Each year since 2005, AFP has conducted its Payments Fraud and Control Survey to examine the level of fraud activity at organizations via business-to-business transactions (B2B). Additionally, the survey reports on payment methods impacted by fraud and strategies and controls being implemented at organizations to combat fraud.
4
Key Insights
Underwritten by
Payments Fraud and Control Survey
Fraud on the Rise
Boom in BEC
Curbing BEC
Keeping a Close Eye on ACH
2020 AFP
Boom in Business Email Compromise (BEC)
4 Key Insights
Highlights
Webinar
Want to learn more about payments fraud and its impact?
Download AFP’s 2020 REPORT
1
2
3
Comprehensive Report
the second highest percentage on record since 2009.
Over 80% of organizations report being targets of an attempted or actual payments fraud attack,
A senior manager was on a cruise; someone hacked his email and requested a payment be sent to a new vendor. Our AP department uses a form which needs to be signed. The hacker didn't have the form, which caused our AP person to pick up the phone. She realized he was out of the office and would never have requested the payment to start with. She reported it to IT, who was able to remove the hacker before the Senior Manager returned to the office.”
Percent of Organizations that Experienced Attempted and/or Actual Payments Fraud
“
Key Insight 2
largest cause of payment fraud attacks
Business Email Compromise (BEC) was the
In 2019, most payments fraud attempts/attacks originated from BEC. This was the first year that BEC topped the list of “sources” of fraud attempts, and it is concerning how widespread this type of attack has become.
, with 61% of organizations reporting so.
61%
Key Insight 3
educating and training employees on BEC
Financial leaders at 80% of organizations are
BEC happens regularly. We have provided numerous training opportunities for employees to help them identify BEC and have implemented stringent controls for updating/adding bank details to a new/unknown supplier bank account regardless of who is requesting it. We require a supplier document, a bank document and a call back to a known phone number before any “new” payment is added with an additional 2 layers of review on the payment details.”
so the fraud is detected more efficiently.
80%
70%
65%
Controls being implemented to prevent and contain BEC include:
End-user education and training on the BEC threat and how to identify spear phishing attempts
Company policies for providing appropriate verification of any changes to existing invoices, bank deposit information and contact information
Confirming requests for transfer of funds by executing a call back to an authorized contact at the payee organization using a phone number from a system of record (not numbers listed in an email)
Key Insight 4
Thirty three percent of financial professionals report that their organizations’ payments via ACH debits were subject to fraud attempts/attacks in 2019.
ACH payment methods appear to be of interest to fraudsters.
Payment Methods that Were Targets of Attempted and/or Actual Payments Fraud in 2019
Download the Report
This year’s survey results reveal a slight increase in fraud activity for ACH credits while ACH debit fraud was unchanged.
Recently someone sent a message on WhatsApp to a manager in another country of our business pretending to be an officer stating there was an urgent need for a transfer for a highly confidential closing. The fraudster asked for a person to send the wiring instructions to Treasury. Then the fraudster pretended to be an attorney (partner) at a large law firm and provided wiring instructions to the Treasury person while copying the manager. A day after funds were transferred the manager had second thoughts and started double checking only to find out it was fraudulent.”
74%
Checks
Wire Transfers
40%
Corporate/Commecial Credit Cards
34%
ACH Debits
33%
ACH Credits
22%
Download the 2020 AFP Payments Fraud and Control Survey report
REGISTER for the Companion Webinar
Complimentary for Members
Member-Only