Cash flow is king for companies of all sizes, but businesses must strategize to keep fraudsters from stealing the crown. Bad actors are employing a widening array of new schemes to muscle their way into companies’ digital doors. Thirty-four percent of companies surveyed in one September 2020 study said they had experienced cybercrime during that year, for example.
Scams that target online payments and their processes are becoming more commonplace as businesses move to digital channels to keep track of their incoming and outgoing funds. This concern has risen as more companies begin to operate on an international scale, with recent PYMNTS data showing that 52 percent of U.S. and U.K. firms collectively worry about payments fraud or theft when receiving cross-border payments. Fraud attempts known as authorized payment attacks, which focus on manipulating victims into sending payments in real time to bad actors, are becoming a particularly difficult challenge for businesses. These include business email compromise (BEC) attacks, with one study finding that businesses lost nearly $2 billion in 2020 due to BEC or other email account compromise (EAC) scams. This type of fraud typically involves cybercriminals crafting emails that appear to originate from company executives or corporate partners to trick employees into sending funds. The dangers are growing more apparent to companies, with 86 percent of firms in one recent study agreeing that BEC scams will be the biggest risk to their organizations over the next one to two years.
Determining how to ward off BEC and other authorized payment attacks is essential for companies to successfully manage and grow their operations in the future. The following Deep Dive looks at how commercial and corporate payment-focused fraud has shifted since the beginning of the pandemic, details the tactics fraudsters are using when making these attacks and identifies the technologies and strategies businesses can employ to detect and oust such fraud more efficiently.
The Evolution Of Fraud Targets
Keeping payments secure is critical for companies as they attempt to navigate changes to their daily operations in response to the global health crisis. Fraudsters are taking advantage of overwhelmed systems and remote teams, attacking businesses’ payment methods both new and old. Check and wire fraud figures — still favorite B2B payment methods for a large number of businesses — remained high in 2020, with 66 percent of companies in one recent study reporting attempted or successful payments fraud against checks. The third most frequently targeted payment method was ACH debit payments, as 34 percent of firms noted such attacks. The report even found a smattering of fraud attempts focused on nascent payment methods such as mobile wallets, cryptocurrencies and faster payment systems, with 1 percent of organizations experiencing attacks against each.
Fraudsters are following in firms’ footsteps as they leave manual payments behind in favor of ACH payments or virtual cards. Three percent of companies experienced virtual card payments fraud, while check fraud, despite being the most prevalent, remains on the decline, already having decreased 8 percentage points in 2019 from the year prior. Bad actors are adjusting not only what payment methods they are attacking but also how they are coordinating their attacks, pivoting to new tactics and schemes that slip beneath the defenses firms have built for their emerging payment processes.
The most troubling of these scams is BEC-related fraud, with a June 2020 study revealing that BEC schemes targeting invoices or payments rose by 75 percent in the first three months of the year. These false emails — used to pose as company vendors, for example, to attempt fraudulent wire transfers or to hijack vendor payments entirely — usually come attached with higher dollar amounts and thus higher losses when successful. This makes having fraud prevention solutions that can detect, isolate and oust fraudsters at every stage of the payments cycle vital for companies.
Executing A Holistic Payments Fraud Response
Companies of all sizes need to consider not only the tools but also the strategies they use to detect and block fraudsters in a different way. Cultivating a payments fraud prevention strategy that can protect every corner of the B2B payments cycle is crucial. Firms have moved to tackle this threat in multiple ways, from examining the potential benefits of automated technologies and other advanced tools to expanding the role of human analysts. One recent study found that “staff accountability” when managing fraud rose by 50 percent in the past two years, for example. These approaches can also be paired with digital tools such as the Confirmation of Payee service that business payment firm Bottomline offers U.K. entities, which confirms vendors’ identities when human employees confront potential BEC scams.
Firms must ensure they can integrate this human element seamlessly with emerging digital tools to enable a payments fraud response that is holistic in nature rather than protecting one element of the payments process at a time. Companies that fail to do so may find themselves needing to try to ward off even more fraudsters in ever-evolving ways.
Selected by EFXA