Payments fraud ‘the new normal’

Payments fraud continues to soar, as a record 82 percent of organizations reported incidents in 2018, according to the 2019 AFP Payments Fraud & Control Survey, underwritten by J.P. Morgan.

Large organizations were particularly vulnerable to payments fraud, as businesses with revenue greater than $1 billion reported a jump of seven percentage points year-over-year to 87 percent. Organizations with revenue less than $1 billion experienced fewer fraud attempts in 2018, down four percentage points to 69 percent from 73 percent.

Business Email Compromise (BEC) also set a record. Eighty percent of companies reported BEC fraud last year, up from 77 percent in 2017. More than half (54 percent) of organizations reported financial losses as a result of BEC, the first time since AFP began tracking this data that this number climbed above the 50-percent mark. More than three-fourths of companies are responding by adopting stronger internal controls that prohibit payment initiation based on emails or other, less secure messaging systems.

“Payments fraud is a persistent problem that is only getting worse despite repeated warnings and educational outreach,” said AFP President and CEO, Jim Kaitz. “Treasury and finance professionals need to learn the latest scams and educate themselves—and perhaps more importantly—their work colleagues on how to prevent them.”

“It is equally important for businesses to mitigate against non-financial implications of payments fraud,” said Jessica Lupovici, Managing Director, J.P. Morgan. “Businesses stand to suffer reputational risk, which can be severe, expensive and require significant clean-up efforts.”

Other highlights of the 2019 AFP Payments Fraud & Control Survey include:

• 70% of organizations report being exposed to check fraud, a slight decrease from 2017. Checks continue to be most impacted by fraud; however check fraud continued to decline to its lowest level since AFP began tracking such activity.
• 43% of organizations experienced direct financial loss as a result of payments fraud
• There is a noticeable increase in fraud activity via ACH debits and credits – 33% of organizations reported ACH debit fraud—up from 28% the previous year
• 20% of organizations reported ACH credit fraud—up from 13% the previous year

Worryingly, the report highlights how fraudulent activity is on the rise, despite efforts to counter the threat. The report says that it’s clear organizations are cognizant of increasing threats and in many cases are actively implementing measures to control payments fraud. But that increased vigilance is not always enough; the tactics of those engaging in payments fraud are more sophisticated and, consequently, more fraudsters are successful in infiltrating targeted organizations.

Financial professionals need to be proactive if they want to prevent and mitigate the effects of payments fraud successfully. Besides minimizing the known threats being targeted at their companies, they have to predict the unknowns and prevent such threats from having an impact. This is challenging and requires significant investments of time and money as well as an organization leadership committed to minimizing these crimes.

Organizations and their treasury/finance staff cannot afford to be complacent; they all must be vigilant. Fraudsters seek to attack targets that lack protection. While not every organization can protect itself completely, having a variety of protective measures in place will likely frustrate fraudsters and they’ll move on to easier targets. Technology will likely be used by perpetrators to commit crimes and inflict extensive damage; fraudsters keep up to date with new technology and are constantly finding new schemes to capture funds from their targets. But while new technology can be fraudsters’ favorite tool, it can also be used by organizations in helping prevent hacks into payment systems.

“Effectively combating payments fraud requires more than just robust internal controls,” the report’s authors said. “Financial professionals need to prioritize payments fraud in their strategies and tactics. Importantly, they must think “outside the box” and keep up to date on new technologies—fraud perpetrators certainly do. Organizations and their finance staff must be prepared to take and invest in the measures necessary to prevent fraudsters from being successful. The more frequently organizations succumb to these attacks, the more encouraged those fraudsters will be.

For more information about the survey, head to www.AFPOnline.org/paymentsfraud.