We know, we know: you’re probably tired of thinking about fraud - but it isn’t going anywhere. After a dip in payment-related fraud from 2009 to 2013, it’s been steadily on the rise. JP Morgan’s 2017 Payments Fraud and Control Survey reported the following alarming statistics:
- Three-quarters of respondents reported check fraud in 2016.
- Nearly three-quarters were subject to business email compromise (BEC).
- Increased fraud attempts occurred for almost 50 percent of respondents.
Businesses everywhere must tighten the reins to protect their own customers, but sometimes they forget about themselves. Accounts payable (A/P) departments are exposed to risk every day, as they attempt to process payment for legitimate (and fraudulent) invoices. So what can A/P do to protect itself from this looming threat?
Here are our 4 recommended process changes to fend off payments fraud:
Role separation takes the accounts payable workflow from a sole employee and splits the process amongst two or more employees. One A/P employee might be responsible for receiving, entering, and processing invoices. Once those invoices are ready for payment, a second employee can be notified that invoices need approval. The second employee can verify required inputs, and push back the invoice for further review if anything doesn’t match.
Payment account tokenization takes confidential credit card or account numbers and replaces them with random tokens with limited availability. Think of it as a way to use a new credit card number for each individual transaction. The original number is hidden to reduce the likelihood of it being stolen, and the tokenization provider can disable the service if a breach occurs.
Dual-factor authentication for businesses works much like consumer dual-factor authentication. Those requesting payment (whether would-be fraudsters or legitimate entities) are required to enter additional information to validate them. Details can include the business address, phone number, purchase order (PO) number, destination account number, or any other details that would confirm or deny the payee’s request.
Positive pay approach provides an extra level of verification for businesses that still use checks. (And yes, there are still plenty of companies that rely on checks for payment.) The participating business will create a list of all the checks issued for a given timeframe, including data like the check number, dollar amount, and/or payee name. The issuing bank will then take that list and compare each check to the list, and flag any that don’t match for review.
A/P groups need automated processes to defend against payments fraud.
Fraudulent entities are attempting to infiltrate businesses from so many different angles today - it’s hard to keep up! By applying some extra controls to existing workflows, A/P departments can catch deceptive inquiries before they obtain precious dollars.