Beware payments fraud

beware-rising

SUMMARY

Instances of payments fraud have been among us for a while, but remote working has given rise to an increase of fraudulent attacks on companies. However, awareness, caution and training can keep those intent on causing financial harm at bay.


Bank fraud trends

Late afternoon before the Easter Weekend, an invoice marked ‘Urgent: due for same day remittance’ arrives via email just as an accounts payable clerk at a manufacturing firm is about to leave for the day. The invoice is purportedly from a vendor with whom the company works and looks genuine. Even the clerk’s boss, the company treasurer who happens to be on leave, is copied on the correspondence.

The email seems to be originating from an address that looks like it’s the vendor’s invoicing department and the bank transfer details appear to be the same. However, a cursory glance suggests one of the digits in the account number is in the wrong place. Phone calls on a late afternoon before the weekend go unanswered, and in his rush to leave, the clerk wires $119,000 to a vendor he thinks is genuine. Upon the return of the company treasurer, the payment request is revealed to be fraudulent.

This is a real example of a fraud that occurred in the U.S. The case itself is a relatively small instance of fraud as millions are lost by corporate victims each year. 65% of respondents to the 2023 AFP 2023 Payments Fraud and Control Survey Report indicated that their organizations were victims of either attempted or actual fraud in 2022. While the survey indicates there is a downward trend in payment fraud in recent years, it is still concerning that 2 out of 3 companies continue to be victims of attacks.

The report also states that Business Email Compromise (BEC) scams are highly prevalent and are the root cause of payment fraud for most organizations. According to the report, 71% of companies were either victims of payment fraud or attempted fraud via email in 2022 with larger organizations being the most susceptible to BEC scams. Payment methods used during BEC attempts include both wire and ACH debits, with ACH debits being increasingly targeted.

Of course, awareness of BEC scams has increased, and we find that businesses have started to strengthen their defenses. However, cybercriminals have also evolved their strategy, moving from the well-known format of impersonating an executive within the firm and requesting a payment, to more sophisticated vendor based BEC scams like the aforementioned case study

In vendor based BEC scams, the majority of all BEC cases, the attacker poses as an existing supplier. The attacker no longer has to convince the victim of the need for the payment, as regular payments are already being sent to existing vendors. Instead, the fraudsters are simply sending updated payment information. Such a scam is effective because the fraudster is not initiating a new conversation but seizing an existing email exchange.

Check fraud

Check fraud continues to be the payment method most frequently subject to attacks. It occurs when a check is presented against an organization’s account that was not issued by the organization or when the payee information is altered. This type of fraud is low cost to the perpetrators and as such is very attractive. The consequences are both financial loss and operational disruptions to the check issuer, as a new account will have to be opened and updated account information sent to customers and vendors.

Robust fraud protection measures are a necessity to safeguard an organization’s operating accounts. Now more than ever, fraud prevention and protection practices are crucial to protecting your business from payments fraud. Awareness, caution, and consistent steps outlined below can help reduce the likelihood of a successful attack:

Best practices for combating payments fraud

  • Incorporate processes to validate payment requests: New payment instructions should always be confirmed, preferably via an in-person meeting or a phone call with a known telephone number
  • Dual Approval: Utilize an approver/checker process whenever you need to add a new payee or change existing payment details. Dual control significantly improves your chances of identifying a fraudulent act
  • Confirm identity of sender: In addition to call-backs, the authenticity of the sender of an email can be quickly checked by hovering over the sender’s name in an email to display the real address
  • Implement Bank Controls: Leverage your bank’s fraud protection and detection tools, including Automated Clearing House (ACH) Debit Blocks and Filters, and Positive Pay with Payee Name Verification
  • Utilize Electronic Payment Methods: Due to the heightened vulnerability of check fraud risk, consider electronic or automated payment methods such as ACH or wires to optimize your payables operations
  • Segregate Bank Accounts: As the primary source of fraud is related to the payment process, separating your payables and receivables accounts can help protect the organization’s incoming funds. Receivables accounts can be set up with restrictions that prohibit outgoing payments from being made out of the account, as well as ACH Debits drawn out of the account
  • Ongoing Communication and Training: Awareness and understanding of current fraud trends is foundational to identifying potential fraud. As an example, businesses can subscribe to the U.S. Treasury Department’s Office of Inspector General’s fraud alerts to keep up to date

If your business falls victim to a successful fraud attempt, we suggest contacting law enforcement, your insurance company, and your bank to report the incident.

Contact us

To help put you in touch with the right Private Bank team, please answer the following questions.

Are you an existing Private Bank client?

Please fill out the form, so we can contact you.

I consent to the use of my personal information (name, telephone number and email address) by Citi Private Bank for the purpose of contacting me to send me marketing information about Citi Private Bank's wealth management products and services. I understand that my information will be used in accordance with the relevant  privacy statement for my location. I also understand I can withdraw this consent to be contacted by phone by emailing donotcall@citi.com, or email by visiting the email preference center at any time.

Please consent to the terms and conditions to continue

I am looking for services to support...

My net worth is (USD)...

The AUM (USD) of my single family office is...

Thank you for your interest in Citi Private Bank.

Our family office services are only available to single family offices with over $100 million in AUM. 

Thank you for your interest in Citi Private Bank.

Our services have a minimum investment level of $5 million.

Based on the information provided, we believe that a Citigold relationship may be most appropriate for your needs.

To find out more: Visit Citigold

Thank you for your interest in Citi Private Bank.

Our services are only available to individuals & family offices.

Based on the information provided, we believe that a Citi Commercial Bank may be most appropriate for your needs.

To find out more: Visit Citi Commercial Bank

Job title & Company

Job title & Company

Location

Please select one of the above options

Please enter your contact details

How can we help you?

I consent to the use of my personal information (name, telephone number and email address) by Citi Private Bank for the purpose of contacting me to send me marketing information about Citi Private Bank's wealth management products and services. I understand that my information will be used in accordance with the relevant privacy statement for my location. I also understand I can withdraw this consent to be contacted by phone by emailing donotcall@citi.com, or email by visiting the email preference center at any time.

Please consent to the terms and conditions to continue

How can we help you?

I consent to the use of my personal information (name, telephone number and email address) by Citi Private Bank for the purpose of contacting me to send me marketing information about Citi Private Bank's wealth management products and services. I understand that my information will be used in accordance with the relevant privacy statement for my location. I also understand I can withdraw this consent to be contacted by phone by emailing donotcall@citi.com, or email by visiting the email preference center at any time.

Please consent to the terms and conditions to continue

Thank you for your interest in Citi Private Bank. A member of our team will be in touch with you shortly.

Thank you for contacting Citi Private Bank. Your enquiry has been forwarded to your relationship team who will be in touch as soon as possible.