On top of being a cumbersome payment vehicle, the paper check continues to pose a major risk to corporate coffers. Fraud is on the rise, from both within and outside of the organization, and bad actors continue to take advantage of the paper check’s lack of security, particularly in a work-from-home environment.
Even before the pandemic hit the U.S., researchers found in January that successful check fraud makes up 47 percent of overall fraud losses for banks, surpassing volumes related to fraudulent debit card transactions. With organizations managing their payment workflows through remote staff, the growth of this threat has only accelerated.
It’s one of the many reasons why chief financial officers and treasurers should continue to drive their firms toward electronic B2B payments, according to OnPay Solutions President and CEO Neal Anderson. Yet, as he recently told Karen Webster, migrating away from paper checks isn’t enough to fully protect the enterprise.
A Rising Risk From Home
According to Anderson, while CFOs and corporate treasurers have always been concerned about B2B payments fraud infiltrating their accounts receivable (AR) and accounts payable (AP) operations, that risk is more inflated today than ever.
“Now, all of a sudden, you have thousands and thousands of employees having access to your network in a remote environment,” he said. “The risk just multiplies. From our perspective, we’ve not only seen the concern for fraud multiply, but also the opportunities for fraud.”
That’s particularly true with paper checks, as AP professionals, in some cases, were forced to physically migrate check-printing machines to their homes to continue paying suppliers remotely. That presents a much broader opportunity for bad apples to act on a temptation to steal company cash.
But Anderson warned that it’s not only internal employees driving up the B2B payments fraud threat. And, he added, it’s not only the paper check that’s causing CFOs grief.
Beyond ePayments Adoption
Fraud occurs in many forms beyond paper checks – and electronic payments, of course, are not immune to the risk. Among the biggest threats is business email compromise (BEC), a strategy among cybercriminals in which legitimate employees’ emails are spoofed to redirect supplier payments into a fraudulent bank account. Those criminals are growing more sophisticated, with the ability to access email servers and create misleading email addresses in near-real time.
It’s a strategy Anderson described as a sort of hybrid between consumer and business identity theft. He noted that it’s particularly effective in a work-from-home environment, thanks to the sudden disappearance of internal measures that would have otherwise addressed the problem.
For instance, an AP professional who receives a seemingly legitimate email from the CFO to change payment details would normally be able to walk down the hall to simply verify the request. Today, confirming those details takes a bit more effort.
“We hear story after story of folks moving money without taking the time to validate it,” said Anderson. “For CFOs who are listening, I encourage them to make sure everybody on the team knows there is a multi-tier process for authenticating those payment requests.”
That multi-level authentication process isn’t only for wires and ACH transactions, either. It should also be in place for invoices received from vendors who are not yet on a master vendor list. Such cases are “big red flags” that must be looked into before any payment is made, Anderson warned.
It’s Not ‘If,’ But ‘When’
One of the most effective ways to combat B2B payments fraud is to migrate away from paper checks. But, as Anderson noted, eliminating paper doesn’t necessarily mean the threat disappears.
Though it’s only one component of the battle against B2B payments fraud, ePayments adoption can be particularly valuable if CFOs are tactful about which electronic payment methods they choose. Anderson highlighted the opportunity for single-use virtual cards, for example, to automate much of the fraud mitigation effort, as the technology is able to facilitate payment for only one invoice or transaction amount.
Developing internal controls is vital to mitigating risks like BEC and invoice redirect scams. Anderson describes these authentication measures as often “the last step in the chain to stop fraud,” and says organizations must develop these controls to function in a remote working environment.
Training employees to identify red flags, like requests to change bank account details, is another important step, while Anderson also pointed to supplier onboarding processes that can prevent theft from the onset.
Perhaps most important is for professionals to be educated about the risks and to be on guard. “Everybody needs to be suspicious,” said Anderson. “Everybody should worry that this activity is happening. If it hasn’t happened to you, it will. It’s only a matter of time.”