Fraud: How your finance team can fight it

Blog | January 11, 2024

Reading time: 4 min

Identifying fraud and its red flags requires effort from all employees. Finance teams are the first line of defense. See what precautions AP and AR teams can take to ward off scammers.

how finance teams can fight fraud_three employees sitting at a desk looking at a laptop

It’s easy to think of security as the IT team’s job. After all, they have the cool tools to stave off hackers and protect your company’s sensitive data. Maybe they’re already using AI and machine learning to detect suspicious activity.

And that works—to a point. But bad actors committing payment fraud have grown increasingly sophisticated. They may target your employees to gain access, or even use a non-technical method like check fraud, which is on the rise.

So, what’s a finance team to do? Knowledge is the best defense, and that includes knowing the types of fraud that are out there and training internal employees about them. You might be able to catch fraud and protect your company, as a supplement to your security team, before you find yourself facing a huge financial or reputational loss.

Trust less in the face of identity and payment fraud

Fraudsters understand the “mechanics” of payment processing and using it to their advantage. In 2022, deposit institutions filed more than 450,000 suspicious activity reports (SARs), up 85% from 2021 filings. And identity fraud losses totaled more than $43 billion, according to a report by Javelin Strategy and Research.

From check fraud to deepfakes, these criminals will try everything. They’ll attempt payment fraud in volume, hoping that one attempt will sneak through, or use elaborate identity schemes hoping for a big payout. Technology enables them to work faster than ever before.

As a finance team, you might be able to spot that a check sequence is off (or encourage your clients to use online payments to reduce check fraud). You might put extra protections in place to verify customers’ identity for account changes—for example, calling them to verify that the changes are legitimate.

Whether it's trusting your gut when something seems off or adding verification steps, you can protect your customers’—and your company’s—accounts.

“It has to be not just at the top level of knowing what to do with it, but your whole company,” said an attendee from Billtrust’s Insight on the Road event in Atlanta. “You have to train everybody on fraud when they don’t deal with it on a daily basis.”

Billtrust insight on the road Atlanta attendee quote

Increase internal awareness and training

Unfortunately, attacking from the inside is still a popular choice for hackers and fraudsters. Phishing attempts have gotten a lot better, with legitimate-looking emails asking for sensitive account information or deploying malware with a single click.

Phishing attempts are no longer limited to email. According to the 2022 Global State of Mobile Phishing report, more than 50% of personal devices were exposed to mobile phishing every quarter. These include tactics like voice phishing, SMS phishing, and QR code phishing.

Employees must be on the lookout for such attacks. For that to happen, they need to recognize phishing attempts through ongoing education, especially in the rise of fraudulent payments, such as check fraud, and AI-fueled attacks.

“I've talked to some … folks that have had people listen in on earnings release calls and record those to get the computer to learn the cadence of speech and tone,” said another attendee of Atlanta’s Insight on the Road. “They can use AI tape technology, call a finance person, leave them a voicemail in the voice cadence of your CFO saying, ‘Hey, I need you to send this money to XYZ.’ And you can hardly tell the difference.”

Work with your IT team to determine the best way to do combat phishing and fraud efforts, whether it’s online coursework, internal memos about the latest phishing schemes (with examples), or other education.

And it should go without saying that your team’s security tactics should be top-notch. Strong password requirements, multi-factor authentication, and limiting devices with access to sensitive data can go a long way in stopping fraud in its tracks.

To further survey the weak spots your organization may have, review your payments acceptance policies and encourage business partners to modernize how they pay. If check fraud is a significant concern, ACH and eCommerce could serve as an alternative to checks.

Automate manual processes

Fraudsters can exploit manual steps in a finance team’s process. If you’re processing invoices or reconciling payments manually, you open the door for errors—and an opportunity for fraud to slip in undetected.

Or you may implement new procedures to try and detect/prevent fraud, but if it’s too manual, your finance team might not follow the procedures properly. Or forget. Or ignore the process.

Your goal should be to optimize your processes as much as possible and reduce the potential for fraud. AI-powered tools can improve accuracy and reduce errors in your operations.

Of course, fraud is constantly evolving. It often feels like a game of defense: finding new ways to block the latest clever fraud attempt. The best strategy is one that aligns finance teams with the IT department to ensure an organization is prepared to address new fraud risks.