Online payments are the transfer of funds electronically and over the Internet. As with any method of payment, they are subject to frauds like phishing, business email
compromise, and pharming. Toyota’s accounting department was targeted in 2019 when fraudsters impersonated a third party. This led to online payment fraud of $37 million. Read on to learn all there is to know about fraud prevention for online payment and make sure your organization never falls victim to this type of scam.
Protect your business against the financial effects of b2b payment fraud by working with Trustpair. Our platform is the ultimate protection for your business and continuously controls payments before they’re executed! Contact an expert to learn more!
Why are online payments a gateway for fraud?
When electronic payments were first introduced, they were a breeding ground for risk, fraudsters, and scams. Being able to hide behind a computer screen meant it was hard to identify the culprits. Scammers could make away with stolen information and purchases with ease.
From guessing passwords, to complex hacking of merchants, there were a number of different ways that scammers chose to exploit the systems.
But now that regulations and ID verification tools have been widely established, criminals will have been forced to become more creative. Instead of technical hacking skills, cyberattackers are now more likely to rely on social engineering tactics to manipulate their victims.
The huge rise in phishing and business email compromise scams has proven this, with one anti-phishing group recording lifetime high data of fake sites, and 4.7 million phishing attacks in 2022.
The pandemic also accelerated the use of remote payments by businesses. Indeed, it caused a huge move away from cash and check payments. But where the types of payment have increased, that leads to more opportunities for thieves. And a higher volume of this type of transaction means that, if they are unmonitored, it’s easier to hide the fraud.
Detection of fraudulent activities is harder than ever and all types of organizations can be targeted.
Case study: fraudulent electronic payments cost Sade Telecom
According to Trustpair’s 2022 study on payment fraud, 74% of companies check supplier credentials during initial onboarding. However, only 20% perform follow-up checks before they actually pay.
This leaves a big loophole for thieves: they can easily change merchant details further on and have money transferred to their own accounts. Without any control, it’s impossible to detect or prevent this type of theft.
This is clear vulnerability that criminals have learned to exploit because 55% of fraud is associated with changing supplier credentials.
In fact, that’s exactly what happened to Sade Telecom.
The payments team read a request from a merchant to change the bank details, and thanks to their payment platform, could easily go ahead with the new credentials.
However, the digitization of payments was what really opened the door to fraudsters – because there were no identity checks performed. It was only when the company received a “late payment” notice 3 weeks later that they realized they had fallen victim to vendor fraud.
And while the group reported the scam to their bank, they suffered from significant financial losses. They now work with Trustpair for solutions, by continuously verify the bank details of all third parties and detect and prevent instances of online payment fraud.
What are the best prevention measures against online payment scams?
For electronic payment fraud prevention in particular, there are several measures that businesses should implement:
- Use secure payment methods
- Authenticate payees and payers
- Limit access to account information
- Educate employees against phishing and BEC scams
Use the most secure online payment methods
While cash may have been king back in the 1970s, it’s a firmly outdated method of payment in today’s world. Similarly, cheque payments also rule a kingdom; the fraud kingdom. This method accounts for 66% of all payment fraud in 2022.
So it’s clear that the online transaction is more secure, but not all of them are made equal.
For example, business credit cards could be considered more secure than debit cards. In the US, corporate and personal credit card users are covered by the Fair Credit Billing Act in case scammers make a fraudulent purchase using your details. It means that businesses are only liable for $50 before being reimbursed for the rest of the spending amount, no matter how high this is. Instead, debit card users aren’t afforded the same fraud protections.
It’s therefore imperative to use secure electronic payment methods. Even if criminals do somehow get hold of your details, your organization should be protected. ACH and wire transfers (learn the differences between them in this article) are two examples of highly secure payment methods that help businesses give scammers a low risk of success.
Authenticate payees and recipients
While secure payment methods are useful against hackers and technical cybersecurity attacks, they aren’t as effective if the fraudster is able to access yours (or customers) accounts and make their own financial transfers.
Techniques like phishing and business email compromise rely on the manipulation of insiders to give away this information. Therefore, authenticating the payee and recipient is imperative in order to prevent social engineering attackers from placing their own transfers.
Strong Customer Authentication is one protocol system required by financial institutions in the UK and Europe that US businesses could also implement. It requires the payment maker to provide two of the following three pieces of information to prove their identity:
- Knowledge: such as a password or answer to a security question
- Inherence: a biometric authentication like face ID or fingerprint
- Possession: such as a one-time passcode sent to a mobile device
If the right information can’t be presented, the payment won’t go through.
