Presented by Wells Fargo

Payment fraud is growing at a record pace. It only takes one incident for a company to be compromised. In 2020, 74% of organizations faced attempted or actual payments fraud, according to an Association for Financial Professionals (AFP) survey. Companies of all sizes are at risk. What can your company do to reduce exposure to cyber payments fraud?

Are your payments a target for fraud?

In 2020, AFP reported that 66% of companies experienced fraud through payment by check. Wire transfers made up 39% of the attacks, with ACH debits accounting for 34%. Corporate/commercial cards (24%) and ACH credits (19%) follow closely behind. Sophisticated fraudsters with time and patience can cause significant losses, by attempting to appear legitimate and attacking during vulnerable organization transitions.

Your first line of offense is to understand the risks. There are two key fraud threats that can affect organizations using digital channels to conduct business, identified by the AFP.

Business Email Compromise (BEC) Fraud 

A fraudster impersonates a vendor, company executive, or another trusted trading partner —— ultimately tricking you into making the payment to them. According to the AFP’s 2021 survey, BEC fraudsters successfully targeted 76% of the impacted organizations in 2020, up from 64% in 2015. Accounts payable departments proved the most vulnerable part of the organizations, targeted 61% of the time.  According to the 2020 FBI Crime Report, adjusted BEC losses totaled $1.8 billion, when an average loss of $93,000.

Enhance or create processes to further protect your company against BEC fraud. The Federal Bureau of Investigations advises:

  • Verify requests for a payment or transfer of funds by obtaining verbal confirmation using the contact information on file when requests contain red flags
  • Confirm requests for wire transfers or payments using a dual control  process allowing a second chance to identify and prevent potential fraud
  • Pay attention to details when making system account changes and confirm recent account changes before approving payments
  • Keep software systems up to date and use a good anti-virus program
  • Reconcile bank accounts daily
  • Promote employee security awareness to safeguard email accounts and login credentials
  • Implement dual custody protocols, requiring two users, on different devices, to initiate and approve online payments, payment instruction changes, and administrative changes
  • Verify payment changes with requestors before initiating requests and notate changes made (approvers should be able to verify both the payment and payment instructions)

Online Account Takeover (ATO)

Thieves gain access to make unauthorized transactions including funds transfers, creating and adding fake employees to payroll, and stealing sensitive customer information. The criminal typically leverages social engineering and malware to steal confidential information to access online accounts. According to (2021) social engineering, commonly known as phishing, are schemes aimed at tricking you into providing sensitive information to scammers. With malware, attackers install malicious software surreptitiously on computers without consent to gain access to accounts and send unauthorized payments or the malware attack will block you from files, systems or networks until you pay a ransom in a ransomware attack.

According to the Federal Trade Commission, best practices that help protect against ATO fraud include:

  • Do not share online banking credentials
  • Do not click on links or download programs or attachments in emails or text messages, unless they are from a trusted sender
  • Be wary of unsolicited phone calls or text messages concerning unreported system issues
  • Use notification and alert services to receive text or email notifications regarding electronic debits from your accounts

Remember, one size does not fit all when it comes to fraud prevention. Integrate security measures, reflecting your organization’s priorities, into processes. Create an actionable response plan in case of a fraud attack. Don’t forget to educate your vendors and trading partners —— they are targets too. Simple process enhancements can be the most powerful safeguards against cyber fraud.

Visit the Treasury Insights website for information on fraud protection, cash positioning and forecasting, managing payments, and more.

Jenifer Waite is a Market Leader for the Wells Fargo Treasury Management group in the Great Lakes. She has more than 30 years of experience serving the treasury needs of Wells Fargo business customers. Email her at

Opinions expressed in this article are general and not intended to provide specific advice or recommendations for any individual or association. Contact your banker, attorney, accountant, or tax advisor with regard to your individual situation. The author’s opinions do not necessarily reflect those of Wells Fargo Equipment Finance or any other Wells Fargo entity.

Visit the Treasury Insights website for information on fraud protection, cash positioning and forecasting, managing payments, and more.