Fight the battle against payments fraud

May 08, 2023

Fraudsters are relentless in their schemes to target businesses and exploit their cyber vulnerabilities. The best way to prevent fraud is to prepare for it. Here’s how.

In the digital age, a cyberattack is like a natural disaster – a persistent and unpredictable threat. Nearly two-thirds of U.S. organizations were targets of payments fraud in 2022, according to the 2023 Association for Financial Professionals (AFP) Payments Fraud Survey Report.

Targeting is down from 71% in 2021 and its peak in 2018, when 82% of surveyed businesses said they were victimized by some form of payments fraud. Increased diligence and preventative measures are having some success. But complacency is not an option for treasury and finance professionals if they want to stay ahead of fraudsters to mitigate business interruptions and financial losses.

What’s the best way to prevent getting scammed by payments fraud?

“Know your organization’s vulnerabilities and prepare for attacks,” says Dan Kautz , vice president Global Treasury Management at U.S. Bank. “Criminals will take advantage of your weaknesses regardless of the amount of money in your accounts.”

Those weaknesses include a lack of IT infrastructure, smaller staffs and fewer controls – all of which attract cybercriminals. Criminals’ tactics constantly evolve, and business email compromise (BEC) remains the most dangerous threat, with 71% of organizations having experienced it in 2022.

 

Payments fraud decreases overall, but most businesses still face attacks

After a steady increase from 2013 to 2018, the number of organizations that experienced attempted or actual payments fraud fell to 65% in 2022. While that is the smallest percentage since 2014, a significant majority of companies continue to be impacted.
 

chart showing the percent of organizations that experienced attempted or actual payments fraud

 

The persistent realities of BEC

Fifty-three percent of all payments fraud was because of business email compromise (BEC), according to the survey.

“These are legitimate payments, and that makes them very difficult to detect,” Kautz says of BEC attacks, wherein criminals persuade employees to initiate wire, check or credit card payments by sending fraudulent emails.

The emails appear to be from genuine customers, vendors or executives. They may ask for bank account numbers or routing codes. They can also include requests for personally identifiable information (PII) or Wage and Tax Statement (W-2) forms for employees.

Enterprises with at least $1 billion in annual revenue were more susceptible to BEC scams, according to the survey. Companies with less than $1 billion in annual revenue were more likely to be defrauded by individuals outside their organizations.

The greater threat to those organizations comes from the theft of personal and confidential information. Damages from these thefts can be difficult to measure, ranging from financial penalties to legal and regulatory actions.

"There’s a lack of awareness and knowledge about how these attacks happen. And from my perspective, if you understand how attacks happen, it will be easier for you to thwart them."

BEC scams continue to evolve

Criminals continue to harvest personally identifiable information through the web and social media and use it to execute sophisticated BEC scams. They pose as trusted executives or vendors to either initiate unauthorized payments or change payment information to intercept disbursements.

According to the survey, 73% of BEC involved spoof emails designed to trick users into thinking they are interacting with a trusted source.

Educating employees on the threat of BEC and training them to identify spear phishing attempts is important to controlling BEC. . 

 

Checks remain primary target

Although businesses operate in a digital world, checks remain the primary target. Why? Their prevalence and technological advancements that have made it easier to create more convincing forgeries.

Almost two-thirds of organizations surveyed experienced attempted and/or actual payments fraud with checks. Paper checks remain especially vulnerable for criminals to steal them, alter payee names or amounts and then endorse and deposit them into accounts they created.

That dramatically outpaced the prevalence of other payments fraud attempts:

  • Checks – 63%
  • Corporate/commercial credit cards – 36%
  • Wire transfers – 31%
  • ACH debits – 30%
  • ACH credits – 30%
     

According to the survey, the largest spike occurred with corporate/commercial credit cards. Consistently ranked below ACH payments and wire transfers in previous surveys, fraud attacks on credit cards increased 12% since 2020.

Meanwhile, wire transfers fraud has significantly decreased – from 48% in 2017 to 31% five years later. The downward trend shows companies have become more effective in detecting wire transfers fraud and mitigating damage with increased scrutiny.

