The last thing a business needs in these times is to be the victim of financial fraudsters. Unfortunately, con artists don’t feel the need for sympathy; in 2020, the Association for Financial Professionals‘ reported that over 80% of organizations had experienced some form of payments fraud. “Fraudsters continue to succeed in their attempts to attack organization’s payment systems,” the AFP wrote in their annual report. And in a year where many businesses are eager to take advantage of new opportunities and are chronically understaffed, the field is ripe for even more rampant fraud.
Knowledge is power, though, and a well-informed team is a difficult barrier for con artists to penetrate. Learn more about fraudulent trends we expect to see this year – and how Carter Bank & Trust can add an extra layer of armor.
Business Email Compromise Remains a Major Fraud Gateway
Business Email Compromises, or BEC, composed over 61% of attempted and actual payment fraud attempts in 2019. Fraudsters can compromise an entire network through one infected email account, which can be used to reset account passwords and gain even further access to corporate systems. However, in some unsecured organizations, an authorizing email sent from a high-level employee could be enough to trigger fraudulent activity. Oftentimes, once the con is discovered, the phisher is long gone.
Over 80% of organizations polled indicated that this was so significant a concern that they had implemented end-user education across their teams to help identify “spear-phishing attempts” often used to gain access to email accounts. Furthermore, 59% of those polled implemented some sort of two-factor authentication for company accounts attached to emails and payment initiation, further protecting access to accounts that have greater messaging authority within an organization. We consider both of these to be small security investments with massive returns, especially two-factor authentication for employee email accounts. If your team uses Gsuite or any popular email hosting platform, two-factor authentication can often be implemented over the course of a day for little to no additional cost.
ACH Fraud Is On the Rise
Automated Clearing House (ACH) transactions is one of the most common financial tools that a business may use to conduct multiple transactions on a daily basis, but it’s also ripe for fraud. Over 33% of businesses experienced ACH fraud, which mirrors an increased willingness to abuse a system many users feel is safe. “As fraudsters move away from targeting checks and wires,” notes the AFP, “they are resorting to ACH transactions as vehicles for their scams. In efforts to avoid raising red flags and escape detection, perpetrators of such attacks are attempting to use payment methods previously not considered to be high risk.”
A gatekeeper system that allows a key decision-maker, such as the business owner or chief financial officers, to have final accept/reject power on ACH payments before they post is the most effective means of squashing ACH frauds. That’s why we offer exactly that in the form of ACH Positive Pay.
An Internal Immune System
Just like with our own health, your organization should try to prevent any sort of fraudulent penetration of your company’s systems – cuts and scratches, if you will. But it’s wise to assume it will occur and have an internal immune system in place that can stop that wrongful access right at the source before it causes any further damage. When all it takes is one wrong click or lapse of judgment, internal securities that can stop breaches once they occur are a must.
That’s why many organizations around the nation are implementing secondary verification systems that are required before financial changes can be pushed through from a single source. Other options include tailored treatment of transactions, like Carter Bank & Trust’s Positive Pay, which monitors your outgoing checks – still the largest target for payment fraud – looking for exceptions to regular transactions that merit a second look before approval.
As with any security system, the more layers working together, the better. If you’re concerned about your firm’s security protocols, we invite you to manage your financial systems here through Carter Bank & Trust. You’ll gain access to a suite of insights and controls that starts working intelligently together to protect your assets from day one.