Corporate payments fraud is as high as it ever was, according to a new survey by the Association for Financial Professionals (AFP), with corporate account takeover emerging as a serious threat. While checks continue to be the most widely used vehicle for payments fraud, corporations also must be vigilant to protect payments access points linked to web-based transactions and corporate cards, a new survey shows.
The 2011 AFP Payments Fraud and Control Survey, underwritten by J.P. Morgan, found that despite a dramatic shift toward electronic B2B payments and the adoption of preventative techniques, payments fraud has remained persistent over the last five years.
“Checks have been a known vulnerability for many years. The fact that 93 percent of companies that had experienced payments fraud in 2010 are telling us that checks were a target provides companies with a consistent incentive to shift more transactions to electronic payments,” said David Bellinger, AFP’s director of payments. “But checks are not the only area of vulnerability. We are now seeing companies fall prey to corporate account takeover, where someone gains access to a company's credentials and uses those to empty business accounts.”
In corporate account takeover, fraudsters use technology or social interactions --ranging from phone conversations to social networking messages-- to induce an employee to divulge an organization’s account information, allowing the fraudster to move money and cause large losses in a very short time. The AFP survey found that 14% of respondents experienced this type of fraud last year, with 2% actually suffering a loss. It has become prevalent enough to warrant warnings to businesses from the FBI and other federal agencies.
Across all types of payments fraud, criminals outside the corporation make most of the attempts, accounting for 87 percent of the fraud reported in the AFP survey. Roughly 10 percent of respondents suffered payments fraud originating from an organized crime ring or third-party/outsourcer. Only nine percent of organizations were subject to internal payments fraud.
"J.P. Morgan is firmly committed to helping clients understand the pervasive threat from payment fraud, and the importance of providing objective information about the latest trends and approaches to combating it, " said Stephen Markwell, Executive Director, J.P. Morgan Treasury Services. "The steady migration from paper to electronic payment forms, and the wider adoption of ACH debits, corporate payment cards and Web-based and mobile access channels present new vulnerabilities to potential fraud. J.P. Morgan supports efforts that provide a greater understanding of these threats and the effectiveness of new technologies and practices aimed at preventing fraud.”
Since 2005, AFP has examined the nature and frequency of fraudulent attacks on business-to-business payments, the environment that allows those attacks to occur, and the methods that organizations use to control them.
KEY FINDINGS FOR 2010
- Seventy-one percent of organizations experienced attempted or actual payments fraud in 2010.
- Large organizations were significantly more likely to have experienced payments fraud than were smaller ones. Eighty-two percent of organizations with annual revenues over $1 billion were victims of payments fraud, compared with 58 percent of organizations with annual revenues under $1 billion.
- Twenty-nine percent of survey respondents report more incidents of fraud in 2010 than in 2009.
- Checks were the payment format most frequently targeted by fraudsters, with 93 percent of affected organizations reporting that their checks were targeted. Other payments formats targeted were:
- ACH debit (25 percent)
- Consumer credit/debit cards (23 percent)
- Corporate/commercial cards (15 percent)
- ACH credits (four percent)
- Wire transfers (four percent)
- Seventy-one percent of organizations that were victims of actual and/or attempted payments fraud experienced no financial loss from it.
- For those that did suffer a financial loss resulting from payments fraud, the typical amount was $18,400.
ABOUT THE SURVEY
In January 2011, AFP surveyed corporate members and prospects that held the job title of cash manager, analyst or director and received 399responses. The vast majority of respondents were from mid-market and large U.S. organizations with revenues of at least $250 million, spanning a wide range of industries.
Read the full survey:www.afponline.org/paymentsfraud