Four ways businesses can help reduce payment fraud

A 2024 study found that 80% of U.S. companies had been victims of payment fraud attacks or attempts, and 30% of those businesses that were victimized were unsuccessful in recovering the lost funds.

To help combat payment fraud, it’s important that businesses implement both robust fraud controls as well as the right policies and procedures to enable early detection of suspicious activities and help safeguard against financial losses.

What is payment fraud?

Payment fraud involves using false or stolen payment information to commit fraud.

These are some of the common types of payment fraud:

1. Electronic payments fraud

These scams begin with a fraudster getting access to an account by using credentials they obtained through phishing or other fraudulent means. The criminals then access the organization’s system and can take over a commercial account, modify or intercept payment instructions, or impersonate a user with signing authority.

Electronic payments fraud can include a number of different tactics:

• Online payment requests: After an account is compromised, fraudsters can disable security features, enter a new email account or phone number, and then submit an electronic payment request.
• Service-assisted payment requests: After successfully signing in to an online banking account, which will make them appear legitimate, fraudsters can contact customer service agents to have a payment request completed.
• Commercial account takeovers: With a compromised online banking administrator account, a fraudster can create a new user with authority to approve electronic payment requests. They can then enable them to create and approve their own requests.
• Intra-company impersonations: Company employees receive an email/phone/fax purportedly from a user with signing authority (for example, Chief Operations Officer) with fraudulent instructions for a transfer payment.
• Interception: Instructions for electronic transfer payments are intercepted and changed to include fraudulent information.

How to help prevent electronic payments fraud

To help reduce the likelihood of electronics payment fraud, take the following steps:

• Verify email and fax requests for electronic payments. Use a phone number already on file or known to be genuine.
• Ensure that your customer service team asks authentication questions to verify the identity of the caller to avoid service-assisted payment requests.
• Separate the duties of payment creation and approval, with one person entering the payment details and another approving the payment’s release.
• Set transaction limits at both the user and account level.
• Use reporting to monitor patterns of payments and to look for any changes in dates, frequency or amount.
• Apply extra scrutiny to international payment requests.
• Consider additional fraud mitigation services offered by your financial services provider.

2. Invoice fraud

Invoice fraud occurs when a fraudster copies an invoice from a known supplier and changes small details, like an account number or phone number, so that they align with the fraudster’s accounts rather than the supplier’s. Then the fraudster sends the invoice, requesting payment. 

If you're not careful, you could make a payment directly into the fraudster's account instead of the account of your trusted supplier.

How to help prevent invoice fraud

Consider taking the following steps to help protect your business from invoice fraud.

• Ask yourself: does the invoice seem legitimate, or unusual?
• Compare the invoice with previous documents already on file.
• Always verify any account changes with your supplier.
• Educate employees and co-workers about the risks of invoice fraud and other potential scams.

3. Check fraud

Electronic payments are now commonplace, but each year, businesses send billions of dollars in payments by check. That's why checks remain a favorite target for fraudsters.

How to help prevent check fraud

There are several precautions you can take to help reduce the likelihood of check fraud:

• Use fraud prevention services
  • It’s not always possible to go completely check-free, so your bank may offer several services to help protect your business from check fraud.
    
    
• Secure your check stock
  • Order one set of checks per account.
  • Use a continuous set of serial numbers when re-ordering checks.
  • Use checks with security features such as magnetic ink, watermarks and chemically reactive paper.
  • Keep your check stock in a secure location.
  • Immediately destroy any unused checks from closed accounts.

• Issue and reconcile with care
  • Don’t leave any blank spaces on the recipient and amount lines.
  • Use a gel pen to write your check. Gel pens penetrate the fiber of the paper making it difficult for fraudsters to remove the ink.
  • When writing the payee’s name, use the entire line or draw a line to the end so that fraudsters are not able to add a name or more information to the check. Do the same when you write the payment amount in words and numbers.
  • Make sure the person who issues checks is not the same person who reconciles your accounts.
  • Have different accounts for different functions so reconciliation is easier.
  • Reconcile your statements as soon as you receive them.
  • Put strict audit procedures in place for check printing and signing.

4. Corporate card fraud

Fraudsters don’t need your physical card to commit fraud. Most of the time, all they need is the corporate card number and expiration date to make unauthorized purchases through the phone or web.

How to help prevent corporate card fraud

• Never share card information unless you’ve verified that the request is legitimate.
• Never share card information via email unless the message is encrypted and the recipient is genuine.
• Use chip and PIN cards when possible – the encrypted microchip is difficult to counterfeit and there are no signatures that can be forged.
• Use the Card Verification Number Scheme (CVS) or Card Verification Value (CVV) when requested.
• Educate employees on keeping cards and PINs safe – don’t share or write them down and make PINs difficult to guess.
• Ensure that when conducting online transactions, the website starts with https and there is a small lock icon in the browser address bar.
• Exit websites securely using their sign out feature and clear your browser cache.
• Set up limits by card or cardholder – by number of transactions per day/week/month, by state/country, by withdrawal amount and frequency.
• Ensure cards can only be used to purchase appropriate goods and services by blocking sensitive Merchant Category Codes (MCCs) such as alcoholic beverages and jewelry.
• Run reports that show detailed transaction information in order to monitor card spend.

More tips to help protect against payment fraud

In addition to the tips above, consider also adopting the following best practices to help protect your business against payment fraud:

• Confirm fund transfer requests by executing a callback to a verified and authorized contact at the payee organization.
• Verify any changes to existing invoices, bank deposit information and contact information from a known and trusted contact.
• Bookmark the login page of legitimate company sites you visit regularly rather than using a search engine to locate them.
• Implement and incorporate verification steps into payment processes.
• Shift from checks to electronic payments. Electronic fund transfer (EFT) payments offer more enhanced security features and can be more easily monitored and controlled.
• Educate employees about various fraud schemes to recognize suspicious activities and take appropriate action. Ongoing education helps ensure that everyone stays updated on emerging fraud tactics and security best practices.

The bottom line

By implementing effective fraud prevention strategies and adopting the tips and best practices featured here, organizations can help to reduce operational costs associated with fraud incidents, ensure business continuity, enhance data security, and ultimately contribute to a more secure customer experience in today’s complex payment environment.