According to the Association for Finance Professionals (AFP) annual survey for 2016, 74% of finance professionals indicated that their organization experienced actual or attempted payments fraud during 2016. This level is the highest since 2006 and follows decreases from 2009 through 2013 when the statistic started edging up again from 60% to 62% in 2014 and blasted to 73% in 2015.
Check fraud and wire transfer fraud dominated the types of payments fraud experienced, with wire transfer fraud sharply increasing from 14% in 2013 to 48% in 2015 (AFP Payments Fraud and Control Survey 2015) and 46% in the 2016 survey. The likely reason for the overall and the wire transfer fraud uptick is that many instances of fraud started with business email compromise (BEC) – 52% reported for 2016.
BEC generally involves hacking or spoofing an executive’s (often the CEO) email account, using the impersonation to extract funds from others, generally in the finance department, acting on behalf of the organization. Preventing BEC is really fairly easy, and first on the list is:
- Teach employees what it is and how to spot it (and remind them often), perhaps with simulations
Other safeguards are:
- Requiring that transactions have a second approval
- Verify email instructions through an independent source (such as a phone call to a previously known number – not one provided in the communication – or in person)
Lest you think that good, old-fashioned check fraud has gone the way of the horseless carriage, for those companies experiencing payments fraud in 2016, 75% involved check fraud. Why so high? Some speculate that the declining use of checks has resulted in less focus on loss prevention and companies have abandoned well-conceived preventions, such as positive pay systems and daily cash account reconciliations. Both of these controls (as well as other verification “products” offered by deposit institutions) do carry fees and do take time to monitor and perform, but isn’t this a case where an ounce of prevention might be worth a pound of cure?
Perhaps it’s time to re-visit and refresh your company’s controls over disbursing funds.