Safeguarding your business against payment fraud

Worthwhile? Of course. Simple? Not in the slightest. When B2B payment fraud occurs, it’s corporations that stand to lose the most. Customers and consumers are (rightly) protected against payment fraud by the Consumer Credit Protection Act (1974). It means that they get refunded most of the time. In contrast, businesses don’t have such a luxury. Corporations aren’t guaranteed reimbursement, and even in the 48% of cases that lead to recovery, most only recover a small portion of their defrauded funds. It’s safe to say that once payment fraud occurs, you’re unlikely to see that cash again. And once the news gets out, your company’s entire security comes under fire. Partners and suppliers naturally begin to question whether working with you is safe, or whether it exposes their own businesses to the vulnerabilities of payment fraud.

Safeguarding your business against payment fraud (before an attempt happens) is essential. With a dedicated platform to prevent vendor fraud, we take your security seriously. Read on to learn more about payment fraud and how to prevent it.

Interested in payment fraud and how to fight it? Check out our free study about payment fraud in large companies.

Payment fraud activity: the current state of play

It will come as no surprise that B2B payment fraud is growing. Since 2020, there has been $48 billion lost in e-commerce to fraud.

For example, Sade Telecom was asked by one of their known suppliers to change the bank account details for payment. Without any verification or due diligence checks, the company obliged and paid their supplier into the new account. It was only when a late payment notice came through the post, three weeks later, that Sade Telecom realized they’d been the victim of payment fraud.

Although the money was lost, it prompted a full security audit and review. The company has since chosen to work with Trustpair to ensure this would never happen again.

The reaction from business leaders to this increase in payment fraud cases matches what would be expected. Now, 91% of survey respondents believe there is a higher risk of fraud, and feel more vulnerable to scammers.

What makes matters even worse though, is that it seems that companies in the US are bearing the brunt of fraud attempts. US cardholders were victims of 38% of all card fraud attempts, even though Americans only make up 22% of cardholders worldwide.

Fortunately, enterprises are being more thoughtful and mature in their approach to preventing payment fraud.

Our own research, in combination with SAP and Accenture, reveals that senior finance leaders are increasingly aware of the risks. Not only that but there is a strong desire among organizations to move towards more automated and secure processes.

Two-thirds of businesses are now using the validation of beneficiary bank details before making a payment. By getting automatic notifications of the red flags in real time, users can react quickly and protect their businesses.

Common payment fraud scams to know

There are several common types of payment fraud that your people should be trained against, including:

• Merchant identity theft
• Credit card fraud
• Phishing scams

Merchant identity theft

Otherwise known as invoice fraud, this type of payment fraud happens when someone impersonates your suppliers. After sending you the goods, the real merchant’s invoice is intercepted, and fraudsters change the bank account details to their own. When you pay for the goods, your real suppliers never see the funds enter their account and the scammers walk away with everything.

A well-known example of invoice fraud happened with Google and Facebook. Between 2013 and 2015, a lone con artist sent fraudulent invoices to the two companies. Without the proper checks and security measures, the companies handed over more than $100 million.

Credit card fraud

Payment card fraud sometimes refers to chargebacks and, in other cases, involves the identity theft of customers. It happens when fraudsters physically or virtually steal card information and use it to purchase goods or services from your business.

This is common in the travel industry when intermediaries are used to sharing foreign credit card information with trusted travel companies. In 2018, this totaled over $5.7million in fraudulent hotel bookings alone. This is what happens when well-meaning companies sign a contract without verifying the legitimacy of their partners.

Phishing

Phishing is the act of an opportunist criminal who impersonates someone legitimate to access company funds or sensitive information.

CEO fraud is a type of spear phishing, which refers to a more targeted type of attack. Fraudsters who can get inside your system spend weeks learning about how the senior management sound, and impersonate them through email spoofing.

The occurrence of phishing scams grew exponentially during the pandemic when remote work weakened the payment fraud protection measures in place. Without being in constant communication with the team, fraudsters were able to apply pressure with urgency tactics easily.

