Monday, April 15, 2019
U.S. companies are getting hammered by payments fraud. And scams involving automated clearing house (ACH) payments are increasing faster than most other fraud. Fraud involving checks, wire transfers and credit and debit cards, although still being perpetrated against companies, is declining. And while all fraud attempts don't result in financial losses, 43 percent of U.S. businesses did take financial hits due to payments fraud in 2018.
These are key findings of the 2019 AFP Payments Fraud and Control Survey, which elicited responses from more than 600 corporate finance professionals about 2018 payments fraud experiences.
Overall, a whopping 82 percent of companies experienced attempted and/or actual payments fraud last year, up from 78 percent in 2017 and the highest rate recorded since the Aassociation for Financial Professionals began keeping tabs on payments fraud trends more than a decade ago.
Large companies are more susceptible to payments fraud attacks than are smaller companies. The survey revealed that 87 percent of companies with annual revenues in excess of $1 billion were victims of payments fraud attacks last year, compared with 69 percent of those with annual revenues below $1 billion. And the chasm between the large and small companies victimized by payments fraud is growing: from seven percentage points in 2017 to 18 percentage points last year, according to a report on the survey findings.
Checks remain the payment method most susceptible to fraud, but instances of check fraud are falling. Seventy percent of businesses reported check fraud attempts in 2018, down from 74 percent in 2017 and 93 percent in 2010.
Attempted credit and debit card fraud also is on the decline. Fewer than three in 10 companies (29 percent) reported instances of card fraud last year, continuing a steady decline that began after 2013, when 43 percent of businesses were victims of card fraud.
Wire transfer fraud remains concerning. The AFP reported that 45 percent of firms experienced wire fraud attempts in 2018, down from 48 percent the year before. The association speculates that business email compromises (BECs) are the leading cause of wire fraud these days.
BECs, which use social engineering tactics to trick executives into revealing information needed to initiate fraudulent wire transfers, are becoming a huge problem for companies. The AFP survey revealed a record 80 percent of companies were victims of BEC last year, up from 77 percent in 2017. And 54 percent of companies reported financial losses stemming from BECs.
ACH fraud is climbing, too. Thirty-three percent of companies surveyed reported being hit with ACH debit fraud last year, up from 28 percent in 2017. Twenty percent reported ACH credit fraud, up from just 13 percent in 2017. The AFP, in a report on the survey findings, suggested the trend points to the growing sophistication of fraudsters.
"As ACH transactions are typically considered safer and more difficult to compromise, the increase in ACH fraud suggests that such fraud is of a more sophisticated kind," the report states. Often in these cases, it is not the payment method itself that is being compromised, but the processes leading up to payment initiation, the report noted. Fraudsters appear to be compromising internal systems and controls through email phishing attacks and/or with help from insiders, according to the report.
"Payments fraud is a persistent problem that is only getting worse despite repeated warnings and educational outreach," said AFP president and CEO Jim Kaitz. "Treasury and finance professionals need to learn the latest scams and educate themselves – and perhaps more importantly – their work colleagues on how to prevent them."
It's not just money that's at risk. "It is equally important for businesses to mitigate against nonfinancial implications of payments fraud," added Jessica Lupovici, managing director at J.P. Morgan, which underwrote the AFP survey. "Businesses stand to suffer reputational risk, which can be severe, expensive and require significant clean-up efforts."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.