Fight the battle against payments fraud
The best way to prevent fraud is to prepare for it. Here’s how.
Tags: BEC, Fraud protection, Scams, Security, Cybersecurity
Published: May 20, 2020
In the digital age, a cyberattack is like a natural disaster – a persistent and unpredictable threat. Eighty-two percent of U.S. organizations were targets of payments fraud, according to the 2020 Association for Financial Professionals (AFP) Payments Fraud Survey Report.
What’s the best way to prevent getting hit by a payments fraud scam?
“Know your organization’s vulnerabilities and prepare for attacks,” says Dan Kautz, a vice president with Global Treasury Management at U.S. Bank. “It’s not necessarily the amount of money sitting in a company’s account that makes them a target; it’s their weaknesses,” Kautz says.
Those weaknesses include a lack of IT infrastructure, smaller staffs and fewer controls – all of which attract cybercriminals. Although criminals’ tactics constantly evolve, business email compromise (BEC) is a constant threat, with 75 percent of organizations having experienced it in 2019.
Payments fraud continues to rise
Although it fell after the Great Recession, payments fraud once again is on the rise. The number of organizations that say they’ve experienced attempted or actual payments fraud settled in at 81 percent in 2019, after peaking at 82 percent in 2018.
Percent of Organizations that experienced attempted and/or actual payments fraud, 2007-2019
Source: 2020 AFP Payments Fraud and Control Survey
The persistent realities of BEC
“These are legitimate payments, and that makes them very difficult to detect,” Kautz says of BEC attacks, wherein criminals persuade employees to initiate wire, check or credit card payments by sending fraudulent emails. The emails appear to be from genuine customers, vendors or executives. These sophisticated scams also include requests for personally identifiable information (PII) or Wage and Tax Statement (W-2) forms for employees.
However, while this overall loss was large, individual organization losses were less significant. In 2019, less than half of organizations say they suffered a financial loss because of BEC.
The greater threat to those organizations comes from the theft of personal and confidential information. Damages from these thefts can be difficult to measure, ranging from financial penalties to legal and regulatory actions.
There’s a lack of awareness and knowledge about how these attacks happen. And from my perspective, if you understand how attacks happen, it will be easier for you to thwart them.
BEC scams grow and evolve
Increasingly, criminals harvest personally identifiable information through the web and social media and use it to execute sophisticated BEC scams. They pose as trusted executives or vendors to either initiate unauthorized payments or change payment information to intercept disbursements.
Percent of organizations that experienced attempted and/or actual payments fraud with these payments methods in 2019
The percent of organizations that experienced attempted and/or actual payments fraud in 2019 with checks was 74 percent, with wire transfers was 40 percent, with corporate or commercial credit cards was 34 percent, with ACH debits was 33 percent, and with ACH credits was 22 percent.
Checks remain primary target
Although businesses operate in a digital world, checks remain the primary target. This is thanks to their prevalence and technological advancements that have made it easier to create more convincing forgeries.
How to protect your organization
Kautz recommends that your organization take the following steps to help protect itself:
- Provide comprehensive training: All employees should receive training to help them identify and respond to potential attacks.
- Institute physical, digital and procedural controls: Require the use of dual approval for all payments. Establish a dedicated workstation through which all payments must be executed and limit employee access to personal email, all of which will limit your organization’s exposure to potential threats.
- Promote mindfulness: Executives should empower and encourage employees to think carefully, ask questions and verify, before executing transactions.
- Share personal information sparingly: Executives should avoid sharing biographical and direct contact information online, where cybercriminals can harvest it for use in BEC attacks.
“Companies read about fraud in the newspaper, but they think it won’t happen to them,” Kautz says. “That couldn’t be further from the truth. All it takes is one bad email or one wrong click.”
Don’t wait until your organization experiences a fraud attempt. Take time now to search for gaps in your fraud prevention program. Our payments fraud prevention best practices and fraud prevention checklist can help:
U.S. Bank is committed to helping you meet your treasury management needs, including fraud prevention. To learn more, contact a U.S. Bank relationship manager or treasury management consultant.
Investment and insurance products and services including annuities are:
Not a Deposit ● Not FDIC Insured ● May Lose Value ● Not Bank Guaranteed ● Not Insured by any Federal Government Agency
U.S. Wealth Management – U.S. Bank and U.S. Bancorp Investments is the marketing logo for U.S. Bank and its affiliate U.S. Bancorp Investments.
The information provided represents the opinion of U.S. Bank and U.S. Bancorp Investments and is not intended to be a forecast of future events or guarantee of future results. It is not intended to provide specific investment advice and should not be construed as an offering of securities or recommendation to invest. Not for use as a primary basis of investment decisions. Not to be construed to meet the needs of any particular investor. Not a representation or solicitation or an offer to sell/buy any security. Investors should consult with their investment professional for advice concerning their particular situation.
U.S. Bank, U.S. Bancorp Investments and their representatives do not provide tax or legal advice. Your tax and financial situation is unique. You should consult your tax and/or legal advisor for advice and information concerning your particular situation.
For U.S. Bank:
Equal Housing Lender.
Deposit products are offered by U.S. Bank National Association. Member FDIC. Mortgage, Home Equity and credit products offered by U.S. Bank National Association. Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rates and program terms are subject to change without notice.
U.S. Bank is not responsible for and does not guarantee the products, services or performance of U.S. Bancorp Investments, Inc.
For U.S. Bancorp Investments:
Investment and insurance products and services including annuities are available through U.S. Bancorp Investments, the marketing name for U.S. Bancorp Investments, Inc., member FINRA and SIPC, an investment adviser and a brokerage subsidiary of U.S. Bancorp and affiliate of U.S. Bank.
U.S. Bancorp Investments is registered with the Securities and Exchange Commission as both a broker-dealer and an investment adviser. To understand how brokerage and investment advisory services and fees differ, the Client Relationship Summary and Regulation Best Interest Disclosure are available for you to review.
Insurance products are available through various affiliated non-bank insurance agencies, which are U.S. Bancorp subsidiaries. Products may not be available in all states. CA Insurance License #OE24641.
Pursuant to the Securities Exchange Act of 1934, U.S. Bancorp Investments must provide clients with certain financial information. The U.S. Bancorp Investments Statement of Financial Condition is available for you to review, print and download.
The Financial Industry Regulatory Authority (FINRA) Rule 2267 provides for BrokerCheck to allow investors to learn about the professional background, business practices, and conduct of FINRA member firms or their brokers. To request such information, contact FINRA toll-free at 1.800.289.9999 or via https://brokercheck.finra.org. An investor brochure describing BrokerCheck is also available through FINRA.
U.S. Bancorp Investments Order Processing Information.
© 2020 U.S. Bancorp
