AFP: Multi-layered Approach to Check Fraud Not Just for FIs
- 2024 saw a 15% increase in fraud attacks and attempts over the previous year
- A multi-layer approach to fraud prevention is recommended
- Also vital are robust email security measures, including two-factor authentication & email scanning
Readers of our blog know this simple fact: There is no "single technology" that can detect the majority of counterfeit, forgeries, and altered checks. In fact, FIs across the US have adopted the "Multi-layered Technology" approach to combatting check fraud, deploying complementary technologies such as behavioral/transactional analysis, image forensic AI, payee positive pay, consortium data, and dark web monitoring, to achieve 95% fraudulent check detection rates.
Now, businesses are having a similar approach recommended to them. As noted by the Association for Financial Professionals, payments fraud continues to be a growing threat for organizations. The 2024 AFP Payment Fraud and Control Survey, in fact, reports a 15-percentage point increase in fraud attacks and attempts over the previous year. As fraudsters become more sophisticated, companies must take a proactive, multi-layered approach to safeguarding their financial operations.
The article highlights several key fraud mitigation strategies that organizations should implement, including this insight from Chris Ward, Head of Enterprise Payments at Truist:
Fraud prevention requires a multi-layered approach, combining tools like positive pay, payee positive pay, tamper-resistant checks, segregation accounts and daily reconciliations. "There's not one single thing you should do and just assume you can sleep at night," said Ward. "You have to layer all these items in."
Overview of Check Fraud Detection Technologies for Business
Mr. Ward notes several technologies and methods for businesses to secure check payments:
- Positive Pay/Payee Positive Pay: While these systems are not new, positive pay systems has seen greater exposure as a solution to address the growing check fraud challenge. It's important, however, to understand that if the positive pay does NOT provide a payee match, these systems are susceptible to alterations.
- Daily reconciliation: Positive Pay/Payee Positive Systems rely on businesses to participate in the process to review exceptions. Businesses need to take it a step further and review all check transactions to ensure the payments have been received by the correct end-user.
- Segregations of accounts: It's important for businesses to avoid storing all their funds in a single account. This can lead to large amount of funds accessible to fraudsters.
- Tamper-resistant checks: Ordering checks has never been easier. However, many businesses have looked to cut costs by ordering simple check stock online and using desktop printers to create their check payments. These checks are most desirable to fraudsters, as they are easy to alter or counterfeit. It's recommended that businesses purchase check stock with various security features, such as security marks and color distortion that appear when exposed to chemicals.
Additional Recommendations from AFP
Organizations must cultivate a culture of skepticism and vigilance, empowering employees to question suspicious activity and verify the legitimacy of payment requests.
Mr. Ward notes:
"Vigilance with a healthy dose of skepticism is required to combat fraud ...If somebody is raising a red flag, you should assume that's correct and try to prove that it isn't fraud," he said. "I've had case after case recently where clients saw the signs but didn't stop. If it's too good to be true, it's probably a scam."
Additionally, thorough verification of any changes to vendor information is critical, as fraudsters often use this as an entry point to infiltrate payment systems.
Fraudsters often make incremental changes to vendor details (e.g., phone numbers or addresses) before altering bank accounts. This means all change requests should be verified thoroughly, even those that seem minor.
And, let's not forget to secure employee email accounts, as BEC can lead to major fraud:
The panelists recommended two-factor authentication, external email notifications and email scanning software to help reduce BEC fraud risks. "Austin's IT group has several tools to combat spyware and spam," said Brown. "We thoroughly scan every email message, which adds a little time for delivery to your inbox, but it's added additional layers of security."
Businesses need to understand that they are a major target for fraudsters -- particular when it comes to check fraud. By doing their part and securing their check payments, they can help ensure that fraudsters are unsuccessful in infiltrating their workplace.