Digital Transactions Authoritative, insightful and timely information for payments professionals
In 2020, 74% of organizations were targets of payments fraud, down from 81% in 2019 and 82% 2018, according to the Association for Financial Professionals’ annual fraud report. The Bethesda, Md.-based association has surveyed companies across myriad industries yearly for 17 years.
Large organizations, those with annual revenue of $1 billion or more and fewer than 26 payment accounts, are the most frequently targeted by criminals, with 80% of respondents saying they were victims of payments fraud. In comparison, 67% respondents with annual revenue less than $1 billion were targets of payments fraud in 2020, compared to 78% in 2019.
ACH debits experienced a slight uptick in fraud, with 34% of respondents victimized in 2020, compared to 33% a year earlier. The increase was due in part to a shift away check and wire-transfer fraud. At the same time, 19% of respondents reported ACH credit fraud compared to 22% a year earlier.
While ACH transactions are considered more difficult to compromise, the increased focus on ACH transactions by criminals suggests fraudsters are acquiring more sophisticated techniques when targeting organizations, the report says.
Corporate credit card fraud decreased significantly, with 24% of respondents reporting this type of fraud in 2020, down from 34% in 2019. The decline was largely due to shrinking payrolls as companies furloughed employees and restricted business travel, which in turn decreased discretionary spending on corporate cards. Other factors contributing to the decline include the transition to chip cards, which are harder to counterfeit, and card issuers’ use of algorithms and machine learning to detect potential fraud.
Despite the decrease in corporate card fraud, travel and entertainment cards remain the most prone to fraud, with 79% of respondents citing T&E card fraud. Purchasing cards were also subject to fraud, with 61% of respondents citing this type of corporate card fraud. The vast majority of corporate card fraud took place on card-not-present transactions, according to 71% of respondents.
Business email compromise (BEC), which emerged as a leading source of fraud attempts in 2019, rose slightly to 62% in 2020, up from 61% a year earlier. In these schemes, fraudsters often impersonate senior executives to trick employees into sending funds to accounts controlled by the criminals.
Accounts-payable departments are the most susceptible to BEC fraud, with 61% of respondents reporting their AP department was the most vulnerable business unit targeted. Treasury was the second-most targeted department, cited by 13% of respondents.
“Accounts-payable [departments] issue the bulk of the ACH payments via batch processing for the company,” Tom Hunt, CTP director, treasury & payments services for the AFP, says by email. “Often times accounts payable doesn’t report up into the finance organization, so maintaining proper controls and policies in place becomes even more critical in the company where access to the payment system could be vulnerable.”
The good news is that companies are becoming better at detecting fraud sooner. Thirty-five percent of respondents took less than one week to uncover the fraud and 31% detected the fraudulent activity within one to two weeks. Thirteen percent took an additional two weeks to realize they had been targeted, and 21% uncovered the fraud within one to 12 months.
The Covid-19 pandemic played a large role in companies’ ability to detect fraud faster. Businesses put their internal processes and business-continuity plans under stricter scrutiny as more employees worked remotely. As a result, companies “were much more adept at making sure their controls were in place and have gotten better at identifying fraud and ensuring proper safeguards were in place,” Hunt says.
Hunt says companies need to keep having conversations with their bank or payments vendor on tools they can implement to prevent and detect fraud. “Meet with them regularly for a fraud checkup and implement a fraud policy,” he adds.
