Project Description

Payments fraud soared to a record high in 2018, with 82% of organizations experiencing attempted or actual fraud, according to the 2019 AFP Payments Fraud & Control Survey.  The report paints an alarming picture of the pervasive threat:

  • Payments fraud activity appears to be the “new normal” at organizations today1.
  • Payments fraud is targeting checks, wires, and increasingly ACH debits and credits.
  • Fraudsters continue to evolve their techniques with increasingly sophisticated ways of penetrating organizations.
  • Despite awareness and educational efforts, the payments fraud threat continues to grow, with payment fraud incidents surging 20% over the past five years.

The following key findings from the report underscore the pervasive nature of the threat and some of the protective measures companies are using to combat the threat of payments fraud.

Payments fraud plays no favorites:  no organization is safe

Criminals are penetrating companies of all sizes. A record-setting 87% of large companies, with revenue greater than $1 billion, incurred a payments fraud attack in the past year. However, for companies generating less than $1 billion in revenue, fraud attempts dropped to 69% in 2018, a slight decrease from the prior year.

External actors posed the biggest threat, with 64% of attempted or actual payments fraud perpetrated by individuals outside of an organization.

Fraud attacks: more sophisticated, stealthy, and difficult to detect

Business Email Compromise (BEC) is a growing threat with fraud perpetrators using highly sophisticated email techniques to scam their targets. 80% of companies reported BEC fraud in 2018, and more than half (54%) of the companies targeted experienced a financial loss as a result of the scam.  Account Takeover fraud, which includes system hacks, malware and spyware, affected 21% of survey participants.

Account Takeover Fraud affected companies (21%) either with an attempted or actual incident.  This is a jump of 13% year-over-year. Account Takeover fraud includes system hacks, malware and spyware, among other methods.

Checks and wire transfers continued to be the payment method of choice for fraud in 2018 (70% and 45%, respectively). Larger organizations with more than 100 payment accounts were far more likely to experience instances of check fraud. This suggests greater difficulty in maintaining oversight and detecting fraud attempts across a large number of accounts.

There was a noticeable increase in fraud activity via ACH debits and credits with 33% of organizations reporting ACH debit fraud, and 20% reporting ACH credit fraud. The shift towards targeting ACH, notes the report, suggests more sophisticated tactics for breach because ACH is typically viewed as safer and more challenging to compromise.

Vigilance is vital, education essential, and controls imperative

Organizations are using various methods to help impede fraud, including:

  • BEC. Companies (76%) are raising employee awareness around email scams and training staff to detect fraudulent emails.
  • Checks. A large majority of survey respondents reported using positive pay (88%) and account segregation (88%) as protective measures.
  • ACH. A majority of respondents (63%) are blocking all ACH debits except those coming into a single account set up with an ACH debit filter/ACH positive pay as a way to help protect against ACH fraud.

Other protective measures companies are taking include:

  • Stronger internal controls that forbid payment initiation based on emails or other messaging systems deemed less secure.
  • Verification for changes to existing invoices, bank deposit information and contact information.
  • Two-factor authentication for accessing corporate networks and payments initiation.
  • Daily reconciliation to help protect against attacks on security credentials.

The AFP report findings once again demonstrate that no organization can afford to take its eye off fraud security.

1 2019 AFP® Payments Fraud and Control Survey Report.

For more information about payments fraud and how to safeguard your business, contact your Wells Fargo representative or fill out the Contact Us form on this site.

© 2019 Wells Fargo Bank, N.A. All rights reserved. Member FDIC.