Security in the Age of Payments Fraud: Are You Prepared?
March 10, 2022
Payments fraud is nothing new — after all, forgery and counterfeiting have been around as long as currency. But today, with continual advances in payments methods and technologies, digital payments fraud is a concern that potentially touches businesses of any size.
Most cybersecurity professionals agree that increased online transactions, fueled by the disruptions of the last several years, have added opportunities and incentives for corporate payments fraud.
While tactics like check fraud are declining (probably due to the transition from checks to electronic payments), a majority of organizations nationwide remain vulnerable to new approaches. As the FBI has reported, fraudsters today are bringing innovations and technological sophistication to the scene that sometimes match advances in the legitimate business world.
And the risk reaches into all departments — not just finance, but also HR and IT. For instance, more than 8,000 Nevadans report identity theft every year, according to the FBI’s Internet Crime Complaint Center (IC3).
What can business owners do today to protect their organizations?
The first step is to know what you’re up against. Checks, wire transfers, and ACH debits and credits are the most common payment methods impacted by fraud. In the case of ACH transactions, it’s usually not the payment method itself that’s being compromised but the processes leading up to payment initiation. ACH fraud is frequently connected to phishing scams and business email compromise (BEC), the most common source of attempted payments fraud — affecting 62% of companies in 2021.
To combat cybercriminals’ evolving strategies, many companies have developed policies that go beyond simply identifying their exposure to risks. Although there’s no single solution to fit all payments fraud concerns, these internal best practices can be a good place to start:
1. Train management and employees about fraud methods, including BECs.
2. Document critical banking processes and approval steps, and make sure your team uses them.
3. Inspect financial statements immediately against your internal records.
4. Segregate financial duties to prevent internal fraud.
5. Take inventory of your check supply regularly and restrict employee access.
6. Pay vendors by ACH credits rather than allowing ACH debits from your account.
7. Verify new supplier entries to protect accounts payable.
8. Use a single, dedicated computer for critical online banking functions to avoid corruption introduced through BEC or other non-secure sources.
9. Always remain vigilant, and build policy into your company’s everyday operations. The longer it takes to identify fraudulent activity, the lower the chances of recovery.