Limit access to accounts information
For businesses with many employees, limiting access to account information is key. You might already know that in order to commit ACH fraud, criminals only need your bank account number and routing number. And thanks to the delay in transfer time, it’s often too late to prevent this type of fraud – by the time it’s recognized, it’s already left your account.
The segregation of duties is a great way to limit who gets access to what information internally. It means that no single employee has responsibility over a process, and instead utilizes the “four eyes” principle to ensure multiple people take care of different sections.
This may sound counterintuitive to involve more people if the goal is to limit access.
However, the segregation of duties can facilitate reduced access to sensitive information (such as bank address, account no etc), as each employee only knows their specific section of information. Moreover, with multiple sets of eyes across the resources, employees are more likely to spot and flag suspicious activity.
Educate employees against phishing and BEC scams
While many fraud prevention techniques focus on preventing your confidential information from falling into the wrong hands, strong phishing scams may also use impersonation. If successful, this could lead to your employees making payments in good faith to fraudsters, without knowing their real identity.
Therefore, fraud awareness training is imperative to reduce instances of online payment fraud. These sessions should cover the common telltale signs of phishing, and what steps employees should take if they suspect an attempt of fraud.
More is certainly better when it comes to fraud awareness sessions. Therefore, regularity is important – every quarter is better than once per year.
Prevent online fraud by including senior leadership within your organization’s fraud awareness. These individuals are some of the most common targets for impersonation in CEO fraud, because they often have the authority to make payment requests without causing suspicion.
Including senior leaders in fraud education encourages them to follow the internal controls without abusing the system, and sets the standard for junior employees to follow.
Learn all there is to know about B2B payment fraud in our latest fraud report!
How can you detect online payment fraud?
Fraudulent payment detection can be managed through:
- Following AML compliance
- Updating security measures to thwart new threats
- Monitoring transactions
AML compliance
AML stands for anti-money laundering, and there are regulatory requirements all over the world to enforce this.
In the US, for example, public companies must openly register their financial reports under SOX Law, and potential partners will request an Ultimate Beneficial Ownership check. This aims to protect companies when they get into business with a new partner by ensuring that everybody is operating with transparency.
AML compliance can also include customer checks, such as Know Your Customer. This aims to verify the identity of the payment maker and ensures that they do not have a history of fraudulent payments.
Updating security measures
As the digital world continues to evolve, new threats and scams will also emerge. Only recently, the famous “gift card scam” fooled many US businesses as they moved from in-person to remote.
Therefore, it’s important to upgrade your company’s security services in order to block any exploitation. Here are some security ideas:
- Upgrade your email spam filter to block phishing emails from making it through to inbox
- Use multi-factor authentication (MFA) to verify payee and recipient details
- Store financial data in a securely managed cloud location with access limitation
- Implement internal controls to restrict employee access to accounts as a fraud deterrence measure
Monitoring transactions
Finally, monitoring transactions is possibly the single strongest method for detecting online fraud. By checking third-party details against external databases, businesses can be sure that suppliers are who they claim to be. Moreover, any change in payment details can be authenticated against real banking credentials.
Of course, trying to continuously perform transaction monitoring on a manual basis is not only time-consuming but virtually impossible to stay on top of. Many organizations have thousands of vendors, and this would be a full-time job.
Instead, using automation and the right tools is the ultimate fraud protection. Working with a service like Trustpair allows large organizations to track all of their incoming and outgoing payments, verifying third-party details in real-time. If suspicious or unknown transactions are detected, the money remains in your account for further investigation, preventing the risk of fraud.
On top of that, each merchant’s data is checked during his onboarding and throughout the whole merchant lifecycle. This service guarantees data integrity and peace of mind for finance teams.
Demo Trustpair today to detect suspicious activity and stop payment thieves in their tracks.
In Summary
From card not present to business credit cards, e-payments are subject to fraudsters. But businesses can prevent online payment fraud by limiting access, authenticating account holders, and using secure payment methods.
Detect payment fraud with Trustpair’s continuous transaction monitoring, regulatory compliance, and security upgrades. Our prevention platform will help you protect your company from fraudulent transactions and increase the trust customers and merchants have in you. Trustpair services also include high level risk analytics, workflows and live warnings in risky situations.