2019 AFP Payments Fraud and Control Survey
617 Treasury and Finance Participants
Presented in Acts
I heard that in 44% of emails that fraudsters send,
they are trying to
to fraudster accounts.
Did you hear that 54% of organizations in 2018 incurred ?
81% of organizations report
, directing employees
to transfer funds to fraudsters’ accounts.
impersonate vendors requesting
payment of actual invoices
received emails from fraudsters pretending
to be senior executives
Everything appears to be normal at the office but, nothing could be further from the truth.
a financial loss as a result of BEC
of organizations have been subject to attempted or actual
Business Email Compromise (BEC)
How will we combat and control check fraud?
What should we
do about Business Email Compromise?
How will we mitigate ACH Fraud?
Controls are put in place.
The employees won’t take fraud lightly. They jump at the opportunity to protect themselves and their organizations.
65% of organizations reconcile accounts daily to identify unauthorized ACH debits. We’ll start there. Then we can block all ACH debits except on a single account set up with ACH debit filter/ACH positive pay.
We’ll prohibit payments initiation based on emails like 76% of other organizations. And we’ll adopt two factor authentication or another security layer like 65% of organizations do.
Positive Pay. 88% of organizations are relying on it, so we will too.
“Key supplier email system was hacked. Valid communication relating to a payment forwarded to us with instruction to pay a new (but fraudulent) bank account (e.g. on letterhead and signature appearing to be the CEO's etc.). We verified the change with a known contact and payment was not made.”
What the Critics Professionals Are Saying
“We receive many phishing emails and calls. Training employees and creating awareness is key. IT has also deployed online mandatory security training, which includes module on scams, phishing emails and fraud prevention.”
“Phishing emails directed at our company's team responsible for the review and approval of all company-generated payments. Email purportedly from our CEO, asking to set up payment to an account listed in email.”