The Association for Financial Professionals (AFP) came out with some scary statistics this month: B2B payments fraud is not only on the rise, but at its highest levels ever since the AFP began recording this information.
In its 2017 AFP Payments Fraud Survey, researchers noted a “dramatic” increase in corporate payments fraud compared to levels seen in 2015. Of particular note is the rise in check and wire fraud: Seventy-five percent of companies surveyed said they were hit with check fraud in 2016 (up from 71 percent in 2015), while 74 percent said they fell victim to the business email compromise (BEC) scam last year, which typically involves wire transfers (a concerning 10 percent increase from 2015 levels).
To get to the bottom of this troubling data, AFP Manager, Treasury & Payments Magnus Carlsson discussed the findings with PYMNTS. To his dismay (and to the dismay of businesses across the U.S.), much of the data offers a pessimistic outlook on how companies are at risk for payments fraud.
“We saw even more payments fraud this year than last year, and that by itself, to me, is a surprise,” Carlsson said. “The huge increase last year was so big that I didn’t think it would continue this way. Where we stand right now, we’re at the peak level of payment fraud.”
One of the largest culprits: paper checks. Carlsson noted earlier research released by the AFP for its analysis of the use of electronic payments among corporates. Last year the AFP marked an unexpected reversal in the decline of the use of checks in B2B transactions, inching up 1 percent to 51 percent last year compared to 2013 levels (that survey is conducted every three years).
With that in mind, it may not be so surprising that check fraud has increased, he said.
“I understand the numbers, because for a number of years we saw check use for B2B transactions go down, but we saw that trend was broken,” he explained. “With that in mind, it kind of makes sense that check fraud is going up — I just didn’t think it would go up this much.”
Part of the problem is that businesses are actually backing off from investments in internal controls that could prevent fraud.
“We actually see a decrease, overall, of these protective measures,” Carlsson noted, adding that daily reconciliation and other internal controls can help to combat check fraud. “That’s surprising to me — a little bit of an uncomfortable surprise.”
And while the AFP’s report did not delve into why use of anti-fraud measures for check payments was declining, Carlsson speculated that it may be because businesses are looking to offload the costs of those measures. Banks that provide these services do so at a charge, he said, so if a company decides it wants to no longer use checks, it may prematurely give up those protections even if checks remain within the enterprise.
Another issue with check use is that, at least in the U.S., there is no mandate to require a business ditch paper checks. Carlsson pointed to SEPA in Europe, which, facilitating what he described as faster, safer and more efficient payments, was initially thought to be a no-brainer for corporates. Not so, at least, not unless a business is required to get on board.
“Authorities said this system is so good, corporates will just jump onto the new payment system,” he said. “But nothing happened. Because what it comes down to is corporate have to make internal changes, and anytime you make a change to payment systems internally, it means IT resources will be needed. There’s a cost associated to it, and that cost is not small. It’s usually pretty hefty just to change these systems.”
A government mandate to adopt the new payments system in Europe has forced change in the way businesses make payments. In the U.S., that probably won’t happen, Carlsson said.
“Something like that would not happen in this country; we don’t have the power of a mandate,” he stated. In corporate payments culture, checks are not only familiar, but they’re seen as a well-working mechanism for both sides of a transaction — therefore there is no reason to invest in changing internal controls and taking on the costs of that initiative. Plus, he added, even if a buyer wants to adopt those changes, often a supplier won’t want to accept an ACH or another electronic payment form. Thus, checks stay in the enterprise — and check fraud grows.
But there are other ways the AFP found businesses are exposed to payments fraud, most notably through the BEC scam. According to Carlsson, perpetrators of this crime are becoming so sophisticated at the tactic that it’s next to impossible for someone in the accounts payable department to catch that an email they receive may not actually be from the company’s CEO, for instance.
Perhaps worse than a company’s inability to identify these scams, though, is that often businesses aren’t even aware they should be looking out for them,
“I made a presentation last year to a group of about 130 people and asked if they knew what a business email compromise scam was,” Carlsson recalled. “Only about 10 hands came up.”
“I don’t think the message is completely out there yet,” he added. So while internal controls can quite easily mitigate against BEC scams — efforts like requiring dual authentication and barring payments initiated from just an email — unless a business is educated about the threat of these scams in the first place, they cannot be combated.
“It’s education and internal controls,” said Carlsson.
Luckily, what the AFP did find is an increase in the number of companies that said they are planning to implement greater internal controls in the coming year (up to 71 percent). If that actually holds true, brighter skies could be ahead.
“I can imagine that by next January, when we collect the data for the next survey, the BEC scams will eventually see a drop,” he said. “But that’s just a prediction from me.”