Payment Fraud: Scams and Solutions
Unfortunately for most Accounts Payable departments, falling victim to fraud is only a matter of “when,” not “if.”
Fraud attempts can come from any direction, and scams are always evolving. For those of you in charge of mitigating AP risk, it might feel like playing whack-a-mole.
In various surveys we’ve reviewed, statistics indicate that between 60%-75% or more of US businesses experienced payment fraud in 2022. What’s an AP leader to do?
In this blog, we’ll look at common types of fraud, payment types that can reduce fraud, and solutions that can help you protect your organization.
What types of payment fraud should accounts payable be aware of?
Accounts payable departments can’t let their guard down – you need to be vigilant against various types of payment fraud, whether it’s committed internally by employees or by external actors. Teams need continuous training and reliance on strong, built-in controls.
Fraudster strategies get more sophisticated by the day. The most common methods of fraud include:
Invoice fraud
This type of payment fraud happens when someone creates a fake invoice and sends it to your company’s accounts payable department. The invoice may be for goods or services that were never provided, or the amount may be inflated.
Check fraud
Check fraud involves altering or counterfeiting a check in order to fraudulently obtain funds. This can happen internally if an employee is able to print a check for themselves or for some entity they have created. It can also occur after checks are sent
out - a check may be intercepted and deposited into a fraudulent account.
Credit card fraud
This occurs when a fraudster uses a stolen or fake payment card to make a payment. The person doesn’t even have to have the physical card – sometimes just the numbers will enable an online purchase to go through.
Payment redirection fraud
In this type of fraud, a fraudster will impersonate a supplier or vendor and request a change in payment details. The payment is then made to the fraudster's account instead of the legitimate supplier or vendor. AP often has no idea this has occurred
until the real vendor calls, wondering where their payment is.
Phishing
This type of fraud involves tricking an employee into revealing their login credentials or other sensitive information through a fake email or website. You may have received these kinds of solicitations in your inbox, and they have obvious identifying
features once you know what to look for.
Business Email Compromise
In this type of fraud, someone impersonates a company executive by sending an email to employees. The fraudster will request that a payment or purchase be made, often urgently. New employees are typically targeted for this kind of scam because they don’t
know standard procedures. We’ve experienced this here at Mekorma – a new employee was asked by our “CEO” via email to purchase gift cards, but thankfully checked with his manager before complying.
Social Engineering
This is a broad category that can include some of the payment fraud methods already listed. With social engineering, a fraudster may contact a newer employee or a secretary and "socialize them " into offering sensitive information. An example might be revealing banking information, login credentials, or details about executives. The information obtained could then open the door for fraudulent activity.
Impact of B2B Payment Fraud
Fraud can have a significant impact on your organization, beyond the obvious financial implications. Companies that have been through it often don’t discuss the details openly due to PR worries, so it can be difficult to learn from the mistakes of others.
Of course, you may experience direct losses from stolen funds or assets. It’s not always possible to recover the full amount/value completely – or at all. There may also be indirect losses from legal fees, fines, or lost business opportunities.
Fraud can damage your business's reputation and erode the trust of your vendors, customers, investors, and stakeholders. In the event it was an inside job, employee morale could suffer, leading to decreased productivity, increased turnover, and difficulty recruiting.
-frustrated-employees.png?Status=Master&sfvrsn=2108dc43_5/(5.3)-Frustrated-Employees.png)
Fraud can also throw a big wrench in your company’s operations, especially if it involves key employees or systems. If you do experience some type of breach, you’ll have to evaluate your controls and the systems that support them, possibly leading to new processes or software implementations.
What are the most secure B2B payment types?
The way you pay your vendors can greatly influence the likelihood of a successful fraud attempt. Not all payment types are equally resistant to fraud.
The most secure methods are those that offer strong authentication and encryption measures to protect sensitive financial information. These are some of the most secure B2B payment types:
Virtual credit cards
Virtual credit cards are temporary, encrypted credit card numbers generated for single-use transactions. They offer enhanced security because the number can only be used by the intended recipient in the exact amount it was generated for.
ACH payments
Automated Clearing House (ACH) payments are electronic funds transfers that are commonly used for B2B transactions. They are fairly secure, and many banks offer additional security measures such as multi-factor authentication and fraud monitoring.
Wire transfers
Wire transfers are one of the most secure payment types because they involve a direct transfer of funds from one bank account to another. They typically require multiple layers of authentication, such as security tokens, passwords, and security questions. They’re also very expensive to process so not a great choice for your standard payment method.
Cryptocurrency
Cryptocurrency transactions are highly secure due to their use of blockchain technology, which creates an immutable record of each transaction. But cryptocurrency is volatile and not yet widely accepted for B2B transactions. Crypto may not be suitable for all businesses.
To look from the reverse standpoint, the least secure B2B payment types are those that offer fewer authentication and encryption measures…like checks. Check payments are the least secure, and check fraud is still the most widely experienced by organizations of all sizes.
-person-putting-check-in-envelope.png?Status=Master&sfvrsn=6f5c6012_5/<5.3)-Person-Putting-Check-in-Envelope.png)
It's important to note that the security of a B2B payment method is not just dependent on the payment type itself, but also on the security measures you implement throughout the AP lifecycle.
- Make sure you’re using the security measures built into your ERP or accounting system to enforce separation of duties.
- If you do print checks, be sure to enroll in your bank’s Positive Pay (Safepay) program for an extra layer of protection.
- Consider using virtual credit cards instead of physical plastic cards.
Payment Outsourcing Provides More Security
One powerful way to significantly reduce fraud risk and relieve the pressure of maintaining bullet-proof controls is to partner with an AP payment outsourcing provider. A third-party provider can transition your vendors to accept more secure payment methods like virtual credit cards, without a heavy lift on your end. These services also invest heavily in the latest and greatest security protocols.
Mekorma Remote Payment Services is one such service – but goes even a step further to offer full fraud protection. In addition to paying vendors by virtual card and ACH, our outsource program takes on the liability for all payments made through the service.
Conclusion
In summary, a good defense against fraud is multi-pronged and must be maintained. Your AP team needs to be informed about the latest scams and how to recognize them. Optimizing your payment types can help, but not without proper controls put in place at every step of your AP workflow. If this is challenging to implement, you might consider working with a payment outsourcing provider.
