Like accounts receivable fraud, businesses must stay vigilant about payment fraud caused by employees and those outside of organizations. After all, what you don’t know can hurt your cash flow and, ultimately, your business and reputation. Plus, it’s a CFOs worst nightmare to discover the occurrence of accounts payable and financial schemes. They need to do whatever they can to mitigate the risk.
An illegal transaction committed by an employee or someone outside your organization. Cybercriminals wreak havoc on business operations by taking advantage of any potential “holes” within your or your bank’s online security. Above all, criminals can steal funds, business accounts and customer information through cyber attacks.
According to the 2021 AFP® Payments Fraud and Control Survey Report, “Nearly 75 percent of Organizations Were Targets of a Payments Fraud Attack in 2020.”
When you think of payment frauds, one or more of the following may come to mind:
Because e-commerce businesses process electronic transactions for products and services, they seem to be the hardest hit by fraud. Meanwhile, the high volume of transactions throughout the year may open the door for fraudulent activities.
Keep reading this post (or risk your order-to-cash cycle) to prevent payment fraud from hurting your accounts receivable.
Digital payments and checks contribute to payment fraud. As you know, systems get hacked and business and personal information stolen or even forged. Checks and the information on them may be changed. When sensitive information falls into the hands of criminals, it causes a chain reaction, from high levels of stress to shaken customer trust, lost funds and more. Below are the top payment frauds to look for in B2B:
ACH transactions fraud occurs when an attacker accesses your business account for unauthorized ACH payments or withdrawals. Therefore, cybercriminals can use your business checking account number or bank routing number to commit ACH fraud.
Check fraud is the most common type of payment fraud through digital or paper checks and includes the following:
Someone gains access to deposits in one business bank account before the bank takes them from another.
Counterfeiting is printing bogus checks with a business’s information on it.
Intercepting supplier payments, aka fake invoice fraud, is similar to authorized push payments (APP) (sending payment under pretenses). Using social engineering and interception techniques, attackers obtain business information. For example, they convince an employee to alter the bank account information with ‘fake’ bank account information. When an accounts payable team member pays an invoice, it goes to the fraudster instead of the legitimate supplier.
A person endorses a check that doesn't belong to them or signs it without permission.
This is slang for writing bad checks. A person writes a check knowing there are insufficient funds or the account is closed.
An employee or outsider or a group of people steals checks.
Washing is the use of chemicals to erase information on checks.
While virtual credit card and credit card payment information is encrypted, fraud can still occur through unauthorized transactions, fraudulent cash advances and merchant disputes.
Phishing is a type of social engineering involving email or websites. For instance, a cyber criminal creates a fake email message and sends it, hoping that the recipient will share sensitive information. The same applies to websites. An attacker may unleash malicious software to damage systems and sites.
Imposters use fake emails to request wire transfers. Because of the increase in business email compromise (BEC) scams, B2Bs have seen an increase in wire transfer fraud.
B2Bs should also watch for merchant identification fraud and page jacking. These are defined as:
The setup of merchant accounts for a stolen e-commerce business’s identity. Hackers post charges to stolen customer credit cards and disappear before anyone notices the fraudulent payments. The “real business” is left with losses, fees, chargebacks, unhappy customers and banks, TC40 claims and fraud reports.
Attackers reroute traffic from an e-commerce site to a different website.
Consumer fraud and corporate fraud differ in that banks cover fraudulent consumer activities. Unfortunately, corporations may not be reimbursed for fraudulent payments and other financial scams. Why? Because banks don’t hold cardholders responsible in the event of card-present and card-not-present frauds.
If your business becomes the target of payment fraud, you’ll have to refund money and investigate the fraudulent activity. Meanwhile, all of this can cripple your business’s financial health and cash flow ecosystem. If your AR team or finance department notices anything suspicious, the accounts receivable manager, fraud manager or director should notify the bank immediately.
It’s an illegal transaction committed by an employee or someone outside your organization.
Corporations may not be reimbursed for fraudulent payments and other accounts receivable scams because banks don’t hold cardholders responsible in the event of card-present and card-not-present frauds. However, speak with your merchants and bank representatives to understand how your business is protected.
Corporations may not be reimbursed for fraudulent payments and other accounts receivable scams because banks don’t hold cardholders responsible in the event of card-present and card-not-present frauds. Therefore, speak with your merchants and bank representatives to understand how your business is protected.
A CFO can mitigate the risk of payments fraud by working with the company’s CIO and outside organizations that specialize in payments fraud detection and monitoring.
Other frauds include merchant identity fraud and page jacking.
The rise in digital payments has opened the door wider to payment fraud. However, banks, merchants, payment providers and other players in the payment space have increased cybersecurity measures. These include:
All of the tips above can help you with managing digital payment fraud. Plus, if your business has a solid payment fraud detection system in place, you can stop cyber attackers. Here are some ways to prevent payment fraud:
If you don’t have cybersecurity training or offer limited education, work with a security company to update or create a training program. The payments industry is changing rapidly and you and your employees need to be up to date with the latest information.
Using accounts receivable automation software can help you to eliminate paper checks and invoices. Manual invoicing is time-consuming and has the potential for errors. Plus, automated AR software allows your AR team to dedicate to more complex tasks and, of course, fraud detection.
Limit access to confidential information to authorized employees only to avoid leaks or information falling into the hands of fraudsters. Also, set up multiple-factor authentication processes. Most financial institutions will already have these in place. After all, it's important to protect private information.
You should have a process in place for reviewing transactions where employees look for patterns and inconsistencies with shipping addresses, amounts, dates, etc.
Businesses are adopting technologies and digital payments, so it makes sense to keep up with payable fraud and payment fraud trends. In short, cyber attackers find new ways to break into systems quicker, gaining access to sensitive information. Consequently, your financial team should stay alert to savvy fraudsters as a way to protect the health and reputation of your company.
When was the last time you reviewed your online security? After all, you may want to check your infrastructure to ensure it’s current. Meanwhile, make sure your business encrypts emails and transactions at a high level of protection to keep private information safe. Review your business’s antivirus and firewall software to ensure that it’s current. You may even want to invest in more robust online security. Moreover, you don’t want to take any chances with exposing important business or customer information or data.
Many B2Bs have embraced accounts receivable automation and have reduced the number of manual tasks their AR teams perform. However, with check fraud and electronic payments fraud on the rise, you must stay vigilant. Technology is excellent, but it brings with it hackers and schemers who’ll do whatever they can to scam your business, suppliers and customers. Unfortunately, this leads to more fraud cases.
In summary, the best way to avoid sabotage is with fraud prevention, which includes using enhanced online security systems, implementing fraudulent best practices, regulation and robust payment systems like Billtrust’s Business Payments Network that streamline the process. CFOs and CIOs can work together to stop fraudsters before they damage a business’s financial health and reputation.