Corporate Account Takeover a New Payments Fraud Threat, Finds AFP Survey
Corporate payments fraud is as high as it ever was, according to a new survey by the Association for Financial Professionals (AFP), with corporate account takeover emerging as a serious threat. While cheques continue to be the most widely-used vehicle for payments fraud, corporations also must be vigilant to protect payments access points linked to web-based transactions and corporate cards.
The 2011 AFP Payments Fraud and Control Survey, underwritten by JP Morgan, found that despite a dramatic shift toward electronic business-to-business (B2B) payments and the adoption of preventative techniques, payments fraud has remained persistent over the last five years.
“Cheques have been a known vulnerability for many years. The fact that 93% of companies that had experienced payments fraud in 2010 are telling us that cheques were a target provides companies with a consistent incentive to shift more transactions to electronic payments,” said David Bellinger, AFP’s director of payments. “But cheques are not the only area of vulnerability. We are now seeing companies fall prey to corporate account takeover, where someone gains access to a company’s credentials and uses those to empty business accounts.”
In corporate account takeover, fraudsters use technology or social interactions – ranging from phone conversations to social networking messages – to induce an employee to divulge an organisation’s account information, allowing the fraudster to move money and cause large losses in a very short time. The AFP survey found that 14% of respondents experienced this type of fraud last year, with 2% actually suffering a loss. It has become prevalent enough to warrant warnings to businesses from the FBI and other federal agencies.
Across all types of payments fraud, criminals outside the corporation make most of the attempts, accounting for 87% of the fraud reported in the AFP survey. Roughly 10% of respondents suffered payments fraud originating from an organised crime ring or third-party/outsourcer. Only 9% of organisations were subject to internal payments fraud.
Key findings of the survey include: