Payment Fraud: Spot It and Stop It

Payment fraud is a serious problem for companies of all sizes. In the Association of Financial Professionals (AFP) 2024 survey report, 80% of respondents reported their organizations were targeted.1 There were various payment instruments used to carry out the thefts. Check writing accounted for 65% of business fraud, followed by ACH debits (33%), wire transfers (24%), and corporate/commercial credit cards (20%).2

What are common types of payment fraud?

In addition to common payment methods used to commit fraud, scammers also have preferred modes of attack.

• Outside Individuals

  
  Whether forging checks, stealing credit card data or engaging in synthetic identity fraud, individuals outside the organization perpetrate the most fraud. These criminals committed 66% of the fraud against businesses last year – an increase of 12% from the year before.3
  
  

  How to prevent hacking:

  
  Protecting your systems, software and devices is part of a larger cybersecurity plan. It is also critical to payment fraud prevention. Be sure to timely apply patches and other updates, as well as monitoring networks for irregularities. Hijacking company communications is another way fraudsters gain access to sensitive data. Encryption protects the data. Multi-factor authentication and password managers make it harder to access corporate email and other accounts.



• Business Email Compromise (BEC)

  
  In this communication-based scam, fraudsters will either forge an email header to impersonate a legitimate source such as a vendor or employee, lead users to a lookalike, fake domain, or access a compromised account to send fraudulent payment requests. These emails may also have attachments or links to fake payment sites. The percentage of companies that experienced BEC last year declined five percent but is still high at 63%.4 BEC schemes most often included ACH credits (47%), wire transfers (39%) and ACH debits (20%). Businesses with annual revenue less than $1 billion are more often targeted (57%), but all organizations are at risk. Wire transfers were most vulnerable among 80% of larger, more decentralized organizations with at least $1 billion annual revenue and 100 payment accounts.5
  
  

  How to prevent BEC:

  
  The first defense in any scheme is to understand the scenarios and tricks fraudsters use to gain access to your company’s email accounts. Train staff to identify and respond to scams, and to use strong passwords for every account they use. Also, secure accounts and devices with multi-factor authentication. Maintaining an overall solid cybersecurity posture is also important, as it protects systems and software and often includes safeguards against BEC.



• Impersonation Scams

  
  The FTC reported 330,000 cases of business impersonation and 160,000 government organizational scams last year – nearly half of all fraud reported to the agency with losses totaling $1.1 billion.6 Most often the requests for payment were via text or email.
  
  Direct consequences include financial loss and reduced working capital that can inhibit company growth. Indirect costs might be loss of reputation, legal or regulatory actions, and disrupted operations.
  
  

  How to prevent invoice fraud:

  
  An automated solution works quickly and flags anomalies for investigation. Double-check vendor and invoice details, like whether you have a matching purchase order. Confirm payment details with known contacts at the vendor if something seems suspicious. Internal protocols like segregation of duties, regular audits and tiered approvals can also improve oversight.



• Account Takeover

  
  This is a type of identity fraud in which criminals add their own information to a customer’s account. For example, a fraudster might hack into an account and change the email address or add his or her name to the account as an authorized user. The fraudster then hijacks the account. They may also insert spyware or malicious code. According to the Financial Crimes Enforcement Network, this type fraud increased 72% since 2022.7
  
  

  How to prevent account takeover:

  
  Limiting access to data, software and systems, via authorization and authentication, is the best way to prevent account takeover. Share sensitive information with only necessary staff and programs. Implement password management software to ensure employees and customers use strong passwords. It’s also important to establish baselines to understand and monitor account behaviors. With this knowledge you’ll be able to detect suspicious activity and prevent attacks.

Executing these destructive schemes takes considerable time and mental effort. Criminals are tenacious, and their end-goal is always financial. Organizations must stay one step ahead with internal controls and timely, effective payment fraud prevention strategies.

Payment fraud detection is a critical tool to prevent risk.

Businesses need a fraud risk management solution that balances tolerance with positive customer experiences and operational efficiency. For low-cost transactions, companies and banks might have a relatively high risk tolerance but, for more expensive purchases, they usually require a higher level of assurance that the payment isn’t fraudulent.

Fraudsters won’t stop trying to steal from businesses. But vigilance, employee education and smart investments can help. These are four important steps to take to effectively protect your systems and data.

1. Implement positive pay methods.

   
   Your financial institution can provide positive pay solutions that daily compare incoming checks and segments unmatched items for review and approval. Positive pay for ACH compares previously authorized transactions against new ones, suspending any that don’t match until they’re approved.



2. Conduct a beneficiary validation.

   
   Validating beneficiary information before adding a one-time or recurring ACH payment instruction in ERP or accounting applications is a best practice companies shouldn’t overlook. Tools and services to automate beneficiary validation are available. In addition, some payables solutions will enable companies to avoid capturing, validating and maintaining ACH payment instructions all together, further reducing vulnerabilities.



3. Perform a fraud risk assessment.

   
   Maintaining a strong security posture is critical. Examine fraud prevention tools and processes you currently have to determine how effective they are against known risks. Ensure systems and software are up to date. Then understand emerging risks and what you need to protect against them.



4. Invest in technology.

   
   Technology helps organizations become better at fraud detection and prevention. “Modern company-to-bank integrated solutions enable real-time connections between enterprise resource planning (ERP) or account application and financial institutions,” says Laura McGortey, director, Synovus Payments Management Solutions.
   
   “This integration eliminates the need for tokens, as well as payment or reconciliation file exchange. In addition, user entitlements are already established within the ERP or accounting application and managed by individuals with administration-level credentials. This further strengthens organizations against payment fraud vulnerabilities,” McGortey adds.
   
   Artificial intelligence and machine learning are also powerful tools in payment fraud detection. These solutions cull massive amounts of historical data for usage, payment and other patterns, creating dynamic rules for guidance. Such rules also detect new threats.



5. Ask for help.

   
   Financial institutions manage billions of dollars in consumer and business capital, and they are bound by industry and government regulations. Companies should put this expertise to use to better understand current and emerging threats, as well as identify fraud and prevent loss.
   
   Banks also offer cohesive fraud prevention tools. “Some evolving payment solutions better protect businesses’ bottom line with integrated safeguards. These include fraud screening, ACH banking information validation and monitoring for electronic payments, as well as built-in positive pay protection for checks,” says McGortey.

Payment fraud damages can be extensive and costs are staggering. For more information on how Synovus can help your business with fraud risk management, complete a short form and a Synovus Treasury & Payment Solutions Consultant will contact you with more details. You can also stop by one of our local branches.