The good news is that attempted and actual payments fraud declined last year. The bad news is it went down only a tick and remains very close to the all-time high, according to the latest report from the Association for Financial Professionals, a Bethesda, Md.-based trade group for companies across a wide range of industries.
The association, which has surveyed companies every year for 16 years, found that 81% had experienced attempted or actual fraud in 2019, down slightly from 2018’s 82%. The survey has found fraud rising steadily across a wide range of payment methods since 2013, when it registered at 60%. Now, “If anything, [fraud] is remaining stable,” says Tom Hunt, director of treasury services at the AFP. “I don’t take a lot from that.”
This year, the study found that companies may be getting better at defending against so-called business email compromise, which has become a prime fraud vector. Some 75% of companies reported having been affected by this fraud, down from 80% in 2018 and the lowest percentage since 2016. Still, it remains a persistent threat, with sixty-one percent of organizations suffering from actual or attempted fraud of any kind reporting this tactic as the ultimate source. With business email compromise, fraudsters use emails dressed up to look as if they come from senior management to create a contrived sense of urgency and gull employees into triggering transfers to outside accounts.
Of the payment methods studied, only wire transfers experienced a decline in fraud and attempted fraud. Some 40% of companies surveyed cited wires, down from 45% in 2018. On the other hand, ACH credits rose from 20% to 22%, while ACH debits remained constant at 33%. That’s not coincidental, notes Hunt. “I see a trend developing,” he says. “Wire fraud is going down, and that’s a good trend, but there’s an uptick in ACH credit fraud, and accounts-payable departments are most vulnerable to that.” With ACH credits, organizations authorize payments to other parties, whereas debits involve payees initiating transfers from payors.
ACH transactions are processed in batch, which can help hide suspect items, while wires are usually subject to close scrutiny because they stand alone, involve immediate transfer, and are typically for very large sums, Hunt points out. “A wire has an immediate effect, it’s very hard to get that wire back when you hit that send button,” he says.
ACH credits have been eligible for same-day processing since 2016, but that still leaves time for some checking. Catching fraudulent credits “takes a lot more procedural cohesion” in accounts-payable departments, Hunt says. “An eye for one payment is easier than [identifying] a payment in an ACH batch. There has to be stronger processes put in place to question that payment, to make those phone calls, and also have a procedure in place to support that.”
But other often-used payment methods also saw more actual and attempted fraud last year. Some 34% of companies reported fraud or fraud attempts on commercial and corporate credit and debit card transactions, up from 29% in 2018. Hunt says AFP is hearing from members that Visa Inc. and Mastercard Inc. “are getting better with detecting fraud.” Still, he adds, “those [fraud] models will be really well tested.” He advises companies “are going to have to be much more vigilant so they can defend against chargebacks.”
Still, for all the concern about rising fraud and attempted fraud, the study found that most attacks yield little for the fraudsters. Sixty-three percent of companies that reported actual or attempted fraud said they had sustained zero direct loss. Only 20% suffered a direct loss of $20,000 or more.
For the study, “Payments Fraud And Control Survey Report,” the AFP fielded a survey in January to 8,000 companies and other organizations, including non-profits, and governmental organizations. The association received 425 responses. JPMorgan Chase & Co. sponsored the research.