Safeguard Your Company From Cybercriminals Using Payments Fraud

Sharon Trapolino headshot

Sharon Trapolino

December 09, 2019

Once your company experiences fraud, you’re a target for future attacks. Explore why payments fraud is on the rise—and the steps you can take to protect your business.

Payments fraud is an increasing concern that virtually no business is immune to, and it’s occurring with a growing frequency. In fact, payment fraud reached a new high in 2018, with 82% of organizations reporting fraud incidents, according to this year’s Association for Financial Professionals (AFP) Payments Fraud & Control Survey. Moreover, in the past five years, fraud activity has increased dramatically, with a record-setting high of 20% in 2018.

“Every type of company is at risk of payments fraud, and it can take weeks or even months for them to realize they were targeted if the proper controls are not in place,” says Mike Moder, Western Alliance Bank Security and Fraud Management Director. “We see companies facing financial and non-financial impacts, from significant cost damage and clean-up efforts to exposure of confidential information and damage to their reputation.”

And once your company experiences fraud, you’re a target for future attacks including other methods. We’ll explore why payments fraud is on the rise—and the steps you can take to protect your organization.

Which organizations are most likely to be targets of payments fraud?
Both small and large organizations are at risk of payments fraud. And the risk extends across all departments—it’s not the finance team. The FBI recently reported that HR departments are becoming a prime target for cybercriminals, who try to change account numbers and attack direct deposits paid through ACH credits.

Why is payments fraud increasing?
Despite increased focus and millions spent on prevention via law enforcement, training and tech solutions, payments fraud is still on the rise for two primary reasons: Ongoing technology advancements have enabled cybercriminals to become more sophisticated and find new ways to target their victims. And with an increase in online transactions, fraudsters have more opportunities to attack an organization than ever.

Which payment methods are targeted most frequently?
Checks and wire transfers are the methods most frequently targeted for fraud. But those fraudulent activities are on the client, while there is a noticeable increase in fraudulent ACH debits and credits. ACH transactions are typically safer and more difficult to compromise, but this increase suggests that cybercriminals are evolving with the tactics they employ. In these cases, it’s usually not the payment method itself that’s being compromised but the processes leading up to payment initiation—and ACH fraud activity is frequently connected to phishing scams and business email compromise (BEC).

What steps can you take to protect your organization?
While there’s no single solution to fit all cybersecurity issues, there are internal controls to help protect your organization, including:

  • Documenting critical banking processes and approval steps for your company and not deviating from them.

  • Inspecting financial statements immediately against your internal records.

  • Segregating financial duties to prevent internal fraud.

  • Taking inventory of check supply regularly, and restricting employee access.

  • Paying vendors by ACH credits rather than allowing ACH debits to your account.

  • Verifying new supplier entries to protect accounts payable.

  • Using a single, dedicated computer for critical online banking function to avoid corruption introduced through emails or other unsecure sources. (This is a critical strategy to avoid BECs, which are a massive threat to businesses.)

  • Maintaining constant vigilance: The longer it takes to identify fraudulent activity, the lower the chances of recovery.

Still, cybercriminals are constantly getting smarter with their tactics and developing new strategies for gaining access to sensitive data. To combat this, a robust cybersecurity policy must go beyond simply identifying your company’s exposure to risks posed by hackers, scammers, malware and ransomware.

What solutions does Torrey Pines Bank offer to help safeguard your account?
Protecting your account is a top priority. We utilize authentication for login and transactions approval and entitlements that control what features a user can access, the accounts they can access and the payment limits which may be used. In addition, we have various fraud prevention solutions, such as Positive Pay, a fraud detection tool used by an estimated 88% of organizations to guard against check fraud.

Learn more about Torrey Pines Bank’s fraud protection solutions. And be sure to download our fraud prevention checklist for a comprehensive list of strategies for keeping your organization safe.

About Us

Torrey Pines Bank

Torrey Pines Bank, the Southern California division of Western Alliance Bank, Member FDIC, delivers relationship banking that puts clients at the center of everything. Founded in 2003, Torrey Pines Bank offers a full spectrum of tailored business banking solutions and outstanding service, with offices throughout San Diego, Los Angeles and Orange County. As part of $65 billion Western Alliance Bancorporation — ranked #1 top-performing large bank with assets greater than $50 billion in 2021 by both American Banker and Bank Director — Torrey Pines Bank has the reach, resources and local market expertise that make a difference for customers.