Fight the battle against payments fraud

January 03, 2022

The best way to prevent fraud is to prepare for it. Here’s how.


In the digital age, a cyberattack is like a natural disaster – a persistent and unpredictable threat. Nearly three-fourths of U.S. organizations were targets of payments fraud, according to the 2021 Association for Financial Professionals (AFP) Payments Fraud Survey Report.

What’s the best way to prevent getting hit by a payments fraud scam?

“Know your organization’s vulnerabilities and prepare for attacks,” says Dan Kautz, a vice president with Global Treasury Management at U.S. Bank. “It’s not necessarily the amount of money sitting in a company’s account that makes them a target; it’s their weaknesses,” Kautz says.

Those weaknesses include a lack of IT infrastructure, smaller staffs and fewer controls – all of which attract cybercriminals. Although criminals’ tactics constantly evolve, business email compromise (BEC) is a constant threat, with 76% of organizations having experienced it in 2020.


Payments fraud continues to rise

After a steady increase from 2013 to 2018, the number of organizations that experienced attempted or actual payments fraud fell to 74% in 2020. While that is a smaller percentage than 2018 and 2019, a significant majority of companies continue to be impacted.

Percent of Organizations that experienced attempted and/or actual payments fraud, 2007-2019

chart showing the percent of organizations that experienced attempted or actual payments fraud

Source: 2020 AFP Payments Fraud and Control Survey


The persistent realities of BEC

“These are legitimate payments, and that makes them very difficult to detect,” Kautz says of BEC attacks, wherein criminals persuade employees to initiate wire, check or credit card payments by sending fraudulent emails. The emails appear to be from genuine customers, vendors or executives. These sophisticated scams also include requests for personally identifiable information (PII) or Wage and Tax Statement (W-2) forms for employees.

However, while this overall loss was large, individual organization losses were less significant. 

The greater threat to those organizations comes from the theft of personal and confidential information. Damages from these thefts can be difficult to measure, ranging from financial penalties to legal and regulatory actions.

"There’s a lack of awareness and knowledge about how these attacks happen. And from my perspective, if you understand how attacks happen, it will be easier for you to thwart them."

BEC scams grow and evolve

Increasingly, criminals harvest personally identifiable information through the web and social media and use it to execute sophisticated BEC scams. They pose as trusted executives or vendors to either initiate unauthorized payments or change payment information to intercept disbursements. 


Checks remain primary target

Although businesses operate in a digital world, checks remain the primary target. This is thanks to their prevalence and technological advancements that have made it easier to create more convincing forgeries.

Two-thirds of organizations surveyed experienced attempted and/or actual payments fraud with checks. That dramatically outpaced the prevalence of other payments fraud attempts:

  • Checks – 66%
  • Wire transfers – 39%
  • ACH debits – 34%
  • ACH credits – 19%
  • Corporate/commercial credit cards – 24%

According to the survey, 77% of treasury and finance practitioners believe educating employees on the threat of BEC and training them to identify spear phishing attempts is an important component in controlling BEC.


How to protect your organization

Kautz recommends that your organization take the following steps to help protect itself:

  • Provide comprehensive training: All employees should receive training to help them identify and respond to potential attacks.
  • Institute physical, digital and procedural controls: Require the use of dual approval for all payments. Establish a dedicated workstation through which all payments must be executed and limit employee access to personal email, all of which will limit your organization’s exposure to potential threats.
  • Promote mindfulness: Executives should empower and encourage employees to think carefully, ask questions and verify, before executing transactions.
  • Share personal information sparingly: Executives should avoid sharing biographical and direct contact information online, where cybercriminals can harvest it for use in BEC attacks.

“Companies read about fraud in the newspaper, but they think it won’t happen to them,” Kautz says. “That couldn’t be further from the truth. All it takes is one bad email or one wrong click.”

Don’t wait until your organization experiences a fraud attempt. Take time now to search for gaps in your fraud prevention program. Our fraud prevention checklist and tips to reduce corporate payments fraud can help:

U.S. Bank is committed to helping you meet your treasury management needs, including fraud prevention. To learn more, contact a U.S. Bank relationship manager or treasury management consultant.

Related content

Webinar: How to stay safe from cyberfraud

The cyber insurance question: Additional protection beyond prevention

Higher education strategies for e-payment migration, fighting fraud

The mobile app to download before summer vacation

5 Ways to protect your government agency from payment fraud

Authenticating cardholder data reduce e-commerce fraud

Insource or outsource? 10 considerations

Risk management strategies for foreign exchange hedging

Automate accounts payable to optimize revenue and payments

30-day adulting challenge: Financial wellness tasks to complete in a month

What is CSDR, and how will you be affected?

How to avoid being the victim of a digital payments scam

Best practices on securing cardholder data

Cybercrisis management: Are you ready to respond?

Dear Money Mentor: What is cryptocurrency?

Turn risk into opportunity with supply chain finance

Webinar: What’s new in international payments?

Webinar: Managing foreign exchange risk in unpredictable markets

How to keep your assets safe

Recognize. React. Report. Don't fall victim to financial exploitation

Learn to spot and protect yourself from common student scams

Protecting elderly parents’ finances: 6 steps to follow when managing their money

How to avoid student loan scams

Cryptocurrency custody 6 frequently asked questions

How to spot an online scam

Complying with changes in fund regulations

Evaluating interest rate risk creating risk management strategy

Webinar: Approaching international payment strategies in today’s unpredictable markets.

What is a CLO?

Webinar: Mobile banking tips for smarter and safer online banking

Webinar: How to fight off fraud

Webinar: Protect yourself or your loved ones from elder fraud

Increase working capital with Commercial Card Optimization

Fraud prevention checklist

4 ways to outsmart your smart device

Money muling 101: Recognizing and avoiding this increasingly common scam

What you need to know about identity theft

What you need to know about financial fraud

5 tips for seniors to stay a step ahead of schemers

Recognize. React. Report. Caregivers can help protect against financial exploitation

Is online banking safe?

Identity stolen? 5 steps to take immediately

How you can prevent identity theft

8 tips and tricks for creating and remembering your PIN

Hospitals face cybersecurity risks in surprising new ways

5 steps you should take after a major data breach

Cybersecurity – Protecting client data through industry best practices

Why KYC — for organizations

Post-pandemic fraud prevention lessons for local governments

BEC: Recognize a scam

Fight the battle against payments fraud

The latest on cybersecurity: Vulnerability testing and third-party software

The password: Enhancing security and usability

3 timeless tips to reduce corporate payments fraud

The surprising truth about corporate cards

Understanding and preparing for the new payment experience

White Castle optimizes payment transactions

Avoiding the pitfalls of warehouse lending

4 tips for protecting your business against Coronavirus-related scams

Proactive ways to fight vendor fraud

The latest on cybersecurity: Mobile fraud and privacy concerns

How to improve your business network security

Government agency credit card programs and PCI compliance

Business risk management for owners of small companies

Webinar: A closer look at U.S. Bank AP Optimizer

The future of financial leadership: More strategy, fewer spreadsheets

How to improve digital payments security for your health system

Enhancing liquidity management: 4 benefits of visibility

Webinar: Fraud prevention and mitigation for government agencies

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Webinar: Recording of the Central Securities Depository Regulation and Pivot

Webinar: CRE technology trends

Webinar: Robotic process automation

Webinar: CRE treasury leader roundtable

Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.