creating dynamic rules for guidance. Such rules also detect new threats.Ask for help.
Seventy-nine percent of respondents to the AFP survey, look to their banking partners for assistance with payment fraud prevention.11 Financial institutions manage billions of dollars in consumer and business capital, and they are bound by industry and government regulations. Companies should put this expertise to use.
For more information on how Synovus can help your business with fraud risk management, complete a short form and a Synovus Treasury & Payment Solutions Consultant will contact you with more details. You can also stop by one of our local branches.
-
Business Problems CEOs Will Face in 2024
Will the 2024 business outlook be a repeat of last year’s? These are the seven problems that CEOs are tackling.
-
Maintaining Positive Cash Flow with Digital Payments
Automated accounts receivable and accounts payable simplifies processing, enhances reporting and helps maintain positive cash flow.
Important disclosure information
This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.
- Association for Financial Professionals, “2023 AFP Payments Fraud and Control Survey,” 2023 Back
- ibid Back
- ibid Back
- Ibid Back
- Ibid Back
- Ibid Back
- PYMNTS, “Incoming Payments Fraud Costs Companies Millions Every Year,” January 18, 2023 Back
- Association for Financial Professionals, “2023 AFP Payments Fraud and Control Survey,” 2023 Back
- Ibid Back
- Ibid Back
- Ibid Back