How to protect your business from unauthorized transactions

Scoular, a US grain company, lost $17,2M from unauthorized transactions. Their CFO got tricked into sending a payment for a “strategic deal” that was a scam. With AI, it’s now easier than ever for fraudsters to come up with convincing schemes. Read on to learn about unauthorized charges and how you can protect your business from them. Trustpair’s fraud prevention software is the best solution for fighting B2B payment fraud. Our advanced algorithm identifies suspicious transfers and automatically blocks payments before they’re sent.

Contact a Trustpair expert to learn more about our account verification services!

What are the common types of unauthorized transactions?

Unauthorized transactions can happen through all payment methods, from checks to electronic fund transfers. For example:

• Credit card fraud
• Wire transfer fraud
• ACH fraud
• Instant payment methods fraud.

This is true for both the B2C and B2B industries. In the latter, schemes tend to be more complicated than credit card fraud where the card is lost or stolen (although that still happens!).

Here are some common examples of B2B unauthorized transactions:

• Vendor fraud: where criminals impersonate your suppliers to get you to send money to their accounts. Impostors may hack into your suppliers’ email and ask you to change their payment credentials for theirs. They’ll receive the transfer next time you pay your (real) invoice.
• Invoice fraud: scammers create a fake company and send you real-looking invoices for goods or services never delivered.
• Internal fraud: employees use their company credit card to get personal items, or engage in maverick spending. It accounts for 21% of small business fraud.
• CEO fraud: using social engineering, criminals trick your employees into sending money or sensitive data (like credit card information) that’ll be used for a more elaborate scheme. They pretend to be the CEO, CFO, or another high-level executive to convince their victim to act quickly and without thinking.

The impact of unauthorized transactions on businesses

Unapproved charges are double trouble for your business:

1. It incurs direct and indirect costs.
2. It damages your reputation and relationships.

Extreme financial losses

According to our study, 36% of companies lost more than $1M on average from fraud in 2023. There are countless examples of businesses closing down after being scammed.

On top of that, you need to factor in the indirect costs of fraud:

• The resources used for investigating the fraud
• The potential fines for non-compliance to AML laws and other regulations that let the fraud happen.

Learn more about the impact of fraud and how it affects companies in our 2024 fraud study!

Reputational damages

The reputational losses your company suffers due to fraud are harder to quantify, but important nonetheless.

Not paying your suppliers on time (because you’ve actually paid an impostor) can heavily damage your relationship with your suppliers — which is why anti-fraud must be part of your vendor management best practices.

Bank fraud also negatively impacts your relationship with your investors (who may lose confidence in your management) and your clients, which impacts sales.

To sum up, unauthorized transactions profoundly damage your company’s assets.

How do banks investigate fraudulent transactions?

When banks (and other financial institutions like credit unions) spot a fraudulent transaction, they investigate.

Banks and credit card issuers investigate unauthorized charges to determine the method, origin, and impact of the fraudulent transaction.

Here is a step-by-step of how it happens:

1. They receive a fraud alert for a suspicious transaction, either through their anti-fraud system or when customers notify the bank.
2. They gather evidence, by checking the customer’s account history, their bank statement, credit card usage, and other relevant data. It is important to map out the scope and patterns of fraud.
3. They communicate with relevant parties: their customers and, in case of severe fraud, law enforcement agencies. Financial institutions (bank credit union etc.) have a duty to report fraud to organizations like the FBI in the US.
4. They come to a decision: following investigation, their internal fraud department may decide to cover the fraud and refund the customer, or may not if they judge that the customer’s liability was engaged. Most wire transfers are irreversible and in most cases, customers don’t get any money back.

For example, in case of credit card fraud in your company, you are advised to call your credit card issuers (Visa, MasterCard, American Express) as soon as possible.

Your credit card will be blocked and investigated, which takes 2-7 business days depending on the case.

