Learning that the U.S. suffers the most credit card fraud in the world may not surprise you. But did you know that global payment card fraud losses reached $28.65 billion in 2019? That’s a lot of fraudulent transactions.
Unfortunately, COVID-19 has only made business fraud worse. According to the FBI, Business email compromise (BEC) scams have quickly surpassed most forms of internet fraud. Nearly 20,000 BEC scams targeted American businesses in 2020 alone, resulting in $1.8 billion in losses.
The Association of Certified Fraud Examiners (ACFE) backs up this finding, stating that 68% of CFEs reported an increase in fraudulent activity in May 2020, while 77% of CFEs reported increased fraud by August 2020—a 9% increase in just three months.
But what about business-to-business (B2B) payment fraud in particular? How prevalent is it during the pandemic? Perhaps more importantly—how can businesses better protect themselves from payment fraud during such trying times?
The most common types of B2B payment fraud
According to the Association of Finance Professionals (AFP) 2020 Payments Fraud and Control Survey Report, 81% of companies were targets of payment fraud last year—the second-highest figure since 2009.
That being said, the strategies fraudsters use to conduct B2B payments fraud are changing. While credit card transactions are still the most common form of payment for most U.S. businesses (92% of fraudulent online transactions involve credit cards), card fraud isn’t the most compromising form of payment fraud.
In 2018, for the first time ever, ACH debit transfers outnumbered check payments (16.6 billion vs. 14.5 billion). It was a significant milestone and a sign that checks were permanently falling out of favor with American consumers and businesses alike.
That being said, when it comes to business payments, check fraud remains a serious problem. As many as 50% of businesses still rely on paper checks as their primary form of payment, even though the Federal Reserve Bank of Philadelphia predicts checks will be history by 2026.
According to a report by the TROY Group, 74% of U.S. businesses experienced check fraud in 2018. Yet few business owners realized check fraud had cost them between 0.5–1.5% of their total revenue.
Small businesses are particularly vulnerable to chargebacks caused by fraudulent card transactions and are at greater risk for check fraud (22%) than larger companies with over 100 employees (8%).
Wire transfer fraud is on the rise
As paper checks collect dust in office drawers across the country, many businesses have switched to online transfers for B2B payments due to their simplicity and affordability. Others favor same-day wires for their perceived security and international appeal.
However, transfer fraud is on the rise. Over the next decade, it may become the most common form of B2B payment fraud. Although credit cards account for the most payments nationwide, twice as much money is lost to ACH and wire transfer fraud, according to the FTC’s Consumer Sentinel Network 2020 Data Book report.
And according to the AFP’s 2021 survey, over 75% of companies were targeted by business email compromise (BEC) attacks. As many as 34% of companies suffered a financial loss as a result. A fraudster sends an email in a BEC attack that appears to be from a trusted source, such as a manager or a vendor, requesting private information for an online transfer or wire payment.
“While treasury and finance leaders are very aware of how widespread this type of fraud has become, they are not able to obstruct it sufficiently. Fraudsters are successfully infiltrating payment activity at organizations by using email to do so. Their success in deceiving organizations encourages them to continue to use BEC,” the AFP report concluded.
Creating your own B2B payment fraud checklist
Smaller companies often lack the human resources to implement proper fraud controls and training programs, making them ideal targets for payment fraud. Large companies can be an appealing target for big paydays. The good news is that an ounce of prevention is worth a pound of cure. Organizations can start to protect themselves from B2B payment fraud simply by reviewing their current practices.
That’s why it’s so essential to safeguard your payment processes by implementing a proper system of checks and balances. If you don’t already have a payment fraud checklist, feel free to use ours:
1. Internal Policies & Controls
Employees with access to your banking and payment information are often the targets of payment fraud scams. With the proper policies and controls in place, however, they can be your first line of defense against payment fraud.
Enforce separation of duties
☐ Is a single team or employee responsible for reviewing and processing all payments?
☐ Does any single employee have the authority to approve or deny all transactions?
☐ Is there any conflict of interest where a single employee has no one overseeing their actions?
☐ Have I limited access to resources for specific job roles, such as bookkeeping or accounting?
