5 Ways to protect your government agency from payment fraud

January 03, 2022

Use these strategies to protect your government agency from potential payment fraud and keep your assets safe.

 

Cybercrime has come a long way from easy-to-detect emails asking for a wire transfer of funds to a stranger. Today, cyber criminals deftly impersonate contractors and vendors, changing payment account information through online forms and hoping to intercept payments. They also have a new target: government entities.

"Because governments need to be transparent - unlike the private sector - it's easier for imposters to gain access to vendor and payment information," says Jason Paulnock, U.S. Bank senior vice president and government banking central region manager.

Government agencies from Colorado to Washington have fallen victim to this version of compromised business emails. The scams can be hard to detect, and often organizations don't realize they've been defrauded until days or weeks after the fact. As the COVID-19 pandemic continues to evolve, it’s more important than ever to stay vigilant and be aware of potential payment scams involving government agencies and financial institutions. Fortunately, there are steps you can take to prevent vendor payment fraud and protect your agency, today and in the future.

 

A new take on an old scam 

Business email compromise (BEC) refers to a type of scam in which criminals send fraudulent emails on behalf of a vendor. The scammer impersonates a company that an organization has previously done business with and directs the payer to route payments to the vendor, but instead has the payments routed to the scammer’s account. Such scams have cost organizations $9 billion since 2016, according to a recent advisory from U.S. Financial Crimes Enforcement Network.

While the private sector counts many victims, the latest targets have included dozens of government groups, from municipal offices to foreign national agencies. For example, one scammer managed to defraud a Washington county out of $740,000 by posing as an accountant from a construction firm. The fake email address was similar to the name of a real employee and the emails instructed the county employees to change the deposit information for the pending payments.

Now online enrollment forms are providing a new - and perhaps even easier - way to change vendor payment information. A small town in Colorado inadvertently paid a fraudster posing as a contractor more than $1 million for constructing a new bridge. According to news reports, the suspect submitted an online form to request that the town pay the contractor electronically.

 

An automation consideration

Paulnock says that criminals don't seem to discriminate by government size; they'll target agencies big and small. They take advantage of public notices about government construction projects and contracts that report both the names of companies that won bids and the amounts of their contracts.

What's more, many government agencies have prioritized automation, opting to headquarter ACH forms and payment resources online. That switch makes it relatively easy for bad actors to access payment information and make payment account changes without ever directly emailing the agency's AP or treasury contact. When the real company sends an invoice, the money goes to the new account and no one notices until the original vendor realizes they haven’t been paid.

"Governments need to find a balance between automating the processes and verifying information that comes in via forms," Paulnock says. 

If the agency doesn't notice the fraud, it's unlikely the bank will either. That's because the payment instructions are coming to the bank legitimately from the government agency. “Banks may send an alert if there's a dramatic change in the payment pattern but the payments themselves don't constitute a bank error,” Paulnock says.

 

The best defense 

As with most things, a proactive approach to preventing fraud is the most effective way to reduce its impact. Here are five tips for decreasing your payment fraud risk:

  1. Enroll new vendors in ACH at the start: As you onboard vendors, include ACH or enrollment in other electronic payment systems as part of the process. Work with your chosen vendors to set up the electronic money transfer and verify the information at the beginning of the contract. This simple step reduces the opportunity for scammers to attempt to change the payment method to ACH from a paper check or update the information themselves. 
  2. Proactively enroll existing vendors in ACH: Reach out to your existing vendors and encourage them to sign up for ACH payments. Track each company's progress toward enrollment and regularly reconnect with those that have stalled out on the process. This ensures that you're talking to the right people and that the right people are pursuing electronic payments. 
  3. Only offer ACH enrollment forms by phone: While it's tempting to automate ACH enrollment, especially if you're working with numerous vendors, request that companies begin the process with a phone call and make updates to their payment information the same way. Always verify the change request with a call-back to known contacts provided in the vendor contract. 
  4. Verify any changes with a phone call: If you’re receiving changes to payment information via email or forms, strive to verify those changes with a phone call to the original vendor. The latter part is essential - scammers will often provide a phone number of their own, and then confirm that the information is correct. Refer to the original information you have from the vendor and use phone numbers that the company provided when the contract began. Be especially wary of request using a new payment rail such as Wires, sudden payment requests to international locations or requests to change account numbers. U.S. Bank offers an account verification tool that makes the verification process even easier, allowing you to inquire against a national database of account information and receive results back in seconds. 
  5. Take advantage of virtual credit cards: If your organization is moving toward electronic payment, Paulnock recommends considering virtual cards. With Virtual Card, by U.S. Bank, payment is made with a single-use account number, coded for a specific supplier for an exact amount, and a defined time. The card number deactivates once a payment is processed. Each payment is linked to a new virtual card number. "It's challenging for crooks to get into the mix," Paulnock says. "We've seen almost no fraud with virtual cards.” 
     

