Take Control of Your Payments and Curb Fraud

In recent years, payments fraud has been on the rise as fraudsters take advantage of increased digitization of work, shopping and general operations and communications. The mental impact of economic uncertainty on consumers and businesses alike also heightens vulnerability of potential victims.

Despite growing fraud attacks and attempts on digital payments — ACH debits and credits, virtual cards, mobile wallets and cryptocurrency — the payments most vulnerable to fraud continue to be a more traditional method of payment: checks.

The Association for Financial Professionals® (AFP) recently published the 2023 AFP Payments Fraud and Control Survey, which examines the nature of fraud attacks on business-to-business transactions, the payment methods impacted, and the strategies organizations are adopting to protect themselves from those committing payments fraud.

The findings can help business owners and financial and accounting professionals:

  • Understand how to better protect incoming and outgoing payments from fraud
  • Glean insights into emerging and evolving fraud trends
  • Identify ways to partner with your bank’s treasury management department

Here are four key takeaways you can use to better protect your organization:

Amid an increasingly digital society, check fraud via mail theft has surged in the past year.

In 2022, there was a large increase in “brazen and successful attempts” at stealing mail from U.S. Postal Service mailboxes, the blue drop boxes found in residential neighborhoods, commercial main streets and in front of your local mini mall. Thieves may replicate the keys to these mailboxes to access the mail inside. In other instances, mail is fished out of the mailbox or stolen from a building’s mailroom. When mail contains a check, whether government, business or personal, the fraudster washes the check, a chemical process that removes ink, and alters the check amount and the name of the payee. Then, the fraudster endorses and deposits the stolen check into an account they are soon to close. In an organized scheme, they may hire individuals who fit an age, race or gender to make the physical trip into a bank to deposit a fraudulent check, taking on the risk of committing the crime.

Because this type of fraud attack is both low tech and low cost, it’s appealing to fraudsters.

Some businesses have moved away from issuing and accepting checks and instead are moving toward digital payments to utilize fraud prevention tools, consolidate systems and boost efficiency. Still, three out of four organizations that use checks plan to keep using checks. These organizations may believe that using checks is safer than digital payments because of the vulnerabilities to cybercrime, but 63% of organizations reported being the subject of check fraud attempts or attacks in 2022. To boot, check fraud has consistently been the payment method most vulnerable to fraud since first surveyed 18 years ago.

To address check fraud, treasury and finance professionals implement internal controls on check payments, and can also take advantage of one of the most powerful tools to combat check fraud: positive pay. Positive pay is a check protection service from your bank’s treasury management department that deters fraud by matching the checks a company issues with those it presents for payment. It allows you to monitor checks processed for payment against your account and reject unauthorized transactions before losses occur. To learn about different types of positive pay solutions and read client stories about the impact of using positive pay on privately held businesses, download our Fraud Prevention and Detection Think Tank.

If your organization accepts multiple payment methods, you are vulnerable to multiple fraud methods.

Accepting more payment methods, which becomes more feasible for larger organizations, inevitably means there are more ways a fraudster can come after your company. Notably, more organizations that accept card payments are experiencing fraudulent attempts.

The percentage of organizations that experienced payments fraud through corporate and commercial credit and debit cards has increased to nearly a decade-high. In 2022, 36% of organizations were hit by card fraud, which is the highest level since 39% of organizations reported experiencing this type of fraud in 2015.

Additionally, the share of businesses that reported commercial card fraud has increased by 10 percentage points since 2021. If you recently resumed more frequent use of corporate and commercial cards after potentially reducing spending and business travel during the pandemic, keep in mind that fraudsters are aware of this trend and are targeting card users.

Also up 6% year over year is the share of businesses that reported ACH credit fraud. ACH payments are electronic payments made from one bank to another through the Automated Clearing House. ACH credit payments are a common way for employers to push payroll out to employees, for example, and also a common way for businesses to send payments to other businesses and vendors.

Since ACH payments require a bank account number and routing number, this type of fraud is easily perpetrated once a fraudster gains access to this information through an email phishing scam or data breach.

Fraudsters continue to impersonate employees and vendors through sophisticated business email compromise schemes that are the root cause of most reported fraud cases. Learn how to detect BEC — and read one company’s experience with it — here.

You can mitigate the risk of these fraud attacks with ACH Positive Pay. Also known as ACH Debit Filter, this banking solution blocks or flags transactions that weren’t originated by an authorized vendor. This allows you to prevent fraudulent debits, and also allows you to approve exceptions.

The most likely to detect fraudulent activity on your accounts is your treasury, accounts payable or accounting department.

The quicker attempted or actual fraud is detected, the greater the chances of a recovery.

Larger enterprises may have in-house fraud detection products and services, but if you don’t, your bank can help you set up the appropriate tools. Without these fraud detection tools, it sometimes takes weeks or months for organizations to discover they’ve been the victim of fraud.

A key part of detecting fraud is through internal controls and processes, like the payment approval and release process. Other tools and methods that help you to discover fraud include the vendor or payee inquired about payment; positive pay; internal review; verbal verification; callbacks; reconciliation; and your banking partner’s fraud investigation.

A majority of organizations recoup less than 10% of funds stolen due to fraud.

Although a quarter of organizations were able to recoup 75% of funds they lost in 2022, the majority aren’t able to. The main reason for this is lack of detection tools, so when an accountant, controller, auditor or other internal team member discovers that fraud occurred, it’s too late to cancel a payment.

Not surprisingly, the organizations that are able to recover funds are typically those with greater revenue and higher volume of payment accounts, because they are better equipped to detect fraud early. Larger companies tend to have systems in place to help detect fraud and mitigate the risk and impact of fraud.

Businesses of all sizes can prioritize safeguarding your payments and accounts, and work with your bank’s treasury management department to instill tools to ensure you are taking preventive measures against fraud.