Payments fraud

Continuous process and control improvements

Despite the numerous warnings, press releases and industry-wide examples of payment fraud, companies continue to struggle1 implementing measures that limit risk exposure and the likelihood of being a target. Both internal and external issues contribute to inadequate response mechanisms to payment fraud risk, and many companies are limited to reactionary responses after a fraud event has occurred or triggered an emergency response. 

Internal factors that contribute to potential payments fraud include the following: 

  • Siloed approach to evaluating enterprise-wide risk, e.g., payments and vendor management process owned by Accounts Payable
  • Limited finance and treasury staff to reinforce strong controls and segregation of duties
  • Outdated processes
  • Budget pressures limiting the use of enhanced technology to foster greater automation and control
  • IT constraints limiting the ability for payment processes to advance
  • Multiple access points by which fraud can occur, e.g., high volume of bank portals
  • Decentralized payments operations with limited management oversight

External pressures also continue to contribute to fraud risk as schemes and scams become more sophisticated and use freely available information (i.e., social media and company Web sites) to target companies and their employees.

Let's get the basics right:

While there are often limited resources and internal constraints, companies nonetheless have the ability to bolster their payment fraud defenses by establishing and reinforcing governance and controls within the payment life cycle. Consider the following common steps taken to help minimize risk: 

Strengthen weak passwords - Hackers are more sophisticated than before and can relatively easily uncover weak passwords. Use a more complicated combination of letters, numbers, and symbols that aren't commonly recognizable. 

Train employees - Fraudsters easily trick staff into revealing account credentials. Train employees to not provide user name or password information over the phone or email-even if the source seems legitimate.

Know your vendors and business partners

- Typically, companies share wire instructions with long-time vendors or business partners, but extensive due diligence around new vendors and payees is often not robust enough

Bank fraud services - Using Positive Pay services for checks and ACH and Payee Positive Pay for check disbursement accounts adds an extra layer of protection. Use debit blocks and alerts to reduce the risk of unauthorized payments 

1 "Source: ACL Website, News Releases, March 7. 2017': ACL Fraud Survey showed that business are running organizations in an "alternate reality;· with a shockingly inaccurate perception of their fraud environment. Eighty 
percent of respondents said their organization has "medium to no" exposure to fraud, despite industry research 
Payments fraud
Continuous process and control improvements