Create transparent transaction approval procedures
☐ Is someone responsible for reviewing all payments before they are processed?
☐ Do employees feel comfortable enough to report potentially fraudulent activity?
☐ You can’t catch what you can’t see. Is there 360-degree visibility into all transactions?
☐ When changes are requested for payment instructions, are they made correctly and on time?
Implement audits and control testing
☐ Do I have an internal, randomly conducted audit procedure in place?
☐ Are internal audits conducted by a trusted third-party provider?
☐ Do employees know where to go or who to speak to if they suspect suspicious activity?
☐ Can they anonymously report suspected fraud/embezzlement without fear of repercussion?
2. Online Payment Safety & Security
As online payment methods gain in popularity, so does cybercrime. But many employees may not be as familiar with cybercrime phishing scams as they are with over-the-phone fraud. Staying vigilant is vital to ensuring that online schemes—such as BEC attacks that lead to ACH or wire transfer fraud—don’t compromise your business.
Review online safety and security
☐ Are my employees adequately educated and trained on best practices for online safety?
☐ Do I have fraud alerts set up to notify me when potentially fraudulent activity is happening?
☐ Have I limited administrator password privileges for initiating or approving transactions?
☐ Is it possible for any employee to easily share or save compromising payment information?
Review payment safety and security
☐ Are my employees still using physical cards or are we issuing safer virtual cards?
☐ Do we take advantage of virtual card controls, permissions, and 24/7 monitoring?
☐ Have I issued company-secured devices to employees that need them?
☐ Do I maintain a regularly updated firewall system for company devices?
Virtual cards increase spend visibility and control while reducing risk
If you’re not familiar with them, virtual cards are becoming an increasingly popular payment option for organizations worldwide. First off, you can’t lose, misplace, or damage virtual cards, and they can’t be stolen. This completely eliminates the most common risk vectors for payment fraud that physical cards will always suffer from.
Virtual cards are also highly flexible and programmable, offering far better visibility into and control over employee spending. For example, you can issue a virtual card that can only be used by a specific employee that comes preloaded with spending limits over a specific date range (e.g., during a business trip), approved vendors, built-in compliance rules, and much more.
Finally, virtual cards are usually synced with modern expense management and predictive analytics solutions, meaning they offer finance teams 24/7 visibility into real-time spending. Reconciling transactions and monitoring for out-of-compliance or fraudulent transactions have never been easier.
3. Check Fraud Prevention
These days, anyone with a computer and printer can create fraudulent checks. But by taking the time to put just a few simple procedures in place, you can better protect your business from costly check fraud, which remains a genuine problem in the 21st century.
Carefully choose your check providers
☐ Am I using an established, trusted provider for check orders?
☐ Do check recipients regularly complain that checks arrive late or not at all?
☐ Do I send checks with enhanced security features such as watermarks and micro-printing?
Securely store paper checks
☐ Do I currently have blank paper checks lying around the office or at home?
☐ Are checkbooks/check printing equipment securely stored in areas with controlled access?
☐ Am I keeping track of sent checks that are never received?
☐ Are voided checks properly disposed of?
Protect your business from payment fraud
This is by no means an exhaustive B2B payment fraud checklist. When it comes to safeguarding your business against payment fraud, there are hundreds if not thousands of questions you can and perhaps should be asking yourself and your employees.
The most cost-effective way to limit fraud losses? Prevent fraud from occurring in the first place. The best line of defense is to proactively develop a personalized robust fraud prevention and mitigation program for your business.
Our choice of Chrome River EXPENSE was made in part due to the very user-friendly interface, easy configurability, and the clear commitment to impactful customer service – all aspects in which Chrome River was the clear winner. While Chrome River is not as large as some of the other vendors we considered, we found that to be a benefit and our due diligence showed that it could support us as well as any large players in the space, along with a personalized level of customer care.
We are excited to be able to enforce much more stringent compliance to our expense guidelines and significantly enhance our expense reporting and analytics. By automating these processes, we will be able to free up AP time formerly spent on manual administrative tasks, and enhance the role by being much more strategic.