Payments fraud is one of the biggest challenges businesses face today, as criminals employ increasingly sophisticated schemes to steal funds. According to the 2023 AFP Payments Fraud and Control Survey Report, 65% of organizations were exposed to payments fraud in 2022, with 71% of those being the targets of business email compromise (BEC) fraud.[1] In 2022 alone, companies reported $2.7 billion in BEC fraud losses.[2]
Three Common Payments Fraud Schemes
For most businesses, the threat of payments fraud currently originates through three primary schemes:
- Email Compromise – BEC, or imposter fraud, is perhaps the most common form of fraud that businesses may experience. In these attempts, criminals initiate fraudulent requests for payments or changes to payment instructions from email accounts that appear to be from a trusted entity. These email requests may purport to come from someone within the company, such as an executive or employee, or a known external partner, such as a supplier. In some cases, the legitimate email account has been compromised, making the request seem authentic.
It’s critical that businesses recognize the characteristics of a fraudulent payment request to avoid initiating a payment to a criminal recipient. While financial institutions may have measures in place to assist if an email compromise attempt should occur, a more effective way of combatting the scheme is to prevent the fraudulent activity from occurring in the first place.
- Account Takeover – Account takeover is another type of payments fraud that can affect businesses. In this scheme, criminals steal or compromise an employee’s login credentials for a company’s online banking service(s). This allows the fraudsters to access account information, payment services, and even administrative functions, through which they can initiate fraudulent payments and tamper with access permissions for other company users.
- Ransomware – While somewhat different from email compromise or account takeover in terms of directly affecting payment transactions, ransomware can be extremely harmful to businesses. Ransomware is malware that encrypts files within a system or device, making data inaccessible until the users pay a ransom. As a result, companies may lose the ability to carry out business transactions until their access has been restored.
Preventing Payments Fraud: What Businesses Should Do
“Businesses cannot afford to be complacent in the face of these increasingly sophisticated threats,” said Howard Forman, head of Digital Channels for PNC Treasury Management. “They need to take initiative to stay on the alert.” Avoiding exposure to payments fraud comes down to vigilance and education, according to Forman.
- Businesses should be wary of any emails or phone calls that request a change to payment information or access to banking credentials. If they receive one, they should call a known individual at a trusted phone number to verify if the request is legitimate before taking any action. Never use the email address or the contact information provided in an email request to validate the request.
- Educating employees on the latest fraud schemes and good cyber hygiene is critical. As criminals leverage emerging technology to develop new scams, it’s important for businesses to remain up to date on not only the types of threats that are currently in common use, but also new and evolving forms of payments fraud.
- More information about payments fraud schemes and the actions businesses can take to protect against them is available in the PNC Cybersecurity Resource Guide.
“PNC is committed to helping protect our clients against the threat of payments fraud. We have a robust range of solutions in place, including Account Verification Services, Positive Pay, multifactor authentication into applications, PINACLE® alerts and notifications, and more,” said Forman. “However, it’s important to remember that each business is their own first line of defense in protecting against payments fraud. Staying educated so they can identify and prevent attempts before any fraudulent activity has occurred is the best protection.”
Ready to Help
If you suspect or experience fraudulent activity, please contact PNC’s Treasury Management Client Care immediately at 1-800-669-1518, Option 1.
If you would like to learn more about protecting yourself from payments fraud, reach out to your PNC Relationship Manager or Treasury Management Officer, or contact us.