No matter what’s going on in the world – even a global crisis – criminals won’t stop trying to infiltrate Finance and commit payment fraud.
Despite companies’ awareness and best efforts, payment fraud still remains extremely high.
In 2019, 81% of companies were targets of fraud attacks, found the 2020 AFP Payments Fraud & Control Survey. That’s the second highest number in a decade.
Other top takeaways
What else did the brand-new survey reveal? Three other top takeaways highlighted by AFP that CFOs and their teams should know are:
1. Business email compromise (BEC) is the most popular method. Almost two-thirds (62%) of payment fraud attempts were related to BEC. And this is the first year it’s the top source.
2. Companies are being more proactive. In response to the surge in BEC scams, companies are:
- educating and training employees on BEC (80%)
- implementing policies on providing appropriate verification of any changes to invoices, bank deposit info or contact info (70%), and
- executing call backs to authorized payee contacts to confirm requests for money transfers (65%).
3. ACH is on criminals’ radar. When looking at which payment methods were targeted in 2019, 33% of companies cited ACH debits and 22% named ACH credits. Your company’s Automated Clearinghouse payments seem to be a growing interest for criminals, AFP notes.
In addition to sharing AFP’s findings with Finance, encourage them to use these measures to deter fraud at all times, even amid an international crisis:
1. Keep communication flowing
Reaffirming with your team that fraud is rampant during these uncertain times is a good start – but you know one reminder isn’t enough. Make communications ongoing, including announcements from IRS, the FBI, etc.
And even after the pandemic, sharing seasonal scams (e.g., gift card scams around the holidays) and news stories of real-life fraud instances (e.g., finance staffers being tricked by phishing scams) will keep everyone on high-alert all year round.
2. Partner closely with IT
As mentioned, most companies are seeing BEC training as an increasingly important factor in reducing fraud. So, make Finance and IT a dynamic duo. A/P knows the payment process that fraudsters are threatening to exploit inside-out, and IT knows the technology they’re manipulating. Together, they can work to break down BEC into easily digestible information for all employees.
And training aside, your team could also work with IT to implement the other controls companies are focused on now (e.g., a stronger verification process for changes for payment information or a secure confirmation process for transfer requests).
3. Institute more specific protocols
Some criminals spend months planning behind the scenes, learning how your company and employees operate, so they can mimic them appropriately. Instituting specific process steps or approvals unique to your payments process will make these criminals’ jobs harder.
For example, AFP shared a story where an A/P staffer foiled a BEC attempt: A criminal hacked a senior manager’s email and requested payment for a “new vendor.” But because A/P used a special form that needed to be signed, and the criminal didn’t have the form, the staffer had to pick up the phone and soon realized it was an impersonator.
