A staggering 80% of businesses reported they were victims of attempted or actual payment fraud attacks in 2023, according to the Association for Financial Professionals' (AFP) 2024 Payments Fraud and Control Survey Report. The survey analyzes fraud attacks on business-to-business (B2B) transactions, identifies the most affected payment methods, and discusses how organizations can prevent payment fraud.
For valuable insights and expert perspectives on the report, we turned to Melissa Fellows, Senior Vice President – Managing Director of Treasury Management at First Business Bank. With over 20 years of experience helping businesses optimize cash flow and prevent payment fraud, Melissa offers her insights to help your business strengthen its payment fraud prevention efforts.
Payment Fraud Activity Surged in 2023
The 2024 AFP survey report shows that payment fraud rose 15% in 2023, with 80% of organizations targeted, a significant increase from 65% in 2022. Larger businesses and those with fewer payment accounts suffered the most. Checks and ACH debits continue to be the most-targeted payment methods.
"Check and ACH are the most common payment types that our clients use, and they also represent the highest percentage of attempted fraud in the survey," said Melissa Fellows. "Because of volume and frequency, we see that check and ACH fraud remain the most common types of payment fraud."
Some organizations are successful in getting back funds lost through payment fraud. According to the report, 29% said they recouped up to 75% of the funds lost, 41% recovered more than 75%, and 30% reported they were unable to recover funds. Treasury and Accounts Payable departments most often discover the fraudulent activity first.
And while business owners often think their business is too large or too small to become a victim of payment fraud, the truth is that company size doesn't matter.
"Everyone is vulnerable to payment fraud regardless of company size,” Fellows said. “Accounts with larger transaction volumes tend to see fraudulent attempts more often because they have a lot more activity flowing in and out of their account. Every paper check has your bank routing number and account number printed on the bottom of it."
That said, accounts with high balances and low activity should be monitored equally. “For low volume accounts, we recommend clients setup transaction or balance alerts, this way they are notified when activity occurs and timing is critical,” Fellows said. “It’s very important to implement and actively leverage fraud tools available, and it’s more cost-effective to have fraud tools on one account instead of five."
The report notes a troubling increase in checks stolen through the U.S. Postal Service, as well. More than 20% of survey participants said they experienced attempted or successful payment fraud in this manner — 10 percentage points higher than the year prior. More than 80% also report their companies still deliver checks through the mail.
Business Email Compromise (BEC) Scams Continue to Threaten Organizations
Business email compromise (BEC), a scam where fraudsters use email to pose as executives or vendors to trick employees into making unauthorized payments, remains a significant threat. The 2024 AFP survey report shows that 63% of those surveyed report experiencing BEC attacks or attempts in 2023, with ACH credits beating wire transfers as the most commonly exploited payment method.
The AFP survey notes that Accounts Payable departments are most vulnerable to BEC attacks, however, client-facing teams and other departments outside of finance and accounting are also at risk because they may not recognize a BEC scam as quickly.
The consequences from a successful BEC can extend beyond financial losses, sometimes even including supply chain disruptions and data breaches. Using readily available generative artificial intelligence (AI), fraudsters employ increasingly sophisticated tactics, such as using AI-generated emails with realistic scenarios to trick employees.
Fellows emphasizes the critical role of IT in preventing payment fraud. "The most underutilized method to prevent payment fraud is a comprehensive firewall, network, and anti-virus protection,” Fellows said. “Protect your network and every piece of technology that you provide to your employees with access to company data. For smaller companies, that might involve working with an outside partner to follow best practices, including regularly updating and patching software and taking other recommended measures, such as backing up data." Fellows also recommends reviewing your company’s insurance coverage annually to ensure you are properly covered if your system is compromised.
Payment Fraud By Check Remains Widespread
Even though check payments continue to decline, checks remain the payment method most susceptible to fraud, with 65% of organizations reporting incidents. About 70% of survey participants report they currently use checks and have no plans to drop them by 2026. The reluctance to phase out checks leaves businesses vulnerable to payment fraud, particularly when they mail checks without tracking.
