Fraud Trends and Best Practices
Changes in Payments Landscape Leads to an Evolution in Fraud Attacks
Fraud continues to be a challenge for many organizations, according to the 2022 Association for Financial Professionals, with over 70 percent of organizations reporting that they continue to be targets of fraud. As the payments landscape continues to evolve fraudsters are adjusting their tactics too.
Targets of Payments Fraud
Check issuing continues to decline as the number of organizations using digital payments increases. The mass adoption of digital payments is partly due to the remote work environment. Electronic payment usage increases may also be the reason there has been an uptick in ACH fraud. However, checks continue to be the primary target for fraudsters.
Leading Source of Fraud: Business Email Compromise
Fraudsters continue to exploit businesses via Business email compromise (or “BEC”) with 55% of organizations experiencing these fraud attempts or attacks. In 2021, the AFP reported 62% of companies experienced BEC fraud, which is a slight decrease from the previous year. The slight decrease in BEC may suggest that the implementation of controls and measures taken to mitigate fraud have been successful.
BEC is a scam targeting business’ payment processes. Essentially, a fraudster takes over valid business email accounts through social engineering or computer intrusion techniques to process or initiate unauthorized transfers of funds. The individual responsible for processing payments is tricked into thinking the request is valid, coming from a company leader, partner or third-party vendor, and processes the payment.
Payment Methods Impacted by BEC
Better Protect Your Business
Safeguarding your assets begins with awareness and recognizing that prevention is an ongoing critical business strategy. Fraudsters are always searching for new schemes to capture funds from their victims. When they plan their attacks, they are looking for vulnerabilities in an organization’s payment controls and processes. There are several steps a business can take to mitigate fraud and avoid potential financial losses.
Best Practices to Fight Fraud
- Review internal controls and procedures
Strengthening internal controls and procedures is the greatest fraud deterrent. Below are a few controls/procedures to consider:
- Establish a limit per account and/or employee
- Separate responsibilities to establish checks and balances
- Require approval on all payments
- Set limits based on payment history
- Reconcile activity daily to identify suspicious payments, giving the company the opportunity to stop and/or recover fraudulent payments
- Ongoing employee training
Employees are the gatekeepers of an organization and with proper training, they can more effectively safeguard the organization. AP/AR departments are often in the fraudster’s crosshairs thus training and following strong policies are crucial. Possible training topics include:
- Define fraud and the consequences
- Present examples of fraud the company may be exposed to
- Review policies/controls to prevent internal and external fraud
- Practice recognizing fraud indicators and red flags
- Review the steps to report suspected and actual fraud. When it comes to the initial detection of fraud, employee tips are the most common method at 40%
- Implement verification processes
Additional verification before submitting payment could make all the difference in identifying fraud and preventing financial loss. Implementation involves updating policies/controls and educating employees on the updated payment processes. Consider the following:
- Changes in payment information must be verified by calling the phone number on file for the vendor
- Adding a new vendor requires approval from multiple employees
- All payments requested via phone or email must be verified by calling the phone number on file for the vendor
- Large payments should prompt for approval from management
Tools and Resources to Help Fight Fraud
Strong policies, continuous employee education, and fraud tools and resources can help to mitigate fraud. AFP reported organizations use the following practices to help reduce fraud risk:
Association for Financial Professionals: 2022 Payments Fraud and Control Survey Report
All Pertinent Disclaimers:
As with all serious financial topics or decisions, be sure to consult with a trusted financial advisor beforehand. The content here is for educational purposes only and is not meant to serve as any sort of advice or endorsement.