Fight the battle against payments fraud
The best way to prevent fraud is to prepare for it. Here’s how.
In the digital age, a cyberattack is like a natural disaster – a persistent and unpredictable threat. Nearly three-fourths of U.S. organizations were targets of payments fraud, according to the 2021 Association for Financial Professionals (AFP) Payments Fraud Survey Report.
What’s the best way to prevent getting hit by a payments fraud scam?
“Know your organization’s vulnerabilities and prepare for attacks,” says Dan Kautz, a vice president with Global Treasury Management at U.S. Bank. “It’s not necessarily the amount of money sitting in a company’s account that makes them a target; it’s their weaknesses,” Kautz says.
Those weaknesses include a lack of IT infrastructure, smaller staffs and fewer controls – all of which attract cybercriminals. Although criminals’ tactics constantly evolve, business email compromise (BEC) is a constant threat, with 76% of organizations having experienced it in 2020.
Payments fraud continues to rise
After a steady increase from 2013 to 2018, the number of organizations that experienced attempted or actual payments fraud fell to 74% in 2020. While that is a smaller percentage than 2018 and 2019, a significant majority of companies continue to be impacted.
Percent of Organizations that experienced attempted and/or actual payments fraud, 2007-2019
The persistent realities of BEC
“These are legitimate payments, and that makes them very difficult to detect,” Kautz says of BEC attacks, wherein criminals persuade employees to initiate wire, check or credit card payments by sending fraudulent emails. The emails appear to be from genuine customers, vendors or executives. These sophisticated scams also include requests for personally identifiable information (PII) or Wage and Tax Statement (W-2) forms for employees.
However, while this overall loss was large, individual organization losses were less significant.
The greater threat to those organizations comes from the theft of personal and confidential information. Damages from these thefts can be difficult to measure, ranging from financial penalties to legal and regulatory actions.
"There’s a lack of awareness and knowledge about how these attacks happen. And from my perspective, if you understand how attacks happen, it will be easier for you to thwart them."
BEC scams grow and evolve
Increasingly, criminals harvest personally identifiable information through the web and social media and use it to execute sophisticated BEC scams. They pose as trusted executives or vendors to either initiate unauthorized payments or change payment information to intercept disbursements.
Checks remain primary target
Although businesses operate in a digital world, checks remain the primary target. This is thanks to their prevalence and technological advancements that have made it easier to create more convincing forgeries.
Two-thirds of organizations surveyed experienced attempted and/or actual payments fraud with checks. That dramatically outpaced the prevalence of other payments fraud attempts:
According to the survey, 77% of treasury and finance practitioners believe educating employees on the threat of BEC and training them to identify spear phishing attempts is an important component in controlling BEC.
How to protect your organization
Kautz recommends that your organization take the following steps to help protect itself:
“Companies read about fraud in the newspaper, but they think it won’t happen to them,” Kautz says. “That couldn’t be further from the truth. All it takes is one bad email or one wrong click.”
Don’t wait until your organization experiences a fraud attempt. Take time now to search for gaps in your fraud prevention program. Our fraud prevention checklist and tips to reduce corporate payments fraud can help:
U.S. Bank is committed to helping you meet your treasury management needs, including fraud prevention. To learn more, contact a U.S. Bank relationship manager or treasury management consultant.