Identifying and Controlling Fraud Beyond the Pump
- Keywords:
- payments fraud
- business strategy
There’s been a lot of attention on card skimming, and with good reason—it’s something that directly affects customers and can have serious repercussions for an operator’s reputation. The good news? The rule requiring pumps to be equipped with EMV chip card technology by October 2020 1 is designed to mitigate that risk. But there’s another type of fraud that isn’t as widely discussed but also poses a serious risk—payments fraud at the corporate level.
We’ll explore the most common types of payments fraud faced by operators as well as some best practices for avoiding them.
Why should you care?
Payments fraud is on the rise. In 2018, 82% of financial professionals said their organizations experienced attempted or actual payments fraud, according to the Association for Financial Professionals. That was 20 percentage points higher than in 2014.2 Guarding against payments fraud is crucial for protecting your business, your customers and your stakeholders. The financial and reputational risks can be immense.
With payments fraud, you not only risk being unable to recover the money that was stolen from you, but you also incur costs related to managing, defending against and cleaning up payments fraud (these could include opening new accounts or issuing new check stock).
The adverse effects on your reputation cannot be understated. A fraud incident may make it harder for you to retain customers and employees.
Types of fraud
Despite its decline, check fraud is still the most common type of fraud, with 70% of organizations reporting check fraud activity in 2018, according to the AFP. Likely because it’s the simplest to execute—and the fact is, most companies do make it easy for fraudsters. All the information they need is one place—account number, routing number, signature, address—making tactics such as check washing (changing the payee name or dollar amount), stealing check stock or forging signatures a snap.
What’s more, fraud via Automated Clearing House (ACH) debits and credits are on the rise.2 A Fraudster only needs two pieces of information to initiate an ACH transaction: Your checking account and bank routing numbers. For example, if a criminal gets access to your credentials, they can generate an ACH file in your name and quickly withdraw funds before you might discover it.
Underlying both ACH and check fraud is business email compromise, or BEC. A company often receives a fraudulent email that appears to be legitimate, then acts on the payment instructions included in the email.
Best practices
A comprehensive approach to preventing fraud begins with understanding basic best practices and potential vulnerabilities. And keep in mind that segregation of duties (SOD) can be a key part of proper controls and minimizing fraud.
- Daily reconciliation of accounts. Best for every type of fraud, this helps you spot irregularities daily. That’s especially important for ACH fraud since your bank will typically allow two days to recover the funds.
- Positive pay. This lets you monitor and control the checks presented against your account so that only authorized items are paid.
- Payee name verification. This lets you identify potentially fraudulent checks when the payee name has changed. If a check presented for payment does not match the issue information, it will likely result in an exception.
- Segregation of accounts, including separate accounts for electronic debits initiated by a third party. A single account may seem more convenient, but if a fraud event occurs, you’ll have to rework your entire banking structure.
- Post No Checks restrictions. This prevents check debits from posting against your account automatically.
- ACH debit blocking. This enables you to specify which companies can post ACH debits to your accounts while blocking others that are not authorized. You can also limit the amount of money that can be debited, or block all ACH debits from posting.
An ongoing battle
As an operator, your primary concern should be growing your business, not trying to recover stolen funds. That’s why preventing fraud is not an area where you should cut corners—nor can you afford to remain complacent once you’ve put policies and procedures in place. Your strategy needs to evolve as the threats from fraudsters grow more sophisticated. That includes having ongoing discussions with your treasury provider regarding the latest best practices.
If you haven’t been affected by payments fraud, count yourself lucky. It’s typically a matter of when, not if, you’ll experience fraud. That’s why, beyond the best practices mentioned above, it’s necessary to maintain a comprehensive fraud-mitigation strategy to help reduce the likelihood of a fraud event, as well as to minimize the damage should one occur.
