Payment Fraud Skyrocketing
The Association for Financial Professionals recently released the findings of their 2017 AFP Payments Fraud Survey, and the numbers were pretty startling: Almost 75% of respondents reported that their companies had been victims of payments fraud in 2016, the highest reported percentage of payment-related fraud since 2005.
Interestingly, fraud is up across the board with payments - not just with checks, where one would expect to see a considerable amount of fraud, but with automated payments, as well. A major source of automated payments fraud is business email compromise, reported incidents of which increased by 10% over the previous year, according to AFP.
Payment Security Varies Widely With Payment Format
Of course, the term "automated payments" covers a wide range of electronic platforms, and not all are created equal - especially when it comes to payment security. We've often discussed the most obvious fraud-protection advantage virtual card offers over other formats, the fact that each payment is made via a one-time-use, randomly generated, sixteen-digit account number. But several lesser-known security features are baked into the platform that directly tackle email fraud, as well as general electronic payment fraud. To wit:
1) Non-Forwardable Payment Notification Email
Each payment made automatically generates an email to the payee, notifying them that funds are available. This email is not forwardable - it can't be passed along to a third party seeking to misappropriate those funds.
2) PIN-Controlled Access
In order to access a payment, the supplier must provide the correct PIN - meaning even if a third party were to gain access to the payment notification, they wouldn't be able to access the funds without the PIN.
3) Remit Controls Amount To Be Processed
The virtual card number is only good for the amount intended to pay on the remit. In other words, if the remit indicates that the purchaser is paying $100.00, if someone tries to process for even $100.01, the card payment is denied.
4) MCC Check
A final security measure is the Merchandise Category Code (MCC) check. If the industry-specific MCC for the payee does not match that of the entity attempting to process the payment, the system will trigger a decline as well. For example, if the payment is issued to a shipping company, but a home improvement company runs the card, there will be an industry mismatch and the card will decline.
The unfortunate fact is, where goes the money, so goes the fraud. Fraudsters continue to chase the next source of ill-gotten gain, and electronic payments look like an easy target. Buyer and supplier organizations alike may be justifiably leery of payment automation for this reason. If a buyer can't be assured that their funds will make it to their vendors, or a supplier cannot be be certain that they'll get paid, then automation isn't an effective solution at all. But a payment process that incorporates best-in-class security protections - and is nimble enough to respond to new forms of fraud as they come down the pike - is the ultimate union of accounts payable efficiency and efficacy.
Are you intrigued by the security, ease and revenue possibilities of virtual card? Are they too good to be true? Our quick FAQ guide answers this and 9 other pressing questions about the platform.