Fraud mitigation: What every business needs to know.

When it comes to fraud, it’s seemingly no longer a question of IF a business will be impacted, but WHEN. According to the 2024 survey from the Association for Financial Professionals (AFP), 80% of organizations reported having been targets of payments fraud activity in 2023, up from 65% in 2022. It’s more important than ever to stay on top of fraud trends as well as current fraud mitigation tools and solutions.

Types of fraud.

The most prevalent types of fraud and scams remain the same as in recent years:

1. Business email compromise (BEC): When a criminal compromises a legitimate email account and spoofs the owner’s identity to defraud the company or its employees, customers or partners.
2. Phishing: A fraudster will send a request for action, often with an urgent deadline. The links within these emails can give fraudsters an opportunity to gain access to and/or place malware on your device.
3. Ransomware: Malware used to encrypt files on a device and render files and/or systems unusable. Fraudsters then demand ransom in exchange for decryption.
4. Business identify theft: A type of identity theft committed with the intent to defraud or hurt a business by creating, using, or attempting to use a business’s identifying information without authority.

Even though the main types of scams haven’t changed, artificial intelligence (AI) is making it easier for fraudsters to impersonate people and create more realistic emails. In some cases, they can gain access to your accounts and lurk long enough to get a sense for how you write and who you’re emailing, making their fraud attempts even more convincing.

“There’s authorized fraud and unauthorized fraud,” said Angie Pavlich (Senior Manager, Product Management – Commerce Bank). “Authorized fraud is when a scammer tricks an authorized person to make a payment through proper authorized channels. We try to help by giving strategies for fraud mitigation and having system controls such as requiring strong passwords, having out of band authentication and dual approval within the payment channels. But if someone falls for an email they think is legitimate and send payment through legitimate channels, there’s not much more we can do. That’s why it’s so important for our customers to stay vigilant and why it’s important that we give our customers strategies for fraud mitigation and continually check in with them.”

Fraud conversations: When and how?

Much of fraud mitigation, particularly when it comes to authorized fraud, hinges on education, which must be a team effort between the customer and their bank. For example, Commerce shares fraud mitigation strategies with customers who use Commerce Connections® and requires client acknowledgement twice a year.

“I talk about fraud at every call because it’s so prevalent,” said Joseph Chapman (Treasury Management Officer). “I often share that ever since COVID, I’ve been hearing about fraud attempts 3–4 times a week. I’ll talk with them about the importance of internal controls, monitoring employee behavior and educating their staff when it comes to changing payment instructions. If customers get an unsolicited call from someone saying they’re a vendor wanting to change a payment method, make sure to end that call, and call the vendor with the phone number on file to verify.”

Fraud mitigation solutions and resources.

According to the AFP, checks continue to be the payment method most susceptible to fraud, making Positive Pay a valuable solution for any customer sending check payments. This feature electronically uploads your issued checks into our system which then compares the amount on file with the check when it’s presented for payment. Any discrepancies trigger an alert for customers to make a “pay/no pay” decision. Commerce also adds a dual layer of protection so that anything rejected in the first pass is sent for a manual review by an operator. Positive Pay also automates the reconciliation and check storage process for additional security. 

Commerce also offers Premium Positive Pay, which verifies the check’s payee information against the provided electronic file, and Reverse Positive Pay, which allows the customer to review all checks presented on that account through a daily file of paid items.

Other solutions we offer to help reduce a customer’s exposure to fraud include:

• ACH Risk Manager: Customers set criteria for ACH payments, such as vendor, amount, frequency, and more. Any transactions not matching the set criteria are presented as exceptions for the customer to review and decision.
• Email alerts: Customers enrolled in ACH Risk Manager, Positive Pay, or wire notifications can opt in to email notifications. Depending on the solution, Commerce will notify customers of account activity such as unauthorized ACH transactions, check discrepancies, exceptions awaiting decision, or wire transfers.
• Payment Hub ACH enrollment: This feature matches vendor DDA and routing numbers against data points in a database to provide a pass/fail recommendation.
• CollectPay® online bank account validation: A validation check runs whenever a new DDA is added or when an existing bank account is edited within CollectPay® Online. The DDA number is compared against a large database prior to a transaction being submitted and assigned a pass/fail value.

Fraud evolves rapidly and staying proactive is your best defense. By leveraging some of the tools mentioned above, businesses can reduce their exposure to fraudulent activity. However, technology alone isn’t enough—ongoing education, strong internal controls and an unwavering relationship with your bank are key.

If you have questions or concerns about the strength of your own fraud mitigation tools, we’re here to help.

CommercePayments® solutions are provided by Commerce Bank.