Digital Transactions Authoritative, insightful and timely information for payments professionals
Checks caused most of the losses suffered by businesses victimized by payment fraud in 2010, which is no surprise. Businesses, however, are now falling victim to newer types of fraud, particularly account takeovers, that fraudsters have used against consumers in recent years, according to the Association for Financial Professionals’ latest annual study of corporate payments fraud.
Some 14% of the AFP’s 2010 respondents experienced account-takeover fraud last year, though only 2% reported actually suffering a financial loss from it. Still, corporate account-takeover attempts have become prevalent enough that the FBI and other federal agencies have issued warnings about it, the AFP says.
Many takeover attempts originate outside the U.S., with fraudsters looking for more money than they can get from consumer accounts, according to David Bellinger, the AFP’s director of payments. “These organizations across the seas, they see that [corporate account] as a bigger target,” Bellinger tells Digital Transactions News. “That’s part of this trend to get access to these higher-value payment systems.”
In account takeovers, a fraudster uses malicious software (malware) or other technological means, or social interactions such as duping or bribing a customer-service representative or other employee, to obtain credentials for access to financial accounts. With the credentials, the fraudster can then drain the account with counterfeit checks or cards, or other illegal withdrawals.
The Bethesda, Md.-based AFP in January surveyed member companies about their fraud experiences in 2010 and received 399 responses, with the vast majority from organizations with annual revenues of more than $250 million. In all, 71% of the AFP’s respondents experienced actual or attempted payment fraud last year. Fraudsters seem to like bigger companies, with 82% of those with revenues of more than $1 billion reporting they were subject to attempted or actual payments fraud compared with 58% of those with revenues under $1 billion.
The overall results are consistent with findings every year since 2006, with attempted or actual fraud rates staying in a narrow range of 71% to 73%. Only 55% of companies in 2004 reported being a target or actual fraud victim, but the fraud rate jumped to 68% in 2005.
Despite the overall decline in check transactions (Digital Transactions News, Dec. 16, 2010), checks remain the dominant method of payment fraud. Some 93% of companies subject to attempted or actual fraud cited checks as the method. Next were automated clearing house debits, 25%; consumer credit and debit cards, 23%; corporate/commercial purchasing cards, 15%, and ACH credits and wire transfers, both 4%.
Thirty percent of respondents reported their checks being subject to more fraud last year compared with 2009. Half said check fraud remained about the same, and 20% said it had declined. Regarding consumer credit or debit cards, 18% of respondents said attempted or actual fraud increased in 2010, 68% said it remained about the same, and 14% said it declined. “[Checks] are just more vulnerable,” says Bellinger. “With the check system and the card system, you’re dependent on static account numbers. If that information gets stolen, you’re more vulnerable to fraud.”
Regarding attempted or actual corporate card fraud, 16% of respondents reported an increase, 69% reported it was about the same, and 15% said it declined. Respective figures for ACH debits were 15%, 61%, and 24%. Respondents reporting decreases in attempted or actual wire-transfer and ACH-credit fraud far outnumbered those reporting decreases, and 74% said fraud via both channels remained about the same last year.
The median actual fraud loss among the AFP’s respondents was $18,400. The median loss was $17,000 for companies with less than $1 billion in revenues and $20,600 for those with more than $1 billion.
Depending on their individual experiences, respondents that suffered a financial loss could name more than one source. Some 87% said the perpetrator was an outside individual such as a check forger or user of a stolen card. Ten percent said the source of fraud was a third-party vendor or outsourcer; 10% cited an organized crime ring; 9% blamed an insider and 5% said other. Only 3% cited a tech-based criminal invasion involving malware or other electronic means.
