More companies than ever before fell victim to payments fraud last year, according to new data.
Research from the Association for Financial Professionals (AFP), outlined in its 2017 AFP Payments Fraud Survey, revealed what the AFP described as a “dramatic” increase in payments fraud hitting businesses compared to 2015.
According to the report, 75 percent of the companies hit by payments fraud fell victim to check fraud — up from 71 percent in 2015. Researchers noted that this upward trend is a reversal of earlier data that suggested check fraud within the enterprise was declining since 2010. Nearly the same amount (74 percent) said they were hit by the business email compromise scam last year — a whopping 10 percent increase compared to the year before.
“With the advancement of technology, organizations are more vulnerable to fraud attacks now than before, and business leaders need to equip their people and systems with the tools and resources needed to prevent fraud and alleviate the impact of an attack,” said AFP President and Chief Executive Jim Kaitz in a statement announcing the research. “Companies that offer mandatory training for all employees, particularly around cybersecurity, and that have a plan to respond to payments fraud will fare better than those that do not.”
Interestingly, the majority of attacks — 63 percent — came from outside the organization.
While technology can also be a friend for businesses looking to beef up their cybersecurity, researchers found that some companies are hesitant to adopt new payment methods for fear of falling victim to a scam or hack.
Researchers found that more than 70 percent of the treasury and financial professionals surveyed said they are hesitant to adopt mobile payments for their enterprises because they aren’t confident in the security of mobile payments.
But some companies aren’t adopting new technologies that could help them safeguard operations.
Separate research released this week from EiQ Networks found that less than 15 percent of IT security professionals at SMEs said they are confident that the technology deployed within their businesses today are effective and successful at detecting and responding to some kind of cyberattack — a significant drop from the report’s 2015 survey, in which 26.8 percent if IT professionals expressed confidence. According to the data, these businesses aren’t planning on investing in their security efforts, either.
“One of the most striking results [of the survey] is how little SMEs are spending on cybersecurity as compared to the overall IT budget – despite the very high risks they face daily from ransomware, phishing and zero-day attacks, just to name a few,” said EiQ Networks founder and CEO Vijay Basani in a statement. “The results also show that companies are not just underfunding cybersecurity, they are also understaffed. Without the IT security resources and expertise necessary to continually monitor, detect and respond to security incidents, SMEs are simply exposing themselves to loss of revenue, brand equity, IP and customer data on a daily basis.”
Even more data released this week from Concur and Wakefield Research found more evidence that these companies are shunning technology that may help them safeguard company data and funds. According to this report, 69 percent of businesses say they continue to use spreadsheets to track invoices and spending — a process that leads to errors, the data found.
While Wakefield Research and Concur pointed to a loss in revenue from delays in order processing or late fees, manual processes may also lead not only to lessened security, but also an inability to identify a threat if it occurs.
In a statement from Nancy McDonnell, managing director and treasury sales executive at JPMorgan, the executive pointed to the importance of businesses taking proactive measures to prevent payments fraud — and that includes investing in technologies that could help.
“With three-quarters of companies experiencing fraud in 2016, it is important that businesses take preventative measures by educating their employees and implementing the products and processes they need to prepare and protect their assets and data from cyber fraud,” she said.