Finally, if you suspect fraud, contact your bank and the FBI immediately. "The sooner we find out about a problem, the better," Paulnock says. The bank can try to reverse the payment and perhaps recover some or all of the funds. The FBI has the ability to freeze receiving accounts so that suspects can't move money out of them.

Bad actors will always be looking for ways to make easy money but by implementing verification strategies and using tools that prevent fraud, you can institute hurdles to payment scams that reduce your risk and protect your organization's assets.

 

How the COVID-19 pandemic is affecting government fraud

Every day, new information surrounding COVID-19 is released from the CDC and the federal government. Unfortunately, scams are an evolving part of this situation as well. Be aware of the following scams so you can protect yourself during this time.

Ransomware schemes
These scams involve emails that are disguised as being from the CDC or other government sources containing important information on COVID-19. Clicking on the link in the email installs ransomware that locks the computer and demands payment to unlock it. Do not click on any links that come from an unrecognized sender. Seek information on government websites as they are an official and safe source that is constantly updated.

Increase in BEC scams target towards work-from-home employees
With a drastic increase in people working from home during the pandemic, criminals may try and take advantage. Watch for basic hallmarks of a BEC scheme: requests to change bank account information, wire money, and immediate requests from “management” for payments. Employees of businesses should always verify requests by using known contact information. Never reply to the provided email or phone numbers embedded in the message.

Potential impersonation of financial institutions
As banks release important information surrounding your account information or the day-to-day changes in brick-and-mortar bank access, customers are using email to get information from their financial institution more frequently than ever. Be aware of people impersonating your bank in email or telephone communication. Never reply directly to a sender and remember that a bank will never ask you for certain information (such as your online credentials, passwords or passcodes) over electronic correspondence. If you’re feeling uneasy, hang up and call your bank directly.

 

Visit our COVID-19 site for updates, insights and resources you need to navigate the changing environment.

Related content

Dear Money Mentor: How do I set and track financial goals?

Dear Money Mentor: What is cryptocurrency?

Turn risk into opportunity with supply chain finance

Webinar: What’s new in international payments?

Webinar: Managing foreign exchange risk in unpredictable markets

Best practices on securing cardholder data

Tailor Ridge eBill case study

Want AP automation to pay both businesses and consumers?

Automate accounts payable to optimize revenue and payments

Overcoming the 3 key challenges of a lump sum relocation program

Real-time payments: the next major treasury disruptor

Colleges respond to student needs by offering digital payments

Risk management strategies for foreign exchange hedging

3 ways to adapt to the new payments landscape

Allowance basics for parents and kids

Higher education and the cashless society: Latest trends

Cryptocurrency custody 6 frequently asked questions

Managing the rising costs of payment acceptance with service fees

How to spot an online scam

Tap-to-pay: Modernizing fare payments pays off for transit agencies and riders

Complying with changes in fund regulations

Streamline operations with all-in-one small business financial support

6 timely reasons to integrate your receivables

Enhancing the patient experience through people-centered payments

How COVID-19 is transforming healthcare payments

Ways prepaid cards disburse government funds to the unbanked

Restaurant survey shows changing customer payment preferences

Luxury jeweler enhances the digital billing and payment customer experience

4 ways to make practical use of real-time payments

Evaluating interest rate risk creating risk management strategy

How Everyday Funding can improve cash flow

Payment industry trends that are the future of POS

Modernizing fare payment without leaving any riders behind

Access, flexibility and simplicity: How governments can modernize payments to help their citizens

