The COVID-19 pandemic has changed the way we do business, managed finances and transactions, and forced organisations to accelerate plans to add technology that help support the digital transformation. That fast-paced shift to support those operational changes also created the perfect environment for fraudsters to launch new and more sophisticated payments fraud schemes against corporations.
The 2021 AFP Payments Fraud & Control Survey identified the main sources of payments fraud in 2020, revealing that three out of every four organisations were impacted by business email compromise (BEC) scams. The 2019 Symantec Internet Security Threat Report showed that one out of every 412 emails contained malware – suspicious links or attachments that if clicked, allow criminals to access one’s computer systems. In addition, wire transfers and ACH credits were the most compromised payment methods.
It’s not much of a surprise that the pandemic made businesses even more vulnerable to fraud – many adopted a remote or hybrid work strategy, and increased their online presence through greater adoption of ecommerce and online banking. This new reality drove organisations’ need to consider adding enhanced cybersecurity and fraud prevention protocols to secure payments and help stay ahead of the fraudsters.
We’ll further examine the pandemic’s effect on fraud attempts, the consequences of the most common types of fraud, and offer recommendations on how to prevent payments fraud before it happens.
The pandemic’s impact on fraud
Fraudsters used the chaos and uncertainty in the business environment in 2020 to escalate fraud schemes, resulting in 74% of organisations becoming targets, according to the AFP Survey.
We’ve seen criminals using new fraud tactics to attack individuals and businesses through the use of phishing emails and fake websites offering information about COVID-19. Web domain registrations for COVID-19-related websites were up an astonishing 750% since the start of 2020.
As we look ahead, fraudsters may be motivated by their successful scams during the pandemic and the remaining uncertainty stemming from new variants. Now, more than ever, we have to help companies stay vigilant against the possibility of fraud attacks.
What happens when payments fraud is experienced
Fraud attacks impact more than just an organisation’s operation, it can also lead to potentially devastating financial losses.
When thinking about avenues to fraud, the greatest financial loss was from BEC in 2020, totalling over USD 1.8 billion. It is highly likely that this will increase in 2021 as we are seeing a significant rise in attacks across all sectors.
Combatting payments fraud
While many organisations have already implemented strategies to combat and resolve fraud once it happens, it still took 65% of companies longer than a week to discover fraud in 2020. Adopting protocols that prevent fraud before it can even happen is a critical step that can be taken.
Proper internal controls and protocols – including regular training to educate employees on the different types of potential fraud, adding an external banner to identify external messages and adopting more stringent payments protocols – will help protect companies and employees from potential BEC schemes.
Based on report data, to prevent BEC specifically, companies should deploy end-user education to identify fraudulent email attacks, policies that require additional verification for any changes to financial documents, multi-factor authentication for access to networks and payments information, and enhanced email security for external communications. The 2021 Business Leaders Outlook Pulse Survey, conducted on 7-18 June 2021 – which provides a six-month view of the current business environment from 1,375 senior executives from midsized US companies with annual revenue between USD 20 million and USD 500 million – examined executives’ sentiments of the current business environment following the challenges of the past year. It found that 79% of business leaders believe investing in employee education and training were critical strategies to mitigate cyberattacks and fraud.
Taking action, making change
Despite best efforts, criminals may find a vulnerability and payments fraud may still happen. If it does, companies can lean on cyber insurance or crime policy that might help to cover any losses resulting from BEC and other forms of fraud. 42% of company leaders reported to the Pulse Survey that cyber insurance has proven effective in preventing cybersecurity breaches and fraud.
Many companies may already be moving in the right direction towards implementing procedures to actively prevent payments fraud; however, only 60% claimed to have a fraud policy in place in 2020, per the AFP Survey. In light of the long-term effects of the pandemic, companies need to take a close look at their current controls and policies and make changes that will help protect them from fraud, now and in the future.
This editorial is part of the The Fraud Prevention in Ecommerce Report 2021/2022, the ultimate source of knowledge that delves into the evolutionary trail of the payments fraud ecosystem, revealing the most effective security methods for businesses to win the battle against bad actors.
About Sue Dean
Sue Dean is Head of Payments Solutions for Commercial Banking at J.P. Morgan. During her more than 30-year-career at J.P. Morgan, Sue has held numerous roles in the Wholesale Payments and the Investor Services businesses covering product, client service, sales, and operations.
About Alec Grant
Alec Grant is Head of Client Fraud Prevention for Commercial Banking at J.P. Morgan. For nearly two decades, he’s built and executed strategies for fraud, financial crime, and operational risk.
About J.P. Morgan
J.P. Morgan is a global leader in financial services, offering solutions to the world’s most important corporations, governments, and institutions in more than 100 countries, with one of the most comprehensive global product platforms available. J.P. Morgan has been helping clients to do business and manage their wealth for more than 200 years — a business that has been built upon our core principle of putting its clients’ interests first.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now