1 Visa
Read more
Bo Osburn, CTP
Director, Treasury & Payment Solutions
There’s been a lot of attention on card skimming, and with good reason—it’s something that directly affects customers and can have serious repercussions for an operator’s reputation. The good news? The rule requiring pumps to be equipped with EMV chip card technology by October 2020 1 is designed to mitigate that risk. But there’s another type of fraud that isn’t as widely discussed but also poses a serious risk—payments fraud at the corporate level.
We’ll explore the most common types of payments fraud faced by operators as well as some best practices for avoiding them.
Why should you care?
Payments fraud is on the rise. In 2018, 82% of financial professionals said their organizations experienced attempted or actual payments fraud, according to the Association for Financial Professionals. That was 20 percentage points higher than in 2014.2 Guarding against payments fraud is crucial for protecting your business, your customers and your stakeholders. The financial and reputational risks can be immense.
With payments fraud, you not only risk being unable to recover the money that was stolen from you, but you also incur costs related to managing, defending against and cleaning up payments fraud (these could include opening new accounts or issuing new check stock).
The adverse effects on your reputation cannot be understated. A fraud incident may make it harder for you to retain customers and employees.
Types of fraud
Despite its decline, check fraud is still the most common type of fraud, with 70% of organizations reporting check fraud activity in 2018, according to the AFP. Likely because it’s the simplest to execute—and the fact is, most companies do make it easy for fraudsters. All the information they need is one place—account number, routing number, signature, address—making tactics such as check washing (changing the payee name or dollar amount), stealing check stock or forging signatures a snap.
What’s more, fraud via Automated Clearing House (ACH) debits and credits are on the rise.2 A Fraudster only needs two pieces of information to initiate an ACH transaction: Your checking account and bank routing numbers. For example, if a criminal gets access to your credentials, they can generate an ACH file in your name and quickly withdraw funds before you might discover it.
Underlying both ACH and check fraud is business email compromise, or BEC. A company often receives a fraudulent email that appears to be legitimate, then acts on the payment instructions included in the email.
Best practices
A comprehensive approach to preventing fraud begins with understanding basic best practices and potential vulnerabilities. And keep in mind that segregation of duties (SOD) can be a key part of proper controls and minimizing fraud.
- Daily reconciliation of accounts. Best for every type of fraud, this helps you spot irregularities daily. That’s especially important for ACH fraud since your bank will typically allow two days to recover the funds.
- Positive pay. This lets you monitor and control the checks presented against your account so that only authorized items are paid.
- Payee name verification. This lets you identify potentially fraudulent checks when the payee name has changed. If a check presented for payment does not match the issue information, it will likely result in an exception.
- Segregation of accounts, including separate accounts for electronic debits initiated by a third party. A single account may seem more convenient, but if a fraud event occurs, you’ll have to rework your entire banking structure.
- Post No Checks restrictions. This prevents check debits from posting against your account automatically.
- ACH debit blocking. This enables you to specify which companies can post ACH debits to your accounts while blocking others that are not authorized. You can also limit the amount of money that can be debited, or block all ACH debits from posting.
An ongoing battle
As an operator, your primary concern should be growing your business, not trying to recover stolen funds. That’s why preventing fraud is not an area where you should cut corners—nor can you afford to remain complacent once you’ve put policies and procedures in place. Your strategy needs to evolve as the threats from fraudsters grow more sophisticated. That includes having ongoing discussions with your treasury provider regarding the latest best practices.
If you haven’t been affected by payments fraud, count yourself lucky. It’s typically a matter of when, not if, you’ll experience fraud. That’s why, beyond the best practices mentioned above, it’s necessary to maintain a comprehensive fraud-mitigation strategy to help reduce the likelihood of a fraud event, as well as to minimize the damage should one occur.
1 Visa
What to Read Next.
Fueling Growth: Delivering Foot Traffic
August 16, 2019 Fuel Services, Retail And Wholesale Distribution
Kohl’s has done it. Rite Aid has done it. Best Buy has done it. Have you? Maybe you’ve achieved a good mix of in-stor…
Continue Reading>
Tell us three simple things to
customize your experience.
