When it comes to payments fraud, businesses of all sizes are facing a rise in threats to their data. According to the 2019 Payments Fraud Survey by the Association for Financial Professionals (AFP), payments fraud has reached an all-time high with 82% of all organizations surveyed reporting payments fraud (a slight increase up from 80% in 2018). Checks continue to be the most common payment method that fraudsters target—almost 70% of organizations surveyed had check payments exposed to fraud. 43% experienced wire fraud and 33% experienced ACH debits fraud.
Now is the time for companies to prioritize strategic fraud prevention in order to save money and mitigate an attack before it happens.
What to look out for
Fraudsters frequently research companies using public websites, press releases, social media and more to gather information and craft messaging that appears to be authentic. Be on the look-out for payment scams, especially requests that:
- Have a sense of urgency, a call for help or a need for confidentiality
- Add a new contact at a supplier or vendor representing the company
- Update a payment account, typically without a request for a phone contact
- Indicate a change to payment instructions or payment type (e.g. check to wire)
- Communicate a sudden change in business practice
Are you using best practices?
To safeguard your company’s funds—and especially payments made by check or wire—I recommend working with your bank to set up:
- Positive pay – an automated cash management service that helps protect against check fraud.
- ACH Blocks to stop unauthorized ACH transactions, and ACH Filters to allow only designated ACH transactions to post to the account. For reference, ACH transactions are a common form of electronic transfers, such as direct deposits, payroll and authorized insurance payments.
- Restrictions on payments initiation based on emails to prevent fraudulent activity from BEC and two factor authentication to add an extra layer of security.
- Secure online wire transfers with dual controls from different computers, plus a token device or app for multi-factor authentication.
- Predetermined wire transfer limits and email alerts for someone outside of your accounting or treasury area.
- Annual relationship reviews with your treasury management officer to be sure your online access and users, account signers, email alerts are up to date.
Cybersecurity education is key
While it is common for treasury staff to discover payments fraud, the entire company has a role to play in prevention and detection. Trainings and resources to teach best practices are essential. Some companies even send out simulated email phishing attacks in order test their employees and keep cybersecurity top of mind. Anyone with an email may be subject to a phishing scam or payments fraud.
Cybersecurity and payments fraud can be overwhelming for businesses because fraudsters are always evolving their attack methods. To keep up with the pace of change, ongoing awareness, strategic preparation and a strong relationship with your bank are some of your best defenses.
By: Susan Giffard, Senior Vice President, Director of Treasury Management and Government Banking