May 07, 2018
Payment fraud just reached a record high. Make sure you have the right controls in place.
Checks were the most reported type of payment fraud at 74%, followed by wire transfers (48%) and corporate cards (30%). The most frequent fraud scam was business email compromise (BEC), with 77% of companies experiencing a BEC attack in 2017.
Fortunately, you can put controls in place to potentially prevent or catch and stop fraud. Here are some things to do now to better defend your organization against fraud:
Control for check fraud.Checks are the most prevalent and well-known type of payment – for businesses and fraudsters. To combat check fraud, many companies use positive pay, which is technology used to vet checks presented for payment against the check amounts and numbers issued by the organization. Payee positive pay takes verification a step further to monitor for forged payee names as well.
Other available methods include segregating accounts, establishing internal controls like daily reconciliation and adding physical features to checks like VOID-if-scanned, dual-tone true watermark and microprint.
Defend against email phishing schemes.The most-reported fraud scheme in 2018 was business email compromise (BEC), which is a type of email phishing scheme. Wire transfers are often the target of BEC scams.
In a BEC scam, the fraudster tricks an employee into wiring money to an account the fraudster controls. They usually pull this off by doing research online to identify an internal staff member that typically requests wire transfers. They then set up a counterfeit email address that closely resembles the company address. From that email, they’ll send urgent instructions to an employee, like the CFO has asked for this transfer to be made by the end of the day. Feeling the pressure, the employee may complete the transaction – not realizing the person was not who they said they were, and the money has been sent to the wrong account.
Fortunately, there are internal processes you can set up to limit BEC scams’ effectiveness:
- Educate employees to be more aware of warning signs.
- Train employees on authentication processes for approving transfer requests.
- Never authorize or initiate wire transfers through email alone. Add additional approval steps, including over the phone.
- Verify changes to vendors’ payment location with two-factor authentication.
Promote best practices for corporate card usage.Corporate cards are a convenient tool for many businesses and their employees who are on the go. But fraud can happen with a corporate card as well. Emphasize that employees treat their card as carefully as they would their own credit or debit card and establish best practices for safe use.
Sign up for ACH.Of course, ACH transactions are not fraud-proof, but they also aren’t among the most targeted types. ACH files go directly from the organization to the bank, making them less vulnerable to forgery. Many organizations perform daily reconciliation to further secure ACH transactions. ACH transfers have the added benefit of moving more quickly and making funds available sooner.
Unfortunately, fraud prevention has become a much bigger challenge for organizations in recent years. As fraud attempts reach record highs, organizations should be looking at their own payment security to assess weak areas. Fortunately, it’s possible to reduce risk when you start to understand where those vulnerabilities are and how to address them. Ask your banker what security features might be available for your organization and its payment types.