Digital Onboarding helps finance firm’s clients build communities

Insource or outsource? 10 considerations

Unexpected cost savings may be hiding in your payment strategy

Webinar: Digitizing receivables to transform B2B rent payments

Checklist: What you’ll need for your first retail pop-up shop

Authenticating cardholder data reduce e-commerce fraud

Benefits of billing foreign customers in their own currency

How AR technology is helping advance payment processing at Avera Health

Increase working capital with Commercial Card Optimization

Top tips for card payments optimization

Fraud prevention checklist

How mobile point of sale (mPOS) can benefit your side gig

P2P payments make it easier to split the tab

3 awkward situations Zelle can help avoid

When your spouse has passed away: A three-month financial checklist

How to save money in college: easy ways to spend less

Checklist: How to gain financial independence from your parents

4 ways to outsmart your smart device

Dear Money Mentor: How do I begin paying off credit card debt?

Myth vs. truth: What affects your credit score?

4 benefits to paying foreign suppliers in their own currency

Improve government payments with electronic billing platforms

Emerging A/R solutions use artificial intelligence to target efficiency

ABCs of APIs: Drive treasury efficiency with real-time connectivity

Hospitals face cybersecurity risks in surprising new ways

How jumbo loans can help home buyers and your builder business

Higher education strategies for e-payment migration, fighting fraud

How real-time inventory visibility can boost retail margins

Escheatment resources: Reporting deadlines for all 50 states

5 steps you should take after a major data breach

Cybersecurity – Protecting client data through industry best practices

Why KYC — for organizations

The cyber insurance question: Additional protection beyond prevention

What is CSDR, and how will you be affected?

Post-pandemic fraud prevention lessons for local governments

How electronic billing platforms improve government payments

Rethinking common time management tips

How to apply for a business credit card

How a small business is moving forward during COVID-19

How to accept credit cards online

BEC: Recognize a scam

Fight the battle against payments fraud

The latest on cybersecurity: Vulnerability testing and third-party software

The password: Enhancing security and usability

Tactical Treasury: Fraud prevention is a never-ending task

3 timeless tips to reduce corporate payments fraud

Digital trends poised to reshape hotel payments

Three healthcare payment trends that will continue to matter in 2022

Safeguarding the payment experience through contactless

Automate escheatment for accounts payable to save time and money

Understanding and preparing for the new payment experience

White Castle optimizes payment transactions

Collect utility and telecom bill payments faster

Avoiding the pitfalls of warehouse lending

ABCs of ARP: Answers to American Rescue Plan questions for counties

4 tips for protecting your business against Coronavirus-related scams

5 Ways to protect your government agency from payment fraud

Proactive ways to fight vendor fraud

The latest on cybersecurity: Mobile fraud and privacy concerns

How to improve your business network security

Government agency credit card programs and PCI compliance

Cybercrisis management: Are you ready to respond?

Business risk management for owners of small companies

3 benefits of integrated payments in healthcare

Webinar: AP automation for commercial real estate

Webinar: CSM corporation re-thinks AP

The future of financial leadership: More strategy, fewer spreadsheets

COVID-19 safety recommendations: Are you ready to reopen?

How to improve digital payments security for your health system

Government billing survey: The digital transformation of the payment experience

Enhancing liquidity management: 4 benefits of visibility

Top 3 ways digital payments can transform the patient experience

Webinar: Fraud prevention and mitigation for government agencies

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Webinar: Recording of the Central Securities Depository Regulation and Pivot

Webinar: CRE technology trends

Webinar: Robotic process automation

Webinar: Economic, political and policy insights

Webinar: CRE treasury leader roundtable

Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.