For example, a huge case of CEO fraud occurred in 2016. A hoax email was sent to an employee at the Austrian aerospace engineering firm, FACC, by someone pretending to be the CEO: Walter Stephen. It asked the employee to transfer €42 million as part of an elaborate electronic payment fraud scam disguised as an ‘acquisition project’.

Unfortunately, the employee complied and the money was never recovered. The CEO and Chief Financial Officer were removed from their roles shortly after. This entire event has highlighted the impact of fraud on your employees, who can get fired, fined, or even imprisoned. Therefore, you have a responsibility to protect not only your customers from fraudsters but your people too.

Preventing payment fraud

Prevent payment fraud by creating a secure payment process that’s specialized, not generalized.

For example, pharmaceutical group Octapharma Group focused on improving their supplier verification checks in order to achieve zero cases of payment fraud. They worked with Trustpair to increase both the range and reliability of data. More specifically, Octapharma Group used Trustpair to automatically control changes to supplier IBANs, get real-time visibility on suspicious activity and get insight into missing or duplicate data.

This led to a 25% increase in enriched third-party data, alongside the prevention of all payment fraud attempts.

But here’s the catch…

What works for Octapharma Group probably won’t work for you.

Effective anti-fraud strategies start by auditing all of the current processes and looking for corners of vulnerability. It can be useful to ask yourself:

• Are the employees regularly trained against emerging fraud techniques?
• Are your email spam filters up to date?
• Do you have to use various unsecured third-party platforms to get from procure to pay?
• Does your team follow internal controls?
• Is there a set due diligence process for vetting potential new merchants?

In order to get started on a fraud protection strategy that works for your organization, get in touch with a Trustpair representative.

How to detect B2B payment fraud

Online payment fraud detection is the last step in prevention. It happens after a fraudster bypasses all of the measures you’ve put in place to ward them off, and only if they actually attempt to defraud the company.

Successful payment fraud management is all about data analysis. With an anti-fraud program, your accounts are automatically monitored 24/7, and your payment operations sit behind a complex online security system.

Detecting payment fraud becomes easier when you have the ability to automatically verify the account details of potential suppliers. Our rich databases even include ‘hard to reach’ information from foreign suppliers that aren’t required to publish certain data by their own country’s regulators.

Working with Trustpair to detect B2B payment fraud will protect your payment chain from beginning to end. It means your company won’t have to endure the same experience as companies like Google, Facebook, and FACC.

Operational risks that might be exposing your business to payment fraud

For all the tactics and techniques to safeguard your business against payment fraud, there are also some prevalent slip-ups by companies. These are operational processes that increase your payment fraud risk susceptibility.

Information Sharing

A major slip-up is sharing ‘secure’ information with external platforms. Most of us don’t think twice about integrating with third parties to upgrade our business offerings, but it’s important to do your due diligence first.

In 2020, Marriott experienced a leak of over 5.2 million records after one of its third-party partners was hacked. While the hotel chain’s own platform was highly secure, the company failed to confirm the security measures associated with its partner.

Unfortunately, this led to a breach of up to 399 million individuals in the UK and the company was made to pay £18.4 million in penalties. However, you can mitigate fraud risk in this way by ensuring that you protect the personal information of your customers by following data best practices.

Anti-spam filter

Secondly, some companies rely on their email provider’s standard file wall to filter out spam. In everyday life, this is a sufficient way to prevent fraud. But for enterprises with high stakes, it’s just not good enough.

In 2017 Equifax, one of America’s “big three” credit bureaus, experienced a data breach. The blame fell on employees who did not patch up a known error in their software, and the anti-spam filter which did not spot any vulnerability.

Repair the chink in your anti-fraud armor by upgrading the spam software on your company email accounts.

If you’re interested in fighting fraud, contact one of our experts today !

To summarize:

• After payment fraud detection, most businesses don’t get their money back
• Your organization can safeguard against payment fraud by verifying supplier information and using AI to flag suspicious activities in the data
• Companies should approach security by bearing their third-party partners in mind
• You can train your employees to spot the common types of b2b fraud, including invoice fraud, card fraud, and CEO fraud
• You can work with software to give your people 100% confidence in blocking fraud attempts