Corporate Account Takeover a New Payments Fraud Threat, Finds AFP Survey

Corporate payