/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

One in five Canadian businesses experienced payment fraud in the past six months

Canadian businesses have a higher rate of payment fraud (20 per cent) compared to Canadian consumers (13 per cent), reveals new Payments Canada study.

Be the first to comment

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Key study findings:

Around one in seven businesses (15 per cent) lost money from payment fraud in the last six months.
Impersonator fraud represented 25 per cent of payment fraud experienced by businesses.
71 per cent of businesses were partially or fully reimbursed by their financial institution for lost money from fraud.
39 per cent of businesses store passwords on personal devices creating security risks.
45 per cent noticed an increase in fraudulent or suspicious activity directed through email.
65 per cent would be willing to take extra steps for online transactions if it meant they were better protected.

OTTAWA, September 9, 2024 - A new study from Payments Canada reveals that Canadian businesses have a higher rate of payment fraud compared to Canadian consumers at 20 per cent versus 13 per cent, respectively, although the types of fraud were similar for both segments. Impersonator fraud, originating from a phone call, message or email that appears to be from a trusted business source (25 per cent), intercepted business e-Transfers (22 per cent) and credit card fraud (20 per cent) were the most common types of fraud. The amount lost was $3,000 or less for the majority of these businesses (63 per cent). The rate of payment fraud remained consistent from 2023 at 19 per cent, despite 63 per cent of businesses who report that they feel confident in knowing how to protect themselves against payment fraud and cybercrime, and 61 per cent who said they are more aware of how to recognize potential threats.

“Addressing fraud risks is a central focus for the payment ecosystem. It requires a multifaceted approach that leverages technology, system innovations, evolving regulations and education through continued industry collaboration,” said Donna Kinoshita, Chief Payments Officer at Payments Canada. “Looking to the future, biometrics, multi-factor authentication, confirmation of payee systems, AI learning for fraud detection, centralized fraud systems, in addition to enhanced reporting and data sharing, are just some of the cross-industry innovations and initiatives that will play a role in helping protect Canadian businesses and consumers.”

Larger commercial businesses report a higher rate of payment fraud than small businesses. The study reveals that while businesses of all sizes are vulnerable to payment fraud scams, larger-scale commercial businesses experienced the highest rate of fraud at 26 per cent, compared to large (23 per cent) and small (16 per cent) businesses.

While impersonator fraud was most common, businesses experienced a diverse mix of fraud scams. The most common type of payment fraud is an impersonator making contact by either email, phone, call, text or social media to request money (25 per cent). Other types of payment fraud included:

Someone intercepted a business’ e-Transfer (sending or receiving) to deposit the money into a different bank account (22 per cent).
Fraudulent charges on their bank or credit cards (20 per cent).
Purchase made from stolen credit card information (19 per cent).
Purchase made from stolen debit card information (18 per cent).
Payment made by a fraudulent cheque (15 per cent).
Purchase made from a fraudulent website (15 per cent).

Nearly half (45 per cent) of businesses have noticed an increase in fraudulent, cybercrime or suspicious activity directed at them through email over the last 12 months. Businesses also noticed an increase in activity directed at them via their smartphone (42 per cent), social media platforms (39 per cent) and retail merchant sites, including e-commerce sites or apps (34 per cent).

Businesses are taking steps to protect themselves. Close to seven in 10 businesses (69 per cent) indicate that they usually limit the amount of sensitive information about the business they share online and only provide it when required. Over two-thirds of businesses (67 per cent) make the effort to check the safety of an e-commerce site and go with trusted sites only when buying online. Sixty-five percent of businesses enable two-step authentication for accessing their accounts whenever it is available.

The majority of businesses practice fraud prevention measures, but there is room for improvement, including better password management. Overall, 39 per cent of small and medium enterprises (SMEs) and 41 per cent of commercial businesses store their passwords on a smartphone, personal computer or laptop. One in three (33 per cent) commercial businesses and one in four (25 per cent) SMEs tend to use the same password for all their business-related accounts.

Despite the prevalence of fraud, businesses feel protected by their financial institution; seven out of 10 businesses were fully or partially reimbursed. Despite concern over fraud risks, 65 per cent of businesses feel protected by their bank, credit union or credit card provider when it comes to making payments. Of those who lost money through payment fraud, 32 per cent said they were fully reimbursed by their financial institution, versus 39 per cent who were partially reimbursed and 29 per cent who were not reimbursed. Overall, 57 per cent of businesses report being satisfied with the outcome, with 25 per cent who were neutral about the outcome and 18 per cent who were dissatisfied.

Just over two in five businesses (44 per cent) say that fraud and cybercrime concerns impact their payment preferences and behaviour. Many businesses expressed concern with sharing their business identity and payer information as well as performing other online activities including:

Opening unsolicited emails, texts or SMS messages (30 per cent).
Opening social media messages from unknown senders (26 per cent).
Downloading and using social media mobile apps for business purposes (22 per cent).
Sharing business and payer information online with e-commerce sites and apps (20 per cent).
Downloading and using lifestyle mobile apps for business purposes (19 per cent).
Making an online or in-app purchase (13 per cent).

Almost two in three businesses (65 per cent) would be willing to take extra steps to make an online transaction if it meant they were better protected. When transferring money online, three in five businesses (61 per cent) would be willing to better protect themselves from scams, even if the process called for more time-consuming steps.

“Businesses face the challenge of ever-evolving and increasingly sophisticated payment fraud and cybercrime threats”, said Jon Purther, Director of Research at Payments Canada. “Our study reinforces there is no room for complacency around measures to protect against and detect fraud risks for Canadian businesses regardless of size and industry, and that businesses are willing to take extra steps to make an online transaction if it meant they were better protected.”
About the study

In total, 500 Canadian businesses were interviewed online, between March 25-April 5, 2024, using Leger’s online panel. To be eligible to participate, respondents had to be either full or partial decision-makers in the business. The margin of error for this study was +/-2.5 per cent, 19 times out of 20.

Sponsored [Webinar] Exploring the ethics of AI in banking

Comments: (0)

[Webinar] SaaS savvy: Preparing for embedded and data driven bank paymentsFinextra Promoted[Webinar] SaaS savvy: Preparing for embedded and data driven bank payments