Payment Security 101
Learn about payment fraud and how to prevent it
Payment fraud isn’t just bad news for individual consumers; it’s also a huge drain on businesses that are defrauded every year. By 2030, payment card fraud losses are projected to hit $49 billion and it continues to grow rapidly year after year.
Here are some staggering payment fraud statistics that every business should know about to protect themselves from scammers and reduce the burden of payment fraud on their bottom line.
In an increasingly digital world, finance teams are still relying on manual controls and outdated processes, exposing themselves to potential cyber-risks. Cyber-criminals that are armed with sophisticated tactics can exploit these controls to commit financial fraud. To combat such threats, AP teams must prioritise the adoption of secure payment methods.
According to the report, most victims sought help from the police or ReportCyber to prevent cyber-crime from reoccurring. It’s important to note for consumers and organisations that there are services that provide assistance in the aftermath of a cyber attack such as IDCare. IDCare is Australia’s national identity and cyber support service for all individuals and businesses.
Each year the Australian Payments Network collects payment fraud data demonstrating how dangerous fraud is on Australian credit cards when used overseas. Australian merchants come across various types of fraud perpetrated such as card-not-present, counterfeit/skimming, lost/stolen, never received, fraudulent application and other forms.
To add further, 7% of fraud and scam victims lost more than $10,000.Most victims of cyber-crime do not recoup the money they have lost. A key takeaway is that CFOs can achieve substantial cost savings by investing in robust cybersecurity controls, as opposed to incurring financial losses from a potential cyber-attack.
According to a payment fraud study, nearly one in five organisations said their most disruptive incident had a financial impact upward of $50 million. Large organisations typically deal with substantial financial transactions and valuable data, making them attractive targets for cyber-criminals. Much like the recent attacks seen in the press this year with Optus and Latitude Financial.
Payment fraud is a threat that businesses must protect against. To do so, they must educate their employees about payment fraud practices and rely on technology and methods to prevent it. CFOs can start by building a cybersecurity culture to raise awareness of payment threats and risks.
According to the payments fraud statistics report by PYMNTs, internal fraud is often caused by a lack of solid internal controls related to accounts receivable (AR). Malicious employees otherwise known as insider threats take advantage of weak or absent internal controls in AR. As a result of manipulated financial transactions and lack of oversight, organisations incur significant financial loss.
Payment fraud losses have more than tripled since 2011 and are expected to exceed $40 billion by 2027 according to the Global Payment Fraud report. The financial impact can be devastating to look at for all individuals.
All CFOs and Accounts Payable (AP) teams should be alert to internal perpetrators, also known as insider/internal threats. Since they have access to company data, employees with malicious intent often cause more harm than external perpetrators.
Every year, scammers come up with innovative ways to scam businesses. The growing threat of payment fraud is taking a toll on the reputation of financial institutions, and consumers are at risk. Fraudulent transactions can occur when fraudsters are impersonating suppliers and vendors through invoices, and executives through phishing tactics.
Over the past year, financial leaders are starting to identify the benefits of machine learning and AI. CFOs can leverage machine learning and AI to enhance fraud management by employing advance fraud detection algorithms and risk scoring. By replacing certain manual controls with automated controls, CFOs can streamline fraud management workflows.
Small to medium enterprises (SMEs) are still incorporating manual controls even in the age of advanced technology. Solely relying on manual controls can be risky. It can lead to errors, inefficiencies and vulnerability. Particularly if there is insufficient resources or staff. The important thing for finance leaders is to have a balanced approach that combines both manual and automated controls in fraud management.
Credit card verification still remains as the most commonly used fraud prevention tool. This tool makes it harder for cyber-criminals to infiltrate payment systems to due to strong authentication defence layers. Depending on the service, it can alert organisations in real-time, making it a great fraud detection tool.
Credit card verification is a process that merchants my use to verify the identity of a consumer prior to making a transaction. This anti-fraud security feature helps businesses in creating a secure environment for consumers to make online transaction. Combating against unauthorised transactions. Similarly to credit card verification, Eftsure’s payment protection solution verifies the banking information of an organisation’s suppliers when processing electronic funds transfers (EFTs).
Any type of organisation regardless of size and industry can fall victim to BEC attacks. The current trend according to the 2023 AFP payment fraud report, is that fewer smaller organisations (with an annual revenue of less than $1 billion) were targeted of BEC. BEC attacks are initiated when organisations receive fraudulent emails impersonating an executive officer, supplier or employee of the business.
Fraudsters are more likely to be males in their 30s, according to the 2019 United States Sentencing report. However, one shouldn’t assume that all fraudsters are the same age or are just a few individuals. There is no age limit to the types of criminal activity hackers engages in. A device or network is all that is required to perpetrate such malicious acts.
