AFP released its 2018 Payments Fraud Survey this week and it reports that payments fraud attempts have risen, again. Fraud attempts were found at 78 percent of organizations, up from 74 percent the year before. While this is no surprise (in fact, it was easily predicted in this 2018 Predictions blog), the survey did include some other interesting metrics that we in corporate treasury can draw from.
Who finds fraud?
Treasury finds fraud, at least in 2/3 of the organizations surveyed by AFP. While this deserves a round of applause for treasury (yay treasury!), it also masks a darker conclusion. Payments and A/P staff identified fraud in only 41 percent of organizations – meaning that both A/P and Treasury were successful in stopping fraud in only a small amount of scenarios. Why is this?
Additional reading: Ten Best Practices for Addressing Payments Fraud
The answer is that organizations continue to rely on human eyes to enforce payment policies. And people can make mistakes, especially as they take on more responsibilities and have to review more data or match payments against more fraud scenarios. Fortunately, AI-based payment detection is increasing in sophistication, with complex algorithms now able to detect custom fraud scenarios in real-time. This will build a better line of defense and, in some cases, these tools are built into payment workflows in treasury management systems.
Who cannot be expected to find fraud?
The answer is your bank. This is not to say that your bank is not a partner in protecting your organization against payments fraud. In fact, banks invest heavily in complex screening solutions to help ensure that the payments they clear are legitimate.
There are two reasons not to rely on your banks for fraud prevention:
- It is not their job. Banks are certainly responsible for OFAC and other sanctions list screening (although an argument can be made that treasury should have their own watchlist screening abilities), but they are not your fraud detection solution.
- Real-time payments. Payments are getting quicker all the time, with SWIFT recently reporting that a majority of GPI cross-border payments clear within 30 minutes. That does not leave much time to claw-back a payment should a problem be found. Further, real-time initiatives such as SEPAInst and The Clearing House’s RTP promise immediate settlement of low value payments. And these developments are coming at the same time as the emergence of non-bank payment solutions such as Ripple, who leverage distributed ledgers (“Blockchain”) for immediate payment delivery.
It is likely that real-time payments will become the market standard in the very near future, increasing the importance for corporates to have similarly real-time detection methods to prevent cybercriminals and internal fraudsters from exploiting the expedient settlement of these payments.
Is there any good news in the fight against fraud?
Yes! While fraud attempts predictably increased, fraud success – especially via BEC schemes – is starting to fall. In fact, according to the new survey, 86 percent of organizations indicated they either had or were in the process of implementing controls to fight BEC schemes.
This decline in successful BEC schemes demonstrates two important developments:
- Corporate treasury teams are working with their information security counterparts to identify risk exposures and better protect payments systems from attack.
- Resources are being made available to corporate treasurers to combat fraud, including strengthening controls, data security, login protection, and fraud detection software.
There is more work to do, especially as fraudsters evolve their own methods of attack by adopting AI technologies themselves. But the fact that corporate treasury is starting to invest in better fraud protections is a positive sign and a critical step in the continuing fight against fraud.