8 Best Practices for Mitigating the Risk of Payments Fraud
If it feels like your accounts payable department is under siege by fraudsters, you are not alone. Payments fraud is at an all-time high. Worse, it’s not just your checks that are at risk. Fraudsters are using new tools and sophisticated schemes to infiltrate electronic payments to suppliers.
The good news is that eight best practices can help organizations mitigate their fraud risk.
Checks can easily be intercepted, white-washed and cashed, leaving buyers with the expense of investigation, the cost to re-issue checks, and losses, but there are steps that can be taken to reduce payment fraud risk such as using Positive Pay.
But that doesn’t mean that paying suppliers electronically is without risk. Automated Clearing House (ACH) debit fraud is at all-time peak and shows no signs of slowing down. Business E-mail Compromise (BEC) attacks have resulted in significantly higher levels of wire transfer fraud. These sobering stats are from the Association of Finance Professionals’ (AFP) 2019 Payments Fraud and Control Survey.
An eye-popping 78 percent of all organizations experienced attempted and/or actual payments fraud in 2017, AFP’s 2019 Payments Fraud and Control Survey finds. Eighty percent of organizations with at least $1 billion in annual revenues experienced attempted and/or actual payments fraud.
Ninety-two percent of organizations say payments fraud costs them half a percent of revenue. Most of these losses can be attributed to outside fraudsters via forged checks, stolen cards, and BEC schemes that impersonate legitimate suppliers and quickly move funds out of bank accounts.
How to mitigate payments fraud
It is time for organizations to regain the upper hand in thwarting fraudsters.
The following best practices will help your organization mitigate its risk of payments fraud:
Use check positive pay: Positive pay isn’t new, but it is effective. The process matches the account number, check number, and amount of cashed checks against a list provided by buyers. Checks that don’t matched are automatically flagged for review.
Better manage supplier banking information: Supplier banking information is a tantalizing target for fraudsters. Work with an electronic payment solutions provider with a proven and multi-layered approach to gathering, verifying, storing, and continuously updating supplier banking data. Ensure that the banking information provided by suppliers matches key data in your supplier record, such as their name and address. Ask for a letter from the supplier’s bank or a voided check to verify the supplier’s identity. And validate via telephone all contact and/or banking information update requests, to thwart potential BEC schemes.
Benefit from a ‘For Benefit Of’ or FBO account: Look for an electronic payment solutions provider that holds and disperses funds from FBO segregated accounts at a reputable bank. Especially designed to handle funds intended to go to another party, FBO accounts provide clear instructions as to who should receive funds, reducing the chances of interception.
Ensure control over your payments: Without the proper controls, organizations can never be sure who is approving or initiating payments. Best-in-class electronic payment solutions organizations ensure control over payments with pre-defined system permissions and privileges, configurable business rules for approvals (including multiple levels of approval for high-dollar transactions), separation of duties and chain of custody assurances, complete audit trails of all activity, and administrative controls for security settings. Some of these solutions can also identify duplicate payments to suppliers before they go out the door.
Keep sensitive data out of harm’s way: Keeping sensitive data from the prying eyes of fraudsters is a key step in mitigating potential risks. Two-factor authentication enables organizations to restrict system access. And advanced encryption technology makes payment information unreadable to unauthorized users, further protecting digital data confidentiality.
Get insurance: Across the enterprise, organizations use insurance to gain peace of mind. Supplier payments should not be an exception. Some electronic payment solutions providers maintain coverage with highly rated insurers for general liability, errors and omissions, employee theft, forgery, computer fraud, funds transfer fraud, currency fraud, and credit card fraud. Leading providers maintain insurance that covers up to $1 million per occurrence.
Pay suppliers via virtual cards: Virtual cards are the most secure payment method. How can this be? Virtual cards don’t require the distribution of physical cards to far-flung staff; the cards are plastic-less. Importantly, a virtual card number can only be used once, and is only good for a set time period. Organizations can also restrict virtual card transactions by amount, supplier and SIC code. And virtual card transactions must go through an accounts payable department for approval, just like any other invoice. Finally, suppliers only receive 10 of the 16 digits for a virtual card transaction, and eventually those numbers disappear.
Reconcile your payments: Traditional approaches to paying suppliers make it so burdensome to reconcile payments (think logging into multiple portals and downloading multiple spreadsheets) that many organizations can’t keep up with it. This leaves the door open to fraudsters. Leading electronic payment solutions reconcile every supplier payment daily. And leading payment solutions provide complete audit trails of all system activity.
New technologies and new schemes are creating new fraud risks for organizations. Leveraging the eight best practices above will help your organization mitigate its vulnerabilities.
Want to learn more? Contact us today to arrange a free, no-obligation consultation.