The recent release of the 2019 AFP Payments Fraud Survey revealed that payments fraud reached a new high in 2018, with 82% of companies reporting they were targets. The survey found that last year alone, 80% of organizations experienced Business Email Compromise (BEC), with 54% reporting financial loss as a result. Additionally, 70% of BEC scams targeted checks, followed by wire transfers at 43%. Organizations that experienced check fraud totaled 70%, a slight decrease from 2017, and 64% of payments fraud resulted from actions of an individual outside the organization.
As AFP CEO Jim Kaitz noted just one year ago, “It is alarming that the rate of payments fraud has reached a record high despite repeated warnings.” These new 2019 results are a call to action for companies to take preventative measures that include education, and implementing products and enhanced procedures to protect against these risks.
Payments Fraud Trends
Not only has the percent of organizations experiencing payments fraud increased over the last year, the increase marks a distressing trend. Between 2011 and 2013, the industry was making progress bringing down fraud (Figure 1), but incidents have consistently increased since then.
While checks continue to be the most frequent target of payment fraud attempts, ACH debits overtook commercial cards (Figure 2) in 2018. While payment fraud attacks against cards continues to go up and down with no consistent downward decrease yet (Figure 3), fraudsters are targeting more ways to move money, with BEC effected most by wire transfers and ACH credits (Figure 4).
Payments fraud unfortunately appears to be the “new normal.” There are few signs activity is declining, but rather, has increased steadily since 2013, and reached a new height in 2018. Businesses are aware of this threatening shift in the payment landscape and need to be implementing education and fraud control tools. So, what can your business do to reduce payment fraud activity?
In the general sense, businesses may consider the following actions:
- Avoid free web-based email systems to transact business.
- Run background checks and credit checks on all new employees who have access to your finances and continue to reinforce via training not to share online credentials.
- Require employees to select unique & strong passwords, and to change their passwords frequently.
- Make fuller use of your online banking platforms, giving you easy access to items such as balance reporting, transaction history, check images, etc.
- Tightly limit access on who can manage payment information and processes to prevent changes to key fields like account number and beneficiary information. Monitor changes to these fields, and pay close attention to this in payroll files.
- Create a process within your business for vendor payment changes. Get any account number changes in writing, and verify with a phone call that the number you have on file is correct.
- Keep account authorizations current and notify the bank when an authorized signer or online banking user leaves your company.
- Track and investigate claims in which a customer, vendor, or client claims to have paid a bill, but your records do not indicate payment was made.
Specifically, businesses may consider the following actions:
- Implement positive pay service on all accounts. This will allow you to verify, approve and pay or return all presented checks manually.
- Implement dual control with check issuance by having one employee create checks and another employee reconcile checks.
- Secure check stock, blank checks and facsimile signatures, and require dual control when accessing these items.
- Keep check issue files and online check registers current to ensure accuracy, and shred unused or out-of-date check stock, blank checks and facsimile signatures prior to disposing of these items.
See Figure 5 for a recap of the types of services used most frequently to prevent check fraud.
- Require multi-factor authentication (e.g., email and call verification) when receiving initial payment information or a request to change payment information
- Send a confirmation letter or email - not using the “reply” feature in email - with any requests to change payment information.
- Delay payment with any requests to change payment accounts or to make payment to a foreign bank account.
- Provide clear instructions to business partners concerning how wire payment information should be communicated.
- Implement dual control on all online payments and set-up alerts for electronic transactions, monitoring return activity in particular.
- Set authorization limits at both company and individual levels.
- Implement debit filters on all accounts to limit the accounts your organization has authorized to implement ACH debits.
- Return unauthorized ACH debits to your account within 24 hours.
See Figure 6 for a recap of the types of services used most frequently to prevent ACH fraud.
Although fraud continues to be a concern for businesses, the banking industry has taken proactive steps to help avoid it. Given the investments in tools, banks have been able to prevent $9 out of every $10 attempted at deposit account fraud. However, businesses need to be aware of the prevalence of fraud, and recognize that prevention is an ongoing, critical business task. Combined with bank efforts, payments fraud can be reduced, if not prevented. Ask your relationship manager to learn more about the capabilities available to you.
Use the following resource to learn more about payments fraud and its impact on small businesses.
Control spending, mitigate risk and discover how fraud protection services can help safeguard your company's assets. Contact us today!
As with all serious financial topics or decisions, be sure to consult with a trusted financial advisor beforehand. The content seen here is for educational purposes only and is not meant to serve as any sort of advice or endorsement.