Payments Fraud: Find Your Vulnerabilities

The complexity of account structures is just one reason behind the increase in payments fraud. Find out what you need to know to identify and manage your vulnerabilities.

Payments fraud remains an ugly fact of life all around the treasury world. Simply look to several statistics revealed in the 2014 AFP fraud survey, an annual barometer for treasurers. Approximately 66 percent of organizations with revenues in excess of US$1 billion were subject to attempted or actual fraud last year. And 27 percent of survey respondents reported that the number of fraud incidents in 2013 increased over 2012.1

The survey also illustrates that checks continue as the primary payment type targeted by fraudsters in 2013, but other payment vehicles, including corporate/commercial cards and wire transfers, show an alarming rise in incidents.

One of the key drivers behind this trend, the Achilles heel for treasury, is the complexity of account structures—multiple accounts in different currencies and formats to suit the needs of a global marketplace. Another driver is the lack of visibility into the way those accounts were initially set up and how they are used today. Because of those factors and the proliferation of accounts as companies expand, statistics from the AFP study show that a large firm is 24 percent more likely to experience fraud when compared to a smaller organization with fewer accounts and less complexity.2

Results show the need for new security models and strict controls should remain at the forefront for all organizations. Click here to view the 2014 AFP Payments Fraud and Control Survey.

If you are among the many who feel at risk, there are certain steps you can take to move to a more protected operational state.

Seven Best Practices for Fraud Prevention

The seven tips below, developed with the input of treasury groups familiar with various fraud scenarios, offer a framework for discussion and actions to help coordinate a strong, comprehensive defense.

1. Segregate accounts by type (A/P, payroll, claims, etc.) and by method (ACH, check, wire) — This process enhances your ability to monitor account activity and to implement additional fraud controls (e.g., post no check, ACH debit block, etc.).

2. Document and implement internal controls, including segregation of duties and dual approval — Your ability to define roles and responsibilities within the organization will support accountability, and dual controls and the segregation of duties help to limit the potential for errors and internal fraud. We also highly recommend that you document HR policies around employee onboarding and departures to ensure access controls are in place.

3. Outsource non-key functions (such as check printing and distribution) to trusted partners — In most situations, by outsourcing non-critical functions to a secure service provider, you can reduce fraud risk. For example, managing check stock, printing technology and associated disaster recovery functions in-house requires a significant investment in oversight and access controls. Outsourcing to a trusted partner alleviates such requirements by leveraging your partner's investment in these areas.

4. Migrate to electronic payment methods (ACH, card, wire) — As highlighted in the AFP study, checks will always be easier targets for fraudsters, as check fraud is inherently less complex to commit.

5. Consistently monitor and reconcile account activity — Daily reconciliation of all account payments to identify discrepancies in a timely fashion enables you to take immediate action for resolution.

6. Keep vigilant on the latest fraud trends and techniques — Knowing the latest trends and crime innovations (e.g., recent wire fraud that was carried out using duplicitous email addresses) will help you to monitor threats against your firm.

7. Leverage all available bank tools and services to protect yourself — Making sure you have all the available protections on all of your accounts is essential to ensure you are mitigating your fraud risk. For example, if you have an account that no longer will issue checks, then putting a post-no-check flag on that account is an easy way to limit the potential for check fraud.

Payments fraud prevention certainly requires an investment of time and resources. However, reputational damage resulting from fraud or a significant data breach may be far more costly than the investment in preventative measures.

1. Association for Financial Professionals (AFP), “2014 AFP Payments Fraud and Control Survey,” sponsored by J.P. Morgan, April 18, 2014,

2. Ibid.


Copyright © 2018 JPMorgan Chase & Co. All rights reserved.