According to the survey, respondents most often cited “working with smaller organizations,” “requirement for checks,” and “refund processing” as barriers to eliminating checks in their businesses to prevent payment fraud.
Preventing Payment Fraud: Prevention Measures and Controls
Preventing payment fraud requires a multi-faceted approach that includes implementing effective policies and procedures, adopting strong security solutions, and educating employees. The AFP survey reveals that callbacks, dual control, senior management signoff, two-factor authentication, and fraud detection solutions work together to create a highly effective defense to prevent payment fraud.
How Do You Prevent Check Fraud?
Payee Positive Pay and daily account reconciliation are the most effective controls. When companies can't avoid using checks, they can take steps to prevent payment fraud, such as implementing strong internal controls and regularly reconciling accounts.
"If you're writing checks, you should be using Payee Positive Pay," advises Fellows. "When we look across companies for the number of checks being written, check payment fraud prevention is still underutilized. To fully mitigate any risk of loss, we recommend a combination of Payee Positive Pay and frequent account reconciliation. There are a number of tools companies can leverage to catch fraud timely and when fraud is caught within the first 24 hours, you significantly reduce any risk of financial loss.”
In fact, the AFP report shows that 84% of survey respondents said bank solutions like Payee Positive Pay are “effective” or “very effective” at preventing payment fraud. With Payee Positive Pay, your business to upload a check register for your bank to match each check presented on your account. When there are discrepancies, your bank holds the suspicious check for a decision from you whether to pay it, preventing payment fraud before it hits your account.
How Do Your Prevent Fraud Via Business Email Compromise?
The survey also highlights that many organizations have not fully implemented or tested their BEC prevention policies and procedures. Additional effective controls include segregation of accounts and ACH debit blocks/filters.
Education and awareness are also crucial in preventing payment fraud. "You can't overcommunicate or have it on your employees' radar enough," Fellows said. "Constant reminders and sharing examples of actual attempts that come into your company are essential because fraud happens when you least expect it."
Some organizations only train specific employees, but in reality all employees can prevent payment fraud. Fellows emphasizes the importance of communication, stating, "If there’s attempted fraud, companies may feel like they need to keep messaging quiet internally, but really companies need to educate and create awareness to keep everyone vigilant."
By implementing robust security measures, educating employees, and staying vigilant, organizations can minimize the risk of check fraud. "When working with a client or a vendor and submitting a payment, make sure you know the request for payment is legitimate. That comes from out-of-band authentication through a phone call or text message," she advises.
Faster Payments on the Rise: Staying Ahead of Risks
B2B real-time payments are expected to increase dramatically in the coming years, along with increased fraud concerns. The 2024 AFP report shows that 44% of respondents cite increased fraud risk as a barrier to using real-time payments, such as FedNow. As transaction limits increase, organizations will need to proactively implement security measures to prevent payment fraud.
Only about 36% of survey respondents say their business has procedures in place to prevent payment fraud through real-time payments. This leaves many companies vulnerable as fraudsters increasingly target new payment methods.
To prevent payment fraud while taking advantage of the benefits of faster payments, the AFP recommends businesses should:
- Strengthen identity verification before sending payments
- Monitor transactions in real-time using AI/machine learning
- Establish clear procedures for fraud reporting and resolution
- Educate employees and customers about fraud risks and prevention
- Work closely with banking partners to prevent payment fraud
- Consider risk-based limits and multi-factor authentication
By proactively implementing these measures, organizations can benefit from the speed and efficiency of real-time payments while working to prevent payment fraud. A multi-layered approach to security will be essential as faster payments become the new normal.
Prioritizing Payment Fraud Prevention: Key Takeaways
Payment fraud continues to evolve and grow more sophisticated, showing no signs of slowing down. As organizations adopt emerging payment technologies and faster payment methods, a strong, multi-layered fraud prevention strategy becomes absolutely necessary.
Fellows suggests business leaders prioritize comprehensive anti-fraud controls, ongoing employee education, and collaborate with experienced banking partners to prevent payment fraud at their companies.