How to Protect Your Company from Payment Fraud

How to protect your company from payment fraud

Seventy-four percent of finance professionals say their companies were victims of payment fraud in 2016, more than in any other year, according to the Payments Fraud and Control Survey1, P D F opens in a new tab by the Association for Financial Professionals (AFP). Of this targeted group, three in 10 had losses of at least $250,000.

Along with this direct financial hit, companies also faced hefty legal fees and administrative costs to sort out the aftermath.

What can you do to protect your company? A key starting point is by understanding the prevalent risks and how to respond so you can recover quickly.

Read here to learn more:

Types of payment fraud

Thieves have devised creative ways to attack almost all types of transactions. Common schemes include:


Three-quarters of companies that fell victim to payment fraud in 2016 experienced at least one instance of check fraud, the AFP study revealed. Common check fraud schemes include:

  • Altered checks: This occurs when a check has already been issued, but data fields on the check are changed to reflect alternate, fraudulent amounts and payee names.

  • Counterfeit checks: Advances in software applications and printers have given fraudsters a way to create imitation checks if they have a company’s bank account information.

  • Forgeries: Often involving stolen checks, forgeries occur when there is an unauthorized signature from the payer or endorsement from the payee.

Electronic payments

Wire transfers and Automated Clearing House (ACH) transactions — both of which involve moving funds between bank accounts — are increasingly targeted, coming in at the second and fourth highest forms of fraud, respectively, according to the AFP report. In some cases, all that is needed to initiate the fraud is an organization’s bank account information. A primary reason for the recent spike in electronic payment fraud is from wholesale hacking schemes known as "imposter fraud," which target company employees who have access to sensitive and financial data.

Credit cards

Thirty-two percent of companies reported at least one instance of corporate credit card fraud in 2016, according to the AFP. Unauthorized users, whether an employee or outside individual, commit this type of fraud by using a corporate credit card to make unapproved purchases.

Credit card fraud can occur when company cards are lost, stolen or duplicated as counterfeit cards. Credit cards can also be obtained through "account takeover" in which a fraudster gathers company financial data and contacts the bank to report a change of address and lost card. They are then sent a replacement card, giving them access to a company’s finances.

Merchant services

Merchant services fraud, or debit and credit card processing fraud, has decreased in recent years thanks to the adoption of EMV chip cards. However, since liability for this type of fraud now lies with businesses that have not yet implemented EMV acceptance technology, they are more prone to counterfeit card use. Fraudsters can create a counterfeit card simply by capturing card information embedded within the magnetic strip.

How to protect your business

Preventative steps can go a long way toward sidestepping attacks. If you don’t already use these best practices, be sure to implement them:

  • Train your staff. Teach your employees to recognize the signs of payment fraud. For example, fraudulent checks may have a missing or poor-quality watermark or microprint, which is a small line of print that is difficult to photocopy and can be read only when magnified. Credit card fraudsters may buy many expensive things and attempt multiple transactions, even in a single visit. Offer guidance on how employees can report any fraudulent activity they notice.

  • Use EMV terminals. Minimize the likelihood that counterfeit cards can be used at checkout by updating your system to support payments through an EMV system. If you don’t have an EMV terminal already, think about upgrading.

  • Verify card not present transactions. Have strong verification processes in place when customers pay by mail, phone or online, known as card not present (CNP) transactions. Always use address verification (AVS) to confirm that the billing address they provide matches the address on file with their credit card provider. Also, request the three- or four-digit code, known as the card verification value (CVV), which helps to verify the buyer has physical possession of the card.

  • Strengthen internal safeguards. Be sure you have a dual-approval process in place for payments, in which one person initiates a transaction and another approves it. For large-dollar check payments, require more than one signature. Also, consider using a dedicated computer for banking transactions to limit access to sensitive financial information.

  • Understand the rules. Businesses typically have shorter windows for disputing transactions than do consumers. For example, companies have 24 hours to alert their bank to an unauthorized ACH transaction once it has posted, compared with a 60-day time frame for consumer transactions. Reach out to your business banker or merchant services provider to clarify how you should respond to suspect transactions.

  • Monitor account activity. Make a point of reviewing your transactions daily so that you can spot fraudulent payments right away. This can improve your chances of having these charges cleared. Sign up for account alerts that can help you monitor activity more closely.

  • Talk with your insurance agent. Check whether your current policies would cover losses resulting from payment fraud. This type of coverage is fairly new, so it may not be included in a long-held policy. Many commercial crime policies, for instance, cover losses when funds are taken by a third party, but may not cover losses when employees are tricked into initiating a transfer, as in an imposter fraud scheme. Specialized coverage may help to fill in gaps.

  • Tap bank services. Some banks offer services that can protect against potential fraud. For instance, Positive Pay and Reverse Positive Pay are services that can ensure checks issued from your company are matching up with the ones being processed. An ACH monitoring service can closely watch your accounts and block any unauthorized transactions.

First Citizens can help you maintain control of your company’s financial security and reduce your risk of payment fraud. Contact a First Citizens Associate to see how we can help.