The percentage of organizations that experienced attempted or actual payments fraud declined in the years from 2009 to 2013, but the numbers started to climb again in 2014. Last year they reached their highest level in more than a decade.
In the 13th Annual Payments Fraud and Control Survey by the Association for Financial Professionals, 74% of the respondents said their companies were victims of payments fraud attempts and attacks. That was up from up from 73% in 2015 and 62% in 2014.
As to the means of fraud, 75% of organizations experienced check fraud last year and 46% were targets of wire transfer fraud. Other payment methods commonly targeted were corporate and commercial credit card accounts (32%), ACH debits (30%), and ACH credits (11%).
“The fact that overall payments fraud is currently at its highest level is troubling,” the AFP wrote in its report. “It signals that organizations cannot be complacent about the threats of payments fraud.”
One possible reason for the overall increase in fraud is that many attacks are originated via business-email compromise (BEC), which the Federal Bureau of Investigation describes as “a scam carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
Of the 547 corporate practitioners responding to the AFP survey, 52% said payments fraud at their companies originated via BEC attacks. BEC was more prevalent among larger organizations with annual revenue of at least $1 billion and more than 100 payment accounts.
The AFP pointed out that it is “fairly simple” for companies to guard against BEC scams: “The finance team and senior management need to communicate with employees regarding BEC, explain what to look out for, and always encourage staff to check before taking any action regarding a payment, such as implementing dual authentication — that is, transactions should not be authorized without a second signature. Given the broad spectrum of BEC scams, it is also important to plan for scenarios such as changes in payment information with external providers, etc. In many cases a simple call to a trusted phone number on file will ensure that information is authentic.”
Many corporate practitioners report that their organizations are being proactive in preventing BEC. Of those surveyed, 71% have implemented controls to guard against being impacted by BEC scams; another 10% are in the process of determining the controls that need to be in place to protect their organizations.
Perhaps because of some of these controls, for a majority of companies the losses suffered from overall payments fraud in 2016 were relatively small. Of those surveyed, 14% did not have any financial loss. Of those with financial losses, 25% estimated the loss from payments fraud last year was less than $25,000; 32% said the loss was between $25,000 and $249,999; and 29% of finance professionals said the loss was $250,000 or more.
While BEC scams are an increasingly common source of fraud, check payments continue to be the payment method most often exposed to fraud activity, said the AFP. As with business email compromise, finance departments are using multiple methods for guarding against check fraud. Positive pay is the most popular (74% of organizations), but companies are also using segregation of accounts (69%) and daily reconciliations (64%).
Some physical security measures are also viewed as being effective in combatting check fraud. In the AFP survey, 59% of respondents considered the VOID feature (the word “VOID” appears if a check is scanned or copied) effective in preventing fraud. Other effective security features noted by respondents included a dual-tone true watermark and microprint (a fine line of print that is difficult to photocopy and can only be read when magnified), both cited by more than one third of respondents.
Other features mentioned as effective included “customized controlled paper stock, chemical wash detection box, chemical reactive paper, and thermochromatic ink,” the AFP said.
The AFP conducted its 13th Annual Payments Fraud and Control Survey in January 2017. Respondents came from organizations of varying sizes and from a range of industries.