Here are several suggestions I frequently give business customers when we’re discussing payments fraud:
Understand where payments fraud is happening
AFP’s 2018 survey reveals that checks continue to be the most common payment method that fraudsters target—almost 75% of organizations surveyed had check payments exposed to fraud. 48% experienced wire fraud and 30% experienced corporate card fraud. Business Email Compromise (BEC)—an email scam which leads to check and/or wire fraud—is an extremely common attack method, with 77% of organizations seeing BEC in 2017.
Know the common red flags
Fraudsters frequently research companies using public websites, press releases, social media and more to gather information and craft messaging that appears to be authentic. Be on the look-out for payment scams, especially requests that:
- Have a sense of urgency, a call for help or a need for confidentiality
- Add a new contact at a supplier or vendor representing the company
- Update a payment account, typically without a request for a phone contact
- Indicate a change to payment instructions or payment type (e.g. check to wire)
- Communicate a sudden change in business practice
Incorporate best practices with the help of your bank
To safeguard your company’s funds—and especially payments made by check or wire—I recommend working with your bank to set up:
- Positive pay to protect against check fraud
- ACH Blocks to stop unauthorized ACH transactions, and ACH Filters to allow only designated ACH transactions to post to the account. For reference, ACH transactions are a common form of electronic transfers, such as direct deposits, payroll and authorized insurance payments.
- Secure online wire transfers with dual controls from different computers, plus a token device or app for multi-factor authentication
- Predetermined wire transfer limits and email alerts for someone outside of your accounting or treasury area
- Annual relationship reviews with your treasury management officer to be sure your online access and users, account signers, email alerts and more are up-to-date
Educate your entire staff on cybersecurity
While it is common for treasury staff to discover payments fraud, the entire company has a role to play in prevention and detection. Trainings and resources to teach best practices are essential. Some companies even send out simulated email phishing attacks in order test their employees and keep cybersecurity top of mind. Anyone with an email may be subject to a phishing scam or payments fraud.
Cybersecurity and payments fraud can be overwhelming for businesses because fraudsters are always evolving their attack methods. To keep up with the pace of change, ongoing awareness, strategic preparation and a strong relationship with your bank are some of your best defenses.
By: Susan Giffard, Director of Treasury Management and Government Banking