Business-to-business payments fraud is on the rise. Fraudsters are finding creative ways to infiltrate companies, not through esoteric hacks into IT vulnerabilities, but rather by targeting employees through sophisticated email schemes. Success by these fraudsters means potential losses for businesses.
“Being the victim of B2B payments fraud could lead to financial loss,” says Jim Altman, Middle Market Pennsylvania Regional Executive at Huntington Bank. “It could mean losing out on a one-time payment, or if the fraudster is advanced, the theft could involve multiple payments.”
Smart Business spoke with Altman about B2B payments fraud — the trends and the tactics to mitigate attacks.
Where is fraud within B2B payments happening today?
B2B payments fraud occurs through a variety of methods, from age-old schemes to newer, technology-driven tactics. Banks had once been the target of hackers, but as they fortified their systems and became more difficult to penetrate, fraudsters shifted their efforts to focus on businesses.
Today, business email compromise is the most used tactic among fraudsters. It targets individuals who perform the funds transfers for a business by creating what seems like a legitimate email using social engineering to obtain email accounts and then requesting a change in how a payment is made. For example, the email may ask the person who is initiating the payment to have an invoice sent to a different bank account. Some 76 percent of organizations experienced business email compromise in 2020 — it’s a very large volume of the fraud that’s occurring.
Check fraud is also prevalent — some 42 percent of the organizations are using checks for payment, a method that lends itself to many existing fraud tactics. Wire transfer fraud has actually increased significantly from 2014 to 2020, moving up from 27 percent to 39 percent, and ACH fraud is climbing, but both primarily because more companies are using these methods, so the opportunity to commit fraud has increased.
What can businesses do to mitigate the risk of fraud within their B2B payments?
The first and most important step in mitigating B2B payments fraud is acknowledging that it is a reality. As mentioned before, some 76 percent of businesses have had an issue with fraud; that means there are more that are getting targeted. So, it’s important that businesses create a plan that’s going to minimize the opportunity for the fraudsters to get access. This is best done through ongoing training of employees, who are often a fraudster’s point of entry.
Businesses can also mitigate fraud by limiting employee access through credential designation to any of the systems where payments are created, and by separating payment creation from approval by having a different individual at each stage, rather than one person. That can greatly mitigate any unauthorized transactions. Adding a step to validate any vendor request to change payment instructions or accounts is also critical.
Businesses should also frequently reconcile their accounts, on a daily basis if possible. They should also, if possible, separate any systems that access bank or payment systems from other systems that employees may commonly use, to limit the possibility of corruption.
Who should businesses work with to help establish a plan to mitigate payments fraud?
Businesses should talk with their banking partners or service providers about tools that can help to prevent or mitigate possible fraud. Insurance companies are also offering policies around cybersecurity that could mitigate the impact of a breach. Leverage the knowledge that’s out there and put together a plan to try to prevent fraud or deal with the impact if it were to happen.
It’s important to have a sound plan. Take proactive steps to prevent payments fraud from happening, and also have a good plan in place to rapidly recover should fraud occur. Keep yourself educated and help protect your business. ●
INSIGHTS Banking & Finance is brought to you by Huntington
