With plenty on your plate right now, and against a backdrop of volatility and uncertainty in the business environment, you may not want to hear about a growing risk. But payment fraud is on the rise, so we’ve pulled together some statistics to help you decide how serious the risk might be for your company. And, while you’re focused on it, you may want to consider the strong control and improved visibility of a spend management platform as a risk mitigation strategy to protect your company from payment fraud.
Fraud statistics reveal the cost.
The latest fraud numbers are alarming and show the real risks in the post-COVID world. Because of the sudden shift to remote work, it has become more difficult to verify payments and transactions. Not surprisingly, fraudsters are quick to capitalize on reduced visibility and control. Consider these findings from a recent PYMNTS study:
- 98% of B2B businesses said they’d had a fraud attack in 2021.
- Those businesses lost an average of 3.5% of their sales revenue.
- Businesses that responded to fraud attempts after they occurred with manual fixes lost 4.5% of their annual revenue.
- 47% of businesses said fraud concerns have had a large impact on their ability to expand operations since 2020.
Vendor fraud risks.
A study by PwC found that 20% of external fraud is vendor fraud, in which a vendor, supplier, or someone posing as one obtains funds illicitly. Without adequate oversight, vendors have plenty of opportunities. Common schemes include sending duplicate or incorrect invoices and setting up fraudulent vendor accounts. Even companies like Facebook and Google have been bilked out of millions of dollars through these kinds of scams. One cybercriminal obtained $100 million from the two companies before he was caught.
Preventing vendor fraud relies on organized, secure vendor records, and full visibility into all vendor activity, including all previous transactions with the vendor, payment records, and open bills that have yet to be paid. Airbase employs state-of-the-art fraud prevention systems that monitor any changes to vendor information and detect suspicious vendor payment details.
Payment type risks.
Checks are the most vulnerable payment method — the 2022 AFP Payments Fraud and Control Survey found that 66% of surveyed businesses experienced fraudulent activity related to checks.
One contributor is a rise in something called check washing, in which the payee’s name is “washed” out with common cleaning products and replaced with another name. It can be hard to detect this kind of fraud because the amounts are the same and only the recipient has changed.
But electronic transactions are not immune. Digital payment methods are also vulnerable to push payment fraud, which has also increased in recent years. Push payment fraud happens when fraudsters trick someone into sending payment into a bank account they control. Criminals often use social engineering techniques to build trust. For example, someone pretending to be the CEO might text a request for funds in an “emergency.”
This kind of phishing attempt from someone claiming to be your vendor is a growing threat. When this happens, people with a close relationship with a vendor, or rogue employees within the vendor, may be aware of your relationship, payment schedule, and payment terms. They capitalize on this knowledge by requesting that remittance details be changed to a bank account that’s under their control. Always verify sensitive remittance detail changes with multiple parties at your vendor. Having vendors confirm they’ve received payment and providing receipts is a good practice.
Staying on top of fraud can feel like a Sisyphean task: it’s hard to keep up since fraudsters are always one step ahead. Being proactive and setting up payment processes that enable visibility reduces the risk.
The benefits of software-enabled cards in fraud prevention.
Software-enabled physical cards and virtual cards have built-in fraud controls, including the ability to:
- Limit the dollar amount and the expiry date.
- Limit the card use to a single transaction.
- Lock the card in the unlikely event one is compromised.
- Securely share card details instead of sending them through Slack or email.
Airbase immediately notifies card owners if a fraudulent transaction is suspected. The owner can respond that the charge is legitimate and the transaction will go through on the next attempt.
If a card is compromised and must be canceled, having vendor-specific cards also saves time and headaches. Instead of changing payment details for all recurring transactions, only one card needs to be canceled and replaced.
Are AP teams adequately prepared?
Having visibility into all spend helps prevent unauthorized transactions, but many AP teams struggle to obtain company-wide visibility. The Spendlightenment Survey of Finance Professionals found that 54% of survey respondents have no visibility into spend until after it has occurred. That greatly increases the risk of a fraudulent payment request getting through unnoticed.
The necessary visibility relies on:
- An upfront approval process to make sure that every transaction — whether it’s a card purchase, a bill payment, or a purchase order — has been approved by the correct people. Then, unauthorized transactions can’t slip through the cracks unnoticed.
- A single platform for all payment methods. When bills are paid through multiple payment methods on multiple platforms, it’s easier to miss a duplicate, possibly fraudulent transaction, especially if the payments aren’t synced to the general ledger until month-end.
- A full audit trail. When an invoice arrives without any context, it can be difficult to determine if it’s legitimate. A transaction record should contain all relevant information, including any pertinent email chains.
- A purchase order process when needed. A purchase order adds extra control. When an invoice can be matched with a purchase order, bill payers can rest assured everything is correct on the invoice and that the transaction has been approved.
The Airbase spend management platform was designed to minimize the risk of fraudulent transactions. Airbase is also SOC 2 Type II and SOC 1 Type I compliant, which reflects our commitment to protecting our customers’ and vendors’ security and privacy. The Airbase Risk Management team forecasts potential risks, including the risk of fraud, and develops strategies for prevention.
Learn more about Airbase’s control and visibility — schedule a demo with us!
Senior Manager, Risk, at Airbase