Businesses can mitigate serious and evolving payment fraud risks through awareness, education and vigilance — and by taking advantage of fraud-protection solutions offered by banks.

In the most recent Association for Financial Professionals (AFP) Payments Fraud and Control Survey, nearly 8 out of 10 organizations reported fraud attempts. “It’s a very challenging environment right now,” says Jamie Parker, director of fraud monitoring and analytics at Cadence Bank.

The Fraud Landscape

Check fraud continues to be the payment method most targeted by fraudsters, AFP says. In particular, mail theft-related check fraud is on the rise, according to federal authorities. The fraudsters either alter the stolen checks — for instance, change the payee name — or create authentic-looking counterfeit checks using information gleaned from stolen items. The criminals then cash the fraudulent checks or deposit them into accounts they control.

Maybe even more alarming, because of the larger dollars often involved, is the persistent threat of electronic payments fraud perpetrated through social engineering. Scams targeting ACH and wire transfer payments typically rely on psychological manipulation and impersonation to trick accounts payable (AP) or other staff with payment-initiation authority.

"We’re seeing a massive amount of impersonation fraud. Customers are being contacted by fraudsters, often purporting to be one of our bankers reporting a problem with an account and asking for their online banking log-in credentials — something we never do at Cadence Bank.”

Jamie Parker, Director of Fraud Monitoring and Analytics at Cadence Bank

Such phone calls are known as voice phishing or “vishing.” When staff members at a business get fooled and give up their credentials, these calls can lead to fraudulent transactions.

Another rampant form of payment fraud that uses social engineering techniques such as impersonation is business email compromise (BEC). In BEC fraud, a fraudster might send an AP staff member an email purporting to be from a senior company executive such as the CEO or CFO and ordering the recipient to send an ACH or wire transfer to an account controlled by the bad actor. In another variation, the fraudster pretends to be a trusted vendor contact and asks the recipient to send the company’s next trade payment to a different bank account number.

In AFP’s most recent survey, 63% of respondents reported attempted BEC attacks.

New: AI-Powered Phishing, Deepfake Scams

Fraudsters are continually harnessing technology to both improve existing scams and develop new ones.

What makes BEC work is the fraudster’s ability to convincingly impersonate a trusted person and deceive someone at your business who is authorized to send payments. Artificial intelligence (AI) can support those malicious efforts.

AI systems can be trained to generate text that mimics the style, tone and language patterns of a particular person. This could include generating emails that read like something written by one of your company’s top executives or managers.

AI can also enable fraudsters to mimic the voice of one of those executives in a phone call. In some cases, the call with the familiar voice of authority comes on the heels of a BEC email as a way of legitimizing the fraudulent request.

Defending Against Check Fraud

The most effective strategy for preventing check fraud is to adopt Check Positive Pay with a payee match feature.

Here's how standard Check Positive Pay works for Cadence Bank clients: Via the Commercial Online Banking Portal, you send us a daily file of checks issued with check numbers and amounts. We review checks as they are presented and report back to you — via SMS alerts or email notifications — any checks that don’t have a perfect match in your issue file. Users can manage, view and decision Check Positive Pay transactions from their desktop or from a cellphone using the Cadence Treasury Mobile app.

If you adopt the payee match feature — which we highly recommend — you include payee information in your check issuance file, and the bank matches that information against each presented check. “Payee match is vital protection, since many fraudsters will steal a check and alter the payee name but not the amount,” explains Tara Childress, senior product manager, fraud and liquidity solutions, at Cadence. “Without payee match, some fraudulent checks can go undetected.”

Another bank solution that reduces check fraud risk: Integrated Payables. With this service, you outsource check printing and mailing to Cadence, reducing risk because you no longer must store and secure blank check stock on premises. Additionally, Integrated Payables users automatically receive Positive Pay exceptions through their online portal for daily decisioning.

Protecting Electronic Payments

Safeguarding your business against business email compromise and other forms of impersonation fraud is largely a matter of awareness, education and vigilance, says Brandy Moore, Cadence senior vice president and treasury management product director.

"It’s making sure your employees are aware of the various types of scams and that they remain on constant alert for fraud attacks."

Brandy Moore, SVP and Treasury Management Product Director at Cadence Bank

Sometimes, it’s as simple as training employees to ask questions about unusual phone calls or emails. A lot of BEC fraud could be stymied if AP staff, when receiving out-of-the-ordinary payment instructions, would simply make a phone call using a trusted number and confirm the instructions.

“Similarly, if someone who says they’re from the bank calls you asking for log-in information, hang up the phone and call the bank back using the phone number you ordinarily use for treasury management support,” Moore advises.

Treasury managers should also work with their bank to institute dual control for ACH and wire transfer initiations through online and mobile banking, and establish limits for individual users, Moore suggests.

Finally, she counsels companies to use ACH Positive Pay. This bank service allows you to set the rules for which ACH debit transactions you want the bank to block, and which exception items the bank should refer to you for a pay or return decision.

Cadence Bank ACH Positive Pay allows you to automatically approve small or regular recurring transactions but review transactions that fall outside parameters you establish. You can view and process exception items, set up custom filters and view your transactions in the Commercial Online Banking Portal or the Cadence Treasury Mobile app.

A Fraud Prevention Partnership

At Cadence, we view payments fraud risk mitigation as a joint effort. Both we and our clients have a part to play in thwarting fraudsters.

“We are always looking to work with clients to educate them about best practices and our solutions, like Check Positive Pay with payee match, and ACH Positive Pay, that can help safeguard their accounts,” Moore says. “At the same time, our clients play a critical role when it comes to training their employees to be alert and question unusual payment instructions and information requests.”

Access the “Protecting Your Business from Cyber Fraud” page on our website for more best practices tips for preventing payment fraud.

This article is provided as a free service to you and is for general informational purposes only. Cadence Bank makes no representations or warranties as to the accuracy, completeness or timeliness of the content in the article. The article is not intended to provide legal, accounting or tax advice and should not be relied upon for such purposes.