617 Treasury and Finance Participants
Presented in Acts
2019 AFP Payments Fraud and Control Survey
a financial loss as a result of BEC
of organizations have been subject to attempted or actual
Business Email Compromise (BEC)
Everything appears to be normal at the office but, nothing could be further from the truth.
received emails from fraudsters pretending
to be senior executives
81% of organizations report
, directing employees
to transfer funds to fraudsters’ accounts.
Did you hear that 54% of organizations in 2018 incurred ?
impersonate vendors requesting
payment of actual invoices
I heard that in 44% of emails that fraudsters send,
they are trying to
to fraudster accounts.
Controls are put in place.
65% of organizations reconcile accounts daily to identify unauthorized ACH debits. We’ll start there. Then we can block all ACH debits except on a single account set up with ACH debit filter/ACH positive pay.
Positive Pay. 88% of organizations are relying on it, so we will too.
How will we combat and control check fraud?
What should we
do about Business Email Compromise?
The employees won’t take fraud lightly. They jump at the opportunity to protect themselves and their organizations.
We’ll prohibit payments initiation based on emails like 76% of other organizations. And we’ll adopt two factor authentication or another security layer like 65% of organizations do.
How will we mitigate ACH Fraud?
“We receive many phishing emails and calls. Training employees and creating awareness is key. IT has also deployed online mandatory security training, which includes module on scams, phishing emails and fraud prevention.”
“Key supplier email system was hacked. Valid communication relating to a payment forwarded to us with instruction to pay a new (but fraudulent) bank account (e.g. on letterhead and signature appearing to be the CEO's etc.). We verified the change with a known contact and payment was not made.”
“Phishing emails directed at our company's team responsible for the review and approval of all company-generated payments. Email purportedly from our CEO, asking to set up payment to an account listed in email.”
What the Critics Professionals Are Saying