When your corporate bank receives your report of an unauthorized transaction, they will look at your account or card transactions, hear what you have to say, and determine who’s responsible for the unauthorized transactions.

Card issuers all have different policies to investigate suspicious transactions — Visa’s liability policy will be different from Amex’s.

How to detect an unauthorized transaction

The red flags of fraud

Here are some warning signs that your company might be a victim of fraud, which could lead to unapproved charges:

• Cyber-attack: your company has been receiving phishing emails, or its cyber-defenses have been breached. While it may seem that nothing happened on the surface, criminals could have accessed sensitive data, like your credit card information.
• Lost or stolen credit card: your employees have had their corporate card stolen from them, or they lost it. Someone ill-intentioned could now have access to it and use it for their gain.
• Small charges on your account: once they have your credit or debit card info, scammers may try to use them for small purchases to confirm they are valid. It’s their own version of a merchant authorization. When satisfied, they’ll move on to bigger amounts.

The challenge with unauthorized transactions

Unauthorized transactions aren’t easily spotted. In companies, finance professionals often discover fraudulent transactions when doing account reconciliation at the end of the month or the year.

For example, they’ll go through the company’s credit cards or bank statements showing unauthorized transactions.

They can also come to light during audits — internal or external. In all cases, fraudulent transactions are usually detected too late.

That’s why you need a complete fraud detection and prevention strategy (and software). With 96% of US businesses targeted by at least one fraud attempt last year, it’s not a matter of if you’ll be targeted, but of when.

3 steps to prevent fraudulent transactions in your business

Being proactive is key to protecting yourself from fraud. Here are 3 guidelines we recommend our clients to follow (and help them implement) at Trustpair:

Increase safety measures

Your company is only as secure as its weakest process. Fraudsters can easily find a gap in your security processes, either through careful monitoring or because they have insider knowledge.

It’s essential to regularly review and adjust your internal processes so they protect you fully — which often means going beyond regulations.

Processes like account validation should be done during your vendor onboarding, and when your suppliers’ credentials change. At Trustpair, we recommend doing them anytime you want to send a payment to your vendors.

With AI, cyber attacks, and social engineering schemes, that’s the only way to ensure:

• The credentials haven’t been changed without you noticing
• The bank account still exists
• The ownership of the account

While it takes some time to do so manually (and often leads to incomplete results), Trustpair does it automatically for you before any transaction is sent.

Regular employee training

Education is a cornerstone of a good anti-fraud policy. Explain to your employees and managers why they need to follow your policies to the T, from credit card usage to sticking to procurement processes.

Sensitizing them to the common types of scams like phishing, social engineering and Business Email Compromise (BEC) is key to protecting yourself from them. They’re at the frontline of your business and therefore are the ones targeted.

Make sure to offer regular training so security stays top of mind, and to include real-life examples.

With AI nowadays, it’s very hard to distinguish what’s real from what’s fake — scammers take advantage of this confusion to steal money from you.

That’s why education is necessary, but isn’t enough. It needs to be paired with the proper tools to help detect fraud.

Use antifraud software

What is the most failproof way to protect your company from fraud? Without a doubt: software.

Software solutions protect your payments from end-to-end, ensuring you don’t fall victim to third-party fraud.

Trustpair fully protects your vendor payments by automatically checking your suppliers’ credentials. We use AI and pattern recognition to detect any suspicious activity, and we raise the alert before any transaction is sent.

Our anti-fraud solution seamlessly integrates within your payment chain, with most procurement platforms and ERPs like SAP.

Using Trustpair means you won’t have to worry about unauthorized transactions and fraud anymore. We’ve worked with 400 large companies worldwide, with 0 fraud incidents.

Key Takeaways:

Unauthorized transactions are not easily spotted and can break your business. You need to be proactive to protect yourself from fraud, by upping your security measures, training your employees, and using anti-fraud software. Trustpair is the complete solution against third-party fraud, protecting your B2B payments from end to end.