Fraud, Fraud, Fraud

We used to ask the question, have you ever been a victim of personal or professional fraud? Nowadays, it seems like the question that is now asked is who HASN'T been a victim of personal or professional fraud, right?

According to the 2015 AFP Payments Fraud and Control Survey, 62% of organizations fell victim to payments fraud.

It seems like these numbers, despite best efforts, continue to rise as the criminals get smarter and smarter. The efforts of criminals are impacting all payment types. So how do companies implement real, consistent corrective and preventative measures so as not to fall prey to these scam "artists"?

Let's first lay down further foundation as to the level of impact fraud is having.

Have you been reading and listening to the news this week about the $300 million fraud ring of phone IRS callers? Thus far 56 people have been arrested! 56!

I received one of these phone calls. Luckily for me, maybe not others, I don't answer any calls where I don't know the number. So they left a voicemail. I immediately had some red flags regarding the message. So what does any good citizen do? I went to google and did my own investigative research!

I did a reverse look-up of the phone number and realized that this number was leaving similar messages to others and that it was a major scam and to not answer the call. So I blocked the number. Two months later I'm watching this week on the news how these [insert person opinion] societal malefactors are arrested, finally.

In the business world, fraud is still rampant. Let's look at the big ones.

1. Check fraud.

According to the 2016 AFP Payments Fraud and Control Survey, 71% of companies that experienced attempted or actual payments fraud in 2015 were victim of check fraud.

Ok, pause.

71%!!!!

This figure alone baffles me as to why companies are still so adamant about check writing! The cost, alone to make payments like this is still alarmingly staggering. The amount of paperwork......well, I mean.....does ANYONE out there in treasury/AP/finance land still love trees????

I hear all the time from Accounts Payable and Finance executives, "we can manage cash with checks". I contend that's a simple, basic and 'easy' solution, that in the end, truly doesn't give you LEVERAGE in your cash management. If anything, it may help you lag cash flow here and there. But it is controlling you, not the other way around with checks.

I took a poll (unofficially) at a recent trade show I attended and asked close to 50 executives about checks and check writing. Do you know what they said? The majority overwhelmingly said they would get rid of checks if they could. They don't know enough about or feel comfortable enough with the technology out there to dump all their payments cash into the latest and greatest of technology. Why? They are afraid of internet fraud. (See above stat on check fraud).

Or as a bank, they don't want to be the guinea pigs for eliminating checks as a service to their corporate clients, but the savings alone could make both the corporates and the banks significant money back into their operational accounts. Their response? "We're just not there yet - maybe in five years".

I also heard "check writing is back on the rise". Check writing had seen a pretty consistent decline since 2004. However there has only been a 1% increase in check usage since 2013 (2016 AFP Electronic Payments Survey). 51% of organizations' B2B payments continues to be made by check.

I would say this in some industries is likely true. In others, I would say "absolutely not". I heard equally from as many corporates that they are doing everything they can to be done with checks in the next 18 months to two years and are banking on same day ACH. I think you will see the majority of organizations utilize same day ACH for last-minute bill payments at first, but that's just my humble opinion.

Checks are still the number one form of fraud and is still the easiest payment method with which to fall victim.

2. Wires and BECs.

Although easy and somewhat painless to initiate wires, this payment method, perhaps surprisingly in 2015, was the 2nd most popular for fraud.

I asked some of my IT cohorts and realized that email wire fraud attacks are "pretty easy if you think about it". Um. Ok. I have NEVER thought about it so please, enlighten me.

Apparently, there is no malware to write or code or malicious links that have to be implanted. It's a text only email. There's no real science to it. So where it gets "artsy" is in the social engineering.

In a recent FBI alert in the last 15 months "Business Email Compromise attacks (BECs, for short), often CEO spoofing emails aimed at wire fraud, have increased 270%!!!!! 64% of organizations surveyed in the 2016 AFP Study were exposed to BEC scams.

From October 2013 to April 4, 2016, the FBI reported losses totalling $2.3 billion, up from $1.2 billion in 2015, in another FBI alert where they attributed organized crime groups to the increase.

3. Corporate, Commercial Credit and Debit Cards.

In the same AFP survey referenced above, 39% of respondents said their company was a victim or target of credit and debit card fraud.

Keeping cards on file, issuing out thousands, sometimes hundreds of thousands of purchasing cards to employees scattered around the globe only make these numbers seem understandable. It becomes easier and easier to hack in to a site where your card is stored and grab the number.

So what is a company to do about this? Just accept it as the cost of doing business? The new normal?

Emphatically I say no!

Let's look at a company that decided to take matters into their own hands.

One of the largest amusement parks in the country is Cedar Fair Entertainment Company (CFEC). Owner of my favorite amusement park in the whole world, Cedar Point. (Sorry Disney, you ain't got nothin' on Cedar Point).

CFEC has over 25,000 employees from 40 countries and has five employees processing payroll. They decided they were going to go paperless with their payroll. In 2012, they had 48% direct deposit and 52% check. By 2016, just four years into the program, they had 81% direct deposit AND pay cards and only 19% check.

Some of the other actions companies have taken:

1. Stop paying invoices over the phone. Without proper protocols in place, the biggest asset (data) is subject to hacking.
2. Don't pay an invoice that isn't legit. Sounds simple, right? You'd be surprised how many companies pay invoices without verifying the services rendered.
3. Update passwords/emails when there are staff changes. Notify IT as soon as their are staffing updates so access can be removed for employees no longer with your organization.
4. When you ARE a victim of fraud, REPORT IT!
5. Last but not least, look for solutions that can help as an added layer to prevent fraud in your payments.

• find payment companies that can leverage your data without the risk of fraud
• heightened card controls where authorizations can be made for certain transactions only and open and closed only for when needed.
• Consider single-use virtual card technology. Stop storing your company credit cards for repeat purchases.
• make sure your company's emails are encrypted or TLS encrypted making it harder for data to be hacked when providing payment info.

If you are responsible for anything related to finances, payments or approvals in your company, due your due diligence and make sure you are not the next victim. Control and limit/eliminate fraud in your company. Don't let fraud control you.