Other than Credit card fraud, there are other types of fraud, including government documents fraud, benefits fraud, loan/lease fraud, bank fraud, and employment/tax-related fraud. Fraudsters have a range of methods they can use to steal money from your bank account.
The percentage of organisations that were victims of fraud attacks via corporate/commercial credit cards rose from 26% to 36% in 2022. Its evident that emails are frequently used by cyber-criminals to infiltrate company networks. According to reports, despite extensive measures implemented like anti-fraud training and software, BEC still continues to be one of the primary sources of fraud at organisations.
Over the last couple years in-store payment security has been advancing, which has allowed the ecommerce industry has become a prime target for payment fraud. Despite the slowing growth of fraud in retail environments, the continued expansion of ecommerce transactions has led to a persistent high level of losses. This can pose a significant challenge for merchants and issuers, as fraud-related losses can impact their bottom line and destroy customer trust.
Multiple fraudulent charges are common in the United States. According to research, 23% of respondents say they had a fraudulent charge on a credit card at least once, whereas 9% of individuals had been charged over 4 times.
For small businesses, it is vital to invest in security options for payments. Set up security alerts and email notifications to protect your business. Additionally, the use of complex passwords combined with pin codes can stop 99% of attacks.
Hackers have found a way to find cards without damaging databases, and their numbers are also being sold on the dark web. Hackers can do this using brute force attacks, which is the process of having computers guess your passwords in a short amount of time before finding the right combination.
To reduce your risk of online payment fraud, the Australian Payment Network suggests that you employ your financial institution’s fraud prevention options at all times. For instance, this involves fraud alerts that push notifications through to your phone anytime your account is used.
APP fraud happens when a fraudster deceives an individual into sending a payment to a fraudulent bank account. The 207,000 reported cases is only a subset of payment firms. Unfortunately there are many cases that go unreported, which means that the APP fraud figure is likely to be a lot higher. Other than financial loss, consumers and businesses undergo indirect hardships like reputational damager or emotional distress.
Other than financial gain, there are other goals that cyber-criminals attempt to achieve. For instance, sensitive information and related company data are valuable to scammers. Scammers use this data in the dark web to commit other fraudulent activity.
There are several digital solutions that can assist CFOs enhance their fraud prevention measures. This includes AI-powered fraud detection solutions, machine learning, blockchain technology, biometric authentication, digital identitiy verification and more. In a digital world, CFOs should look to implement a fraud prevention strategy that meets the needs and objectives of their organisation.
According to the AIC cybercrime Australia 2023 report, small to medium business owners, operators, and managers have experienced notably higher rates of all types of cybercrimes. The report highlights that Australia is an attractive target for opportunistic and motivated cyber-criminals, primarily due to the relative wealth of the Australian population.
According to reports from Scamwatch, large enterprises suffered a median loss of $4200 whereas smaller companies lost an average of $8000 to BEC scams and payment redirection. Emails are the main distribution channel used to perform this scam.
Skimming is a popular technique by which fraudsters steal credit card details by using a device attached to an ATM or a merchant’s terminal. Credit card counterfeiting is more common than people think. Using this information, a counterfeit card is then created to commit fraud.
The prevalence of counterfeit/skimming fraud in Australia has declined since the adoption of digital payments. The COVID-19 pandemic illustrates that restrictions and lockdowns have accelerated the previously occurring shift towards online payment channels. Due to the increased use of online transactions, fraud continues to increase.
Over 50% of all fraud cases in Australia are related to Card-Not-Present transactions, according to the Australian Institute of Criminology. Small businesses have found methods to make payments securely through the use of Apple Pay, Samsung Pay, and Google Play.
Counterfeit/skimming fraud can be challenging to manage due to the sophisticated techniques employed by cyber-criminals. They often use fake ATMs or payment terminals that closely resemble genuine ones, making detection difficult for consumers. Therefore, individuals should prioritise contactless payment methods like mobile wallets or contactless cards whenever possible.
When it comes to payment fraud, there are several tactics that fraudsters use:
Phishing: This involves sending a fake message to trick the recipient into disclosing sensitive information to the attacker or installing malicious software on the victim’s system such as ransomware.
Identity Theft: A fraudster can commit identity theft in several ways. It usually occurs when he or she uses someone’s identifiers, such as their name, identifying number, or credit card number, without their permission.
Business Email Compromise: Often referred to as spear phishing, business email compromise (BEC) is a type of targeted phishing where criminals target businesses and attempt to steal finances or goods through an email or invoice. Any employee can be targeted during a BEC attack.
Criminals know how to use technology to their advantage, and businesses need to recognize the risks and take precautions to avoid them. There are several solutions businesses can use to mitigate risks, such as segregation of duties, multi-factor authentication and tokenization.
If you believe that company funds have been stolen, or a data breach has occurred, you need to contact your bank right away and report the crime to the police. In our 7 tips to recover from fraud guide, we explore this in more detail.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.