The global cost of payment fraud
It is estimated that online payment fraud cost the global business economy over 16 billion pounds in 2021. With the shift from physical to digital as a result of the COVID-19 pandemic businesses have been placed in a more vulnerable position when it comes to being a target of online scams, fraud and cyberattacks.
Defining payment fraud
While payment fraud is not a new phenomenon, in a growing technical world, criminals have changed the way in which their crimes are committed. There are two main types of payment fraud that businesses should be aware of, especially smaller businesses as they are more commonly targeted. These forms of fraud can be differentiated by the types of victims they produce, type 1 produces direct victims: Identity fraud, hacking and data attacks; and type 2 produces indirect victims: Banks, states and/or systems such as money laundering.
Businesses providing payment services should be extremely vigilant during the onboarding of new customers and collect continuous data to monitor behaviours, flagging and blocking any indiscrepancies such as geographical locations or frequency of payment requests.
Payments can be broken down into three steps: 1) Validating the source requesting the payment, 2) Validating the payment requisition and 3) Validating the transaction. The steps which pose the greatest risk for breakdown, are steps 2 and 3. This is where invoice fraud is most common as criminals intercept these stages and abuse the Authorized Push Payment (APP) function, prompting customers to initiate payments in good faith.
Protecting against payment fraud
There are a number of things businesses can do to protect themselves from invoice fraud and other payment scams. A strong focus on employing a fraud team that is technical and managerial will ensure the entirety of the process is protected. For smaller businesses this may mean outsourcing a comprehensive specialized fraud team. There should be solutions in response to every flag raised. This involves a catalog of actions to combat specific problems based on informed decisions made from accurate data.
Teams should also strongly consider implementing anti-fraud mechanisms and security solutions that allow them to use data to score transactions and flag potentially suspicious payments. It’s usually when payments are at the process stage that such anti-fraud mechanisms step in and block or intercept the fraudulent request.
Furthermore, I would always recommend storing company and client data in the cloud, providing an externalized embedded layer of security which reduces risk of data loss. Old archives are much more susceptible to leakage leaving customers, suppliers, and other stakeholders data at a greater risk.