CEO® Sign On 
Payments fraud remained high in 2020, with 74% of organizations experiencing attempted or actual fraud, according to the 2021 AFP® Payments Fraud and Control Survey Report. This high percentage underscores that payments fraud is a perpetual threat to organizations. No company, large or small, is immune to payments fraud attacks.
As fraudsters persist with their attacks, organizations must continue to take protective measures.
No organization is immune
78% of large companies, with annual revenue of at least $1 billion, and 67% of smaller enterprises, with revenue under $1 billion, reported an incident of attempted or actual payments fraud in 2020.
Financial professionals reported that 52% of the time a perpetrator outside of their organization originated the attack. Other sources of origination, including third parties such as vendors and business trading partners, decreased to 19% of all attacks, down seven percentage points from the prior year.
Evolving tactics seek to outsmart vigilant organizations
The threat continues to evolve, as perpetrators look to circumvent safeguards, find novel ways to penetrate organizations, avoid raising red flags, and evade detection. Based on the finding in the report, it’s clear that no payment method is safe.
More organizations suffered payment fraud attempts from business email compromise (BEC) attacks than any other method in 2020. In BEC attacks, fraudsters attempt to deceive employees into making payments by sending phishing emails that impersonate company executives, vendors, or other trusted sources.
Wires were the primary focus of BEC fraud attempts, followed by ACH credits. Thirty-four percent of organizations experienced financial losses as a result of BEC, with the added exposure of personal and confidential information and the associated risk of reputational damage.
Checks and wire transfers remained the payment methods of choice for fraud in 2020 (66% and 39%, respectively). However, the level of payments fraud via ACH (34% ACH debits, 19% ACH credits) continues to increase as fraudsters switch their focus from checks and wires to payment methods previously not deemed high risk in an attempt to evade detection.
Awareness and training are essential to help protect against attacks
The vast majority of financial professionals believe that educating employees on the threat of BEC fraud and how to identify spear phishing are critical to help minimize the risk of BEC attacks.
Efforts to thwart fraudsters reported by survey participants include:
- Stronger internal controls that forbid payment initiation based on emails or other messaging systems deemed less secure.
- Verification for changes to existing invoices, bank deposit information and contact information.
- Two-factor authentication for accessing corporate networks and payments initiation.
- Daily reconciliation to protect against attacks on security credentials.
- Use of ACH debit blocks on all accounts, or use of ACH debit blocks except on a single account established with ACH debit filter/ACH Positive Pay.
Despite companies implementing greater controls, the rate of fraud attempts/attacks remains high. That rates have not declined more is likely because the nature of the threat continues to evolve and is becoming more difficult to detect. For example, fraudsters increasingly are targeting employees in multiple departments across an organization and are focusing on lower-profile payments, such as ACH payments. This accentuates the imperative of ongoing efforts to raise organizational awareness and continually invest in and evolve training and controls to keep ahead of the fraudsters.
Given that payments fraud is unlikely to decrease anytime soon, complacency is not an option. It is important that companies take the necessary precautions to make it as difficult as possible for criminals to succeed.
For more information about payments fraud and how to safeguard your business, contact your Wells Fargo representative.
More topics
