The global cost of payment fraud
It is estimated that online payment fraud cost the global business economy over 16 billion pounds in 2021. With the shift from physical to digital as a result of the COVID-19 pandemic businesses have been placed in a more vulnerable position when it comes
to being a target of online scams, fraud and cyber attacks.
Defining payment fraud
While payment fraud is not a new phenomenon, in a growing technical world, criminals have changed the way in which their crimes are committed. There are two main types of payment fraud that businesses should be aware of, especially smaller businesses as
they are more commonly targeted. These forms of fraud can be differentiated by the types of victims they produce, type 1 produces direct victims: Identity fraud, hacking and data attacks; and type 2 produces indirect victims: Banks, states and/or systems such
as money laundering.
Businesses providing payment services should be extremely vigilant during the onboarding of new customers and collect continuous data to monitor behaviours, flagging and blocking any indiscrepancies such as geographical locations or frequency of payment
Payments can be broken down into three steps: 1) Validating the source requesting the payment, 2) Validating the payment requisition and 3) Validating the transaction. The steps which pose the greatest risk for breakdown, are steps 2 and 3. This is where
invoice fraud is most common as criminals intercept these stages and abuse the Authorised Push Payment (APP) function, prompting customers to initiate payments in good faith.
Protecting against payment fraud
There are a number of things businesses can do to protect themselves from invoice fraud and other payment scams. A strong focus on employing a fraud team that is technical and managerial will ensure the entirety of the process is protected. For smaller businesses
this may mean outsourcing a comprehensive specialised fraud team. There should be solutions in response to every flag raised. This involves a catalogue of actions to combat specific problems based on informed decisions made from accurate data.
Teams should also strongly consider implementing anti-fraud mechanisms and security solutions that allow them to use data to score transactions and flag potentially suspicious payments. It’s usually when payments are at the process stage that such anti-fraud
mechanisms step in and block or intercept the fraudulent request.
Furthermore, I would always recommend storing company and client data in the cloud, providing an externalised embedded layer of security which reduces risk of data loss. Old archives are much more susceptible to leakage leaving customers, suppliers, and
other stakeholders data at a greater risk.