How to fight bank transfer fraud effectively in your business

Bank transfer fraud has been on the rise for the past few years. Today, more than 1 company out of 2 thinks payment fraud attempts will increase over the next 12 months. Damages to companies can be disastrous — it’s hard to recover from the financial and reputational loss. It’s, therefore, crucial to know how to recognize fraudulent activity and set up efficient protective measures.

Trustpair effectively blocks bank transfer fraud by continuously auditing supplier credentials and payments, blocking any suspicious bank transfers. Contact an expert to learn more!

What are the different types of bank transfer fraud?

Definition of bank transfer fraud

Scammers continuously reinvent themselves: from impersonating a Nigerian prince to scam artists creating more elaborate schemes, their wire transfer scams are deadly efficient.

Their goal? Accessing your company’s funds:

• By hacking into your IT system and making a wire transfer to their own accounts ;
• or by demising a scam where they falsely impersonate someone and get you to transfer money to their account.

They do the latter by carefully collecting information on their future victims: learning their speaking styles, their passwords, or other financial information. This social engineering gives them over time the data they need to commit convincing B2B fraud.

In parallel, they also use technology like fake URLs, viruses, malware, or even deepfake content to cheat their way in.

Let’s look closely at the different types of bank transfer fraud.

Vendor fraud

Vendor fraud is very common nowadays. In fact, based on our recent study, a change in suppliers’ credentials is the number one cause of reported fraud.

It’s simple and frighteningly efficient. Fraudsters collect information on your company’s suppliers to impersonate them (which is called spoofing).

They then contact their specific target (like an accountant) informing them of a change in their bank account details. Once the information has been changed in your master file, they’ll be the ones receiving the funds every time you think you pay your supplier (through legitimate or bogus invoices).

From several thousand to hundreds of thousands of dollars, vendor fraud can make lasting damages – including to your relationship with key suppliers. In 2019, Toyota Boshoku Corporation (one of Toyota’s subsidiaries) lost upwards of $37 million to a convincing vendor scam.

CEO scam

CEO fraud is a very daring, very popular kind of fraud. In 2021 alone, it caused $2.4 billion in losses to US businesses (that we know of, as companies don’t like to admit when it’s happened).

In this scam, criminals pretend to be the CEO (or another level of your company’s top management) to contact your financial team members.

They use various convincing arguments in their message to demand that an “exceptional bank transfer” be made urgently and/or confidentially to a given bank account.

Caught under pressure, their victim often caves in, thus transferring funds to the fraudster’s bank account.

CEO fraud can cause great damage to your company. In 2015, Ubiquity Network, a Silicon Valley company, lost about $47 million to scammers pretending to be their CEO.

Phishing attacks

85% of all organizations have been hit by phishing attacks. According to the FBI, these types of cyber frauds are due to increase by 400% every year. In other words: phishing attacks are a serious threat to your business.

Phishing scams are based on identity theft. Phishing emails are sent with fake URLs and too-good-to-be-true content that gets your employees to click. The goal is to collect personal information from your employees, like passwords or bank details illegally. Fraudsters can then use this information directly or indirectly by:

• Blackmailing your company,
• Carrying undetected bank transfer fraud,
• Selling it on the dark web.

It’s important to note that phishing attacks are just the beginning and that according to Cybertalk, 90% of data breaches happen because of such attacks.

Internal fraud

$42 billion. That’s the total reported loss from employee loss, according to PwC. Another study reveals that companies lose at least 5% of their turnover to internal fraud.

Internal fraud is when one or several employees cheat your company for personal (financial) gain. It can for instance happen through accepting bribes, selling sensitive data, cheating with report expenses, and stealing hardware from the company.

It also happens when the fraudster has access to company software (like your treasury or payroll software) and can therefore change a real recipient’s credentials for their own.There are numerous examples of employees creating fake invoices — or even fake payslips — with their own bank account details.

Learn more about payment fraud in the US by downloading our latest report!

How can you protect your business from bank transfer fraud?

If bank transfer fraud happens to you, you could always ask your financial institution to recall the transfer. However, in most cases, the money is long gone when you discover the fraud.

That’s why it’s so key to be proactive about bank transfer fraud. Here are a few protective measures you can set up before it’s too late:

Frequent training and education

Regularly training your staff is key to becoming a cyber-aware company. According to our recent study, 60% of US companies now consider training and educating teams the best approach to minimize fraud in the next 12 months.

More than a few workshops here and there, there needs to be ongoing education in your organization about:

• What bank transfer fraud and cyber-attacks look like (fraud detection)
• How to prevent this type of fraud (which processes to follow),
• How to carry out thorough risk assessments (when onboarding a new supplier or using a new tool for instance)
• What contingency plan to follow if your data has been compromised

Your training should include hands-on practice (simulations are great for that) as well as regular updates on the latest fraud attacks, which also helps to keep it a priority.

Internal policies and security measures

Training is essential, but it would just be empty words without solid processes to support it. It might be time to review your safety standards and security processes!

1. Carry out a risk assessment of your company or department. Mapping out the risk inherent to your business practice is key to mitigating them.
2. Restrict access to sensitive information. Assigning admin or approval rights should be something you carefully consider. It’s also important to have a clear chain of command in case someone is unavailable. Scammers profit from confusion, so clarity in your processes is essential.
3. Adopt the 4-eye principle. Having two sets of eyes to validate each key operation will provide another layer to protect yourself. For example, you can have an employee who initiates payments, and another one who validates them — both checking on their own they’re correct.

Constant supplier data controls

While the above measures are great, they’re not enough to effectively protect your company from financial fraud. Most companies’ safety measures fall short at the last hurdle: the actual bank transfer.

Here are 3 things you must do to ensure you don’t become a victim of fraud:

• Always check your merchant’s identity and bank account information (using three-way matching) before any payment.
• Treat each change of credentials are a potential fraud.
• Regularly check and update your master file.

Third-party checks can be tedious and time-consuming to do manually. That’s why we created our fraud prevention solution. Our software automatically checks all your third-party information in real-time, so you always know your funds are going to the right recipient. Contact an expert right away!

Why are automation and digitalization the best answers to bank transfer fraud?

The most efficient way to protect your company from bank transfer fraud is to use a solution like Trustpair. Our SaaS checks your third-party information against international sources in real-time, verifying both the accuracy and the ownership of your data.

That doesn’t only happen when there is a new entry (like when you onboard a supplier, or they change their credentials) but continuously to detect any suspicious change. With Trustpair, you completely eradicate the risk of financial fraud in your B2B transactions.

All of that, without your team having to manually check for changes – which is both an error-prone and fastidious process. That’s increased protection against all types of fraud (including internal fraud) and more time freed up for higher-value tasks.

Key Takeaways:

• With bank transfer fraud on the rise, your company is at risk now more than ever. Fraudsters keep coming up with new elaborate schemes that result in irremediable financial and reputational losses.
• Being proactive is key. Regular training and specific policies are necessary. It’s also essential to constantly check your third-party information to make sure you’re paying the right person. Trustpair helps you do this efficiently, eradicating the risk of fraud.