 

How to protect your organization

Banks have vast experience fighting payments fraud, which often makes them a secure and trusted resource for guidance and mitigation advice following an attack.

Almost 80% of respondents said they are most likely to seek assistance from their banking partners about what steps to take.

Kautz recommends that your organization take the following steps to help protect itself:

  • Provide comprehensive training: All employees should receive training to help them identify and respond to potential attacks.
  • Institute physical, digital and procedural controls: Require the use of dual approval for all payments. Establish a dedicated workstation through which all payments must be executed and limit employee access to personal email, all of which will limit your organization’s exposure to potential threats.
  • Promote mindfulness: Executives should empower and encourage employees to think carefully, ask questions and verify, before executing transactions.
  • Share personal information sparingly: Executives should avoid sharing biographical and direct contact information online, where cybercriminals can harvest it for use in BEC attacks.

“Companies hear about fraud in the news, but they think it won’t happen to them,” Kautz says. “That couldn’t be further from the truth. All it takes is one bad email or one wrong click.”

Don’t wait until your organization experiences a fraud attempt. Take time now to search for gaps in your fraud prevention program. Our fraud prevention checklist and tips to reduce corporate payments fraud can help:



U.S. Bank is committed to helping you meet your treasury management needs, including fraud prevention. To learn more, contact a U.S. Bank relationship manager or treasury management consultant.

Related content

Automate accounts payable to optimize revenue and payments

How to prevent fraud

What is CSDR, and how will you be affected?

Keep your finances safe and secure: Essential tips for preventing check fraud

How to spot an online scam

What is financial fraud?

Authenticating cardholder data reduce e-commerce fraud

Third-party vendor risk: protecting your company against cyber threats

Mobile banking tips for smarter and safer online banking

Increase working capital with Commercial Card Optimization

Why Know Your Customer (KYC) — for organizations

Webinar: CRE technology trends

Cybersecurity – Protecting client data through industry best practices

Avoiding the pitfalls of warehouse lending

Cybercrisis management: Are you ready to respond?

Business risk management for owners of small companies

Proactive ways to fight vendor fraud

Fight the battle against payments fraud

Webinar: Approaching international payment strategies in today’s unpredictable markets.

5 winning strategies for managing liquidity in volatile times

The surprising truth about corporate cards

Understanding and preparing for the new payment experience

Insource or outsource? 10 considerations

How to improve your business network security

Protecting elderly parents’ finances: 6 steps to follow when managing their money

How to keep your assets safe

Complying with changes in fund regulations

Evaluating interest rate risk creating risk management strategy

White Castle optimizes payment transactions

The latest on cybersecurity: Mobile fraud and privacy concerns

Turn risk into opportunity with supply chain finance

Why a mobile banking app is a ‘must have’ for your next vacation

Money muling 101: Recognizing and avoiding this increasingly common scam

How to avoid student loan scams

Is online banking safe?

How-to guide: What to do if your identity is stolen

8 tips and tricks for creating and remembering your PIN

Recognize. React. Report. Don't fall victim to financial exploitation

Recognize. React. Report. Caregivers can help protect against financial exploitation

5 tips for seniors to stay a step ahead of schemers

Learn to spot and protect yourself from common student scams

The password: Enhancing security and usability

Government agency credit card programs and PCI compliance

BEC: Recognize a scam

Fraud prevention checklist

Risk management strategies for foreign exchange hedging

4 tips for protecting your business against Coronavirus-related scams

5 Ways to protect your government agency from payment fraud

Hospitals face cybersecurity risks in surprising new ways

Best practices on securing cardholder data

Cryptocurrency custody 6 frequently asked questions

What is a CLO?

The future of financial leadership: More strategy, fewer spreadsheets

4 ways to outsmart your smart device

30-day adulting challenge: Financial wellness tasks to complete in a month

Webinar: How to stay safe from cyberfraud

Webinar: Robotic process automation

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Hospitals face cybersecurity risks in surprising new ways

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

BEC and deepfake fraud

How you can prevent identity theft

Post-pandemic fraud prevention lessons for local governments

What you need to know about identity theft

Evaluating interest rate risk creating risk management strategy

Authenticating cardholder data reduce e-commerce fraud

Disclosures

Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rates and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.