A significant increase in fraud activity occurred in 2023 compared to the previous year, with a staggering 80% of organizations reporting being targeted by attempted or actual fraud attacks, according to results from the 2024 AFP Payments Fraud and Control Survey, underwritten by Truist. This statistic underscores the persistent and evolving nature of fraudsters, who remain relentless in their efforts to infiltrate payment systems.

Implementing robust payment fraud controls is crucial for businesses and financial institutions to safeguard against financial losses, maintain customer trust and comply with regulatory requirements. Fraud controls enable early detection of suspicious activities, reducing operational costs associated with fraud incidents. They also enhance data security, protect against evolving tactics and contribute to a seamless and secure customer experience. By investing in effective fraud prevention strategies, organizations can ensure business continuity and mitigate risks in today's complex payment environment.

This article looks at four ways you can mitigate payments fraud.

Positive Pay

“Most fraud we encounter is check fraud, which is generally caught through the positive pay system with the bank,” said one respondent to the survey. In fact, when asked how fraud was discovered in their company, a significant number of respondents replied with some form of “positive pay.”

Positive pay is a disbursement service designed to combat payments fraud involving checks and ACH transactions. There are a few different types of positive pay, including:

• Payee positive pay: The payee line of the check is incorporated into the check issuance file and any alterations that do not match become exceptions to action.
• Positive pay: An organization provides its bank with a list of issued checks, and the bank verifies incoming checks against it to prevent unauthorized or altered checks from being cashed. Similarly, with ACH positive pay, the bank sends a list of pending ACH debits to the company for approval before processing.
• Reverse positive pay: The bank provides a list of checks presented for payment, and the organization confirms whether these checks are legitimate and should be processed.

Altered endorsements on checks initiated the implementation of positive pay for one treasury team responding to the survey, while others reported that positive pay had “picked up altered checks,” thereby preventing fraud. Another respondent relayed the following incident: “An accounts payable check was stolen out of the mail and replaced with a fake check with a different payee. Payee positive pay was in place, so the check was rejected.”

Companies can set rules for automatic approval based on specific criteria. This service is usually conducted in batches, but teller positive pay allows real-time checking at bank branches to prevent fraudulent check cashing. Any exceptions to the matching process are flagged for the company's review, requiring a timely decision to pay or return the item. Banks often provide online access to transaction data and check images to assist in identifying and addressing potential fraud.

Callbacks and Verification

Callbacks and verification play a critical role in preventing payment fraud, particularly in scenarios like business email compromise (BEC), where attackers impersonate legitimate contacts to initiate fraudulent transactions. Implementing a callback process involves confirming payment requests by reaching out to a verified and authorized contact using a phone number from a trusted system of record, rather than relying on contact details provided in emails or other potentially compromised sources.

One survey respondent stated, “When a new vendor is set up, or an existing vendor changes their banking information, treasury contacts that vendor through their main phone line to ensure the update is legitimate. We do NOT call the vendor at the phone number they supplied us.” This method adds an essential layer of authentication, ensuring that the request is legitimate and comes from an authorized party.

Further, incorporating verification steps into payment processes — confirming changes to invoice details, bank account information or contact information — through multiple channels adds another level of security.

Ninety-three percent of survey respondents reported the following two steps as either effective or highly effective: 1) implementing company policies for providing appropriate verification of any changes to existing invoices, bank deposit information and contact information, and 2) confirming requests for transfer of funds by executing a callback to a verified and authorized contact at the payee organization using a phone number from a system of record.

Additionally, one survey respondent reported that their organization intends to implement “an internal vendor portal that will add additional security to help minimize the risk of BEC, etc.” Another is “looking into additional payment validation controls including verifying the vendor name and authorized signer on the payment account and Federal Tax ID on the bank account.”

These practices not only help detect potential fraud attempts but also create a culture of vigilance and accountability within organizations, empowering employees to take proactive steps in safeguarding against payment fraud.

---

---

Shift from Checks to ACH Payments

Despite the alert issued by the Financial Crimes Enforcement Network (FinCEN) in 2023 regarding the “nationwide surge in mail theft-related check fraud schemes targeting the U.S. mail,” 80% of respondents to the survey stated that their companies continue to mail checks using regular U.S. mail without tracking. One respondent to the survey reported, “In the U.S., we had a situation where a check was intercepted in the mail, and the payee information changed; it cleared the bank, and positive pay didn’t catch it.”

Numerous respondents cited a desire for or movement toward the elimination of checks. Regarding payment methods at their company, one survey respondent said, “Check payments have been eliminated as a payment option and are being reduced for current vendors.” They are also encouraging their customers to transition from checks to ACH payments.

Transitioning from traditional paper checks to ACH payments can significantly reduce the risk of payments fraud for organizations. ACH payments offer enhanced security features and can be more easily monitored and controlled compared to checks.

Another survey respondent shared, “A check was stolen from a mail carrier and put up for auction on Facebook. The local authorities reached out to us before the check could be sold. We issued a stop payment and reissued the funds via wire.”

By reducing reliance on paper checks, organizations minimize opportunities for check fraud, including counterfeit checks, altered payee information and unauthorized signatures. ACH payments also streamline the payment process, improving efficiency and reducing administrative costs associated with check handling and reconciliation.

Additionally, ACH transactions can be subject to stricter validation processes, such as positive pay services and automated fraud detection systems, further enhancing security. Embracing ACH payments not only mitigates fraud risks but also aligns with modern payment practices, promoting financial efficiency and security in today's digital business landscape.

Fraud Prevention Education and Training

By educating employees about various fraud schemes, such as BEC, phishing attacks and invoice fraud, organizations empower their workforce to recognize suspicious activities and take appropriate action. In fact, 86% of respondents to the survey reported that end-user education and training on the threat of BEC and how to identify spear phishing attempts was effective or very effective in preventing fraud.

“We initiated a major training campaign including both in-person lessons and web training videos,” said one survey respondent. “These training tools were deployed to all staff members and included short tests to validate user engagement.”

Training programs can teach employees how to verify payment requests, authenticate communication channels, and follow established protocols for fund transfers.

“Treasury put together a ‘Fraud Army’ deck and provided training sessions across the company to help educate/remind employees of payment methods and fraud prevention tactics,” said another survey respondent. “We also worked to get this training implemented as mandatory for every employee with a periodic refresher.”  Heightened awareness helps people to identify potential threats early on, reducing the likelihood of falling victim to fraud schemes.

Ongoing education ensures that everyone stays updated on emerging fraud tactics and security best practices, reinforcing a culture of vigilance and accountability within the organization. Another survey respondent reported that their IT team “sends phishing emails randomly. They also send out monthly bulletins with best practices and safety tips.”

“Our corporation has monthly cybersecurity training as well as mock phishing attempts for all corporate employees. This has helped educate and keep employees diligent,” said another survey respondent.

Ultimately, investing in payment fraud prevention education and training strengthens the organization's defenses against payments fraud and enhances resilience.