The 2010s were all about disruption—the 2020s promise to zero in on payment security.
Last year, the Association for Financial Professionals published its 2019 AFP Payment Fraud and Control Survey. The comprehensive report was filled with enormous amounts of information on the variety of fraudulent activities that businesses are seeing these days. One image that stuck with me, however, was the reporting of payment fraud over time by payment type.
As a financial technology (fintech) company, we scrutinize our most important data in terms of payment type, and this graph reinforces what we have said all along: ePayments reign supreme when it comes to security and fraud protection.
Before we break down this chart, I want to highlight Nvoicepay’s realist perspective on payment security: fraud is going to happen, no matter what payment types you use, no matter how secure your protocols are. Fraudsters are good at what they do, and their technology improves and changes constantly. But you can take measures that raise the quality of your own technology, and offer flexibility and adaptability in the wake of security threats. One of those measures is adopting payment automation.
Back to the chart: The first thing that drew my eye was the top line, which shows a decrease in fraud threats on check payments over the last decade, from a 93 percent high in 2010 to 70 percent—its lowest ever—in 2018. Does this mean that Positive Pay and Positive Payee efforts put in place by banks are working? Maybe a little. But it probably isn’t the whole story.
It’s more likely that companies are making fewer payments by check, so there’s just less in circulation worth stealing. But even though the overall percentage of check fraud has reduced, it’s still astronomically high when compared to every other payment type available, by at least 25 percent. Paired with the generally high expense of issuing checks, and the way that Positive Pay and Positive Payee solutions eat up money and AP time, check payments almost certainly have one foot out the door.
When most people hear the term “electronic payment,” they think of wire payments. Unfortunately, this is also probably true for most fraudsters, because the study shows that wire fraud cases rose from a paltry three percent in 2009 to 48 percent in 2015 and 2017. In 2018, it lowered to 45 percent. Though we’ll probably never again see the low fraud percentages that we enjoyed at the beginning of the decade, it will be interesting to see how 2019 fares, since more companies are shoring up their security.
How could wire payments get so bad so quickly? The AFP survey highlights the parallels between the rise in wire payments and instances of Business Email Compromise (BEC), by which fraudsters hack into legitimate business emails and request that payments be routed to fraud accounts instead of authentic ones.
Even though wire payments ranked as the second-highest payment type to experience fraud from 2015 to 2018, they remain significantly lower than checks, despite the rise in their use. Sometimes wire payments are unavoidable, such as when making payments across certain international borders, or when taking advantage of payment discounts. In those cases, it’s best to tighten security protocols among your AP processes, or enlist the help of a payment automation solution to do it for you.
AFP breaks ACH into two groups: ACH credits (“push transactions,” when money is pushed to the supplier’s account) and ACH debits (“pull transactions,” when money is drawn from your account at the supplier’s request).
At first glance, either ACH option looks like the way to go, despite ACH processes requiring an ample amount of paper. Even though reported fraud cases have risen over the last decade, neither push nor pull transactions have seen a major spike, and both remain consistently low in relation to other payment types. If I were a weary business owner brainstorming how to escape the nightmares of check fraud, this chart would push me to look a little more closely at ACH.
Then why the trepidation? There’s no doubt that ACH is a good option, especially for someone who has kept electronic payments at arm’s length. And the simplicity of depositing funds straight into supplier accounts makes this method ideal for suppliers who want to reduce bank trips. But when fraud occurs, it can be a huge pain to sort out, and can sometimes result in big losses.
For example: say you just pushed money to a supplier account, only to realize that your supplier’s email request to update bank information was spoofed, and the money is heading for a fraudulent account instead. Generally, you have between three and seven days (depending on your bank) to request a reversal of funds—but the bank’s capacity to execute a full reversal depends completely on each unique circumstance. Most commonly, when the money’s gone, it’s gone, and there’s no getting it back. And you still have to pay your supplier.
Here’s where things become less cut-and-dried. It appears that the AFP report specifically tracked credit and debit card fraud instances. But these days, the term “card” is multifaceted. It could mean any number of things to each business, including:
Even though credit cards began the decade as the second-highest payment option to experience fraud, by 2018 they remained consistent, even slightly lowered (-8%), despite the rise in credit card use. Security protocols like the Address Verification Systems (AVS) and Payment Card Industry (PCI) Security Standards played a large role in keeping card fraud in check over the years. The fact that credit and debit cards are now among the fraud-prone payment types in the AFP study says a lot about their viability as a leading payment option.
What, then, of the other card types? For now, they’ll have to settle for being grouped together. On the back end, however, payment automation solutions that offer prepaid cards or single-use card numbers have reduced card fraud even further, while adhering to the same strict card standards as the traditional plastic ones.
What can we learn from all this information? I think, more than just the rise of payment fraud, it gives us insight into how the payment microcosm is shifting. A higher percentage of companies reported fraud across more payment types in 2018 than in any previous year—and that number is likely not going to drop much. But there are ways to mitigate risk.
Here are a few ideas on how to do that:
I’ll be very interested to see how AFP’s 2019 report captures the heightened awareness of fraud within the last 12 months. We’re in the midst of a B2B payment evolution, and each year of data continues the story of the quest for secure payments. Despite the rise in fraud, electronic payments provide more protection from fraud than was ever possible for manual check. No matter how your company chooses to splice your payment types, the question remains: how will your AP team scale with the growing fraud instances that come with manual payment processes?