Effort and Vigilance Pay off in the Battle Against Payments Fraud

The Covid-19 pandemic changed a lot in terms of how we live, travel, and—in many cases—work. Organizations around the world mandated that many employees work remotely, which required companies to alter processes and procedures. One of the impacted processes was payments.

Less face-to-face interaction meant employees were requesting sensitive information and verifying payment requests or transactions via email or other virtual forms of communication. Many finance industry observers expected fraudsters to make the most of this situation, targeting remote employees with new and expanded payments fraud ploys. However, findings from the “2022 AFP Payments Fraud Survey” suggest that working remotely did not play a significant role in the incidence of payments fraud observed at organizations in 2021.

Our survey found that 47 percent of respondents did not see an increase in payments fraud at their organizations due to the increased prevalence of remote work. Thirty-two percent of respondents do believe an increase in payments fraud at their companies is the result of employees working remotely.

The Long Game: Declining Fraud

In fact, overall, our 2022 survey reveals the continuation of a positive trend: After peaking at more than 80 percent of survey respondents in 2018 and 2019, we have logged a gradual decrease in the percentage of organizations being impacted by a payments fraud attack or attempt. Still, although the trend is certainly headed in the right direction, 71 percent of organizations represented in our survey were victims of payments fraud in 2021.

The share of organizations impacted by email fraud also declined—evidence of the extensive efforts made by business leaders to safeguard employees vulnerable in a remote-work environment, as well as the success of ramping up training and other validation and verification processes. Sixty-eight percent of organizations were targeted by business email compromise (BEC) attacks in 2021, eight percentage points lower than in 2020 and the second lowest percentage since the Association for Financial Professionals (AFP) began tracking this data in 2015.

Checks continue to be the payment method most often targeted by fraudsters to infiltrate organizations, because although their usage is on the decline, they are still the payment method most used by organizations. In 2021, two-thirds (66 percent) of organizations fell prey to check fraud—a result unchanged from the prior year’s findings but lower than the incidence of check fraud observed in the past. To minimize their risk of being exposed to check fraud, treasurers should continue to work with their banks and to equip their organization with the right tools, such as payee positive pay.

Mitigating Fraud in Electronic Payments

The use of checks is declining in large part due to companies’ migration away from checks to digital payment formats. This shift was necessary at the height of the pandemic, and it contributed to the decline in the frequency of check fraud—a trend that started several years earlier. According to the “2019 AFP Electronic Payments Survey,” check usage decreased by nine percentage points from 2016 to 2019.

In 2021, ACH debits replaced wire transfers as the payment method targeted second most frequently by fraudsters. This statistic highlights how relentless criminals are in their efforts to commit fraud; they are constantly seeking areas where they can infiltrate payment systems.

Treasury groups need to be closely monitoring their ACH debits, as the concern around fraud in this area is on the rise. Corporate treasurers can utilize simple banking tools, such as ACH filters and blocks, to mitigate this risk. Better yet, having a full suite of proper controls in place—including reconciling activity on a regular basis, separating duties, and having a good banking/vendor partner that fully understands best practices for preventing this type of fraud—is very helpful.

As companies move from paper to digital, their treasury teams must mitigate any risks that could emerge as a result of the migration. The following actions will help safeguard a treasury organization against new fraud vectors that the transition might expose it to:

• Revise policies and procedures for all tender types within the organization. The same activities can reduce the incidence of successful fraud across checks, wire transfers, and ACH and card payments. These activities include dual initiation or approval, validating exceptions and returns, reviewing and verifying change of payment instructions, and implementing call backs. Daily review and reconciliation—accompanied by a complete reconciliation conducted monthly, at a minimum—are strongly recommended.
• Work with accounts payable (A/P) to make sure they have all the appropriate protections in place for the company’s banking tools. Some A/P team members may be susceptible to BEC fraud attempts. Thus, it’s important to have safeguards in place to mitigate fraud at the account level—tools such as ACH filters, payee positive pay, and check blocks.
• Validate procedures with internal audit to gain an independent perspective and detect and address any deficiencies immediately. Standard operating procedures should ensure that payments are initiated, released, and validated—and that returns or exceptions are reviewed and reconciled—all per company policy. Any shortcomings in the process need to be identified, and adjustments must be implemented, to alleviate the risk of fraud.
• Reconcile all types of payments on a daily basis.
• Return ACH items within return windows.

The decline in overall payments fraud may very well be attributed to vigilant finance professionals who are actively implementing strategies that prevent their organizations from being vulnerable targets. In addition, the pandemic likely induced changes in the way operations and processes are being conducted, resulting in the obstruction of some fraud activity. Companies sought to patch up deficiencies in their controls, policies, and procedures, as well as provide education efforts to equip their staff to be better prepared to detect risk.

Effectively combating payments fraud requires more than just robust internal controls. Finance professionals need to prioritize the negation of payments fraud in their strategies and tactics, think “outside the box,” keep up-to-date on new technologies (fraud perpetrators certainly do), and be prepared to invest in the measures necessary for successful prevention. After all, the more frequently organizations succumb to these attacks, the more encouraged those fraudsters will be.

Mariam Lamech is the director of survey research for the AFP. In this role, Lamech manages the project lifecycle for AFP’s proprietary research, including survey rationale and design, survey administration, analysis and interpretation of survey data, and writing and producing AFP’s survey reports. Lamech leads and executes AFP’s survey research, with a focus on enhancing the value of AFP’s external survey projects to the treasury and finance profession through the development and production of ancillary products. She has nearly 25 years’ experience within research functions at associations.

About the Payments Fraud Survey: Every year since 2005, the Association for Financial Professionals® (AFP) has conducted a Payments Fraud Survey. The surveys examine the nature of fraud attacks on business-to-business transactions, the payment methods impacted, and the strategies that organizations are adopting to protect themselves from those committing payments fraud. Continuing this research, AFP conducted the 18^th Annual Payments Fraud and Control Survey in January 2022. The survey generated 552 responses from corporate practitioners from organizations of varying sizes representing a broad range of industries. The survey was underwritten by J.P. Morgan.