Payment Fraud Continues to Grow
The Association for Financial Professionals recently released the findings of their 2018 AFP Payments Fraud Survey, and the numbers were pretty startling: 78% of respondents reported that their companies had been victims of payments fraud in 2017, up from less than 75% the year before. The good news is that check fraud decreased slightly from 2016, but ACH fraud continued to be high, both for debit and for credit payments. A major source of this fraud is business email compromise, or BEC. It's clear that electronic payments are here for the long term, so what can users do to fight risk and ensure the security of their funds? Is fraud inevitable with automated payments?Payment Security Depends on Payment Format
The term "automated payments" covers a wide range of electronic platforms, and not all are created equal - especially when it comes to payment security. We've often discussed the most obvious fraud-protection advantage virtual card offers over other formats, the fact that each payment is made via a one-time-use, randomly generated, sixteen-digit account number. But several lesser-known security features are baked into the platform that directly tackle email fraud, as well as general electronic payment fraud. To wit:
1) Non-Forwardable Payment Notification Email
Each payment made automatically generates an email to the payee, notifying them that funds are available. This email is not forwardable - it can't be passed along to a third party seeking to misappropriate those funds.
2) PIN-Controlled Access
In order to access a payment, the supplier must provide the correct PIN - meaning even if a third party were to gain access to the payment notification, they wouldn't be able to access the funds without the PIN.
3) Remit Controls Amount To Be Processed
The virtual card number is only good for the amount intended to pay on the remit. In other words, if the remit indicates that the purchaser is paying $100.00, if someone tries to process for even $100.01, the card payment is denied.
4) MCC Check
A final security measure is the Merchandise Category Code (MCC) check. If the industry-specific MCC for the payee does not match that of the entity attempting to process the payment, the system will trigger a decline as well. For example, if the payment is issued to a shipping company, but a home improvement company runs the card, there will be an industry mismatch and the card will decline.
The unfortunate fact is, where goes the money, so goes the fraud. Fraudsters continue to chase the next source of ill-gotten gain, and electronic payments look like an easy target. Buyer and supplier organizations alike may be justifiably leery of payment automation for this reason. If a buyer can't be assured that their funds will make it to their vendors, or a supplier cannot be be certain that they'll get paid, then automation isn't an effective solution at all. But a payment process that incorporates best-in-class security protections - and is nimble enough to respond to new forms of fraud as they come down the pike - is the ultimate union of accounts payable efficiency and efficacy.
Are you intrigued by the security, ease and revenue possibilities of virtual card? Are they too good to be true? Our quick FAQ guide answers this and 9 other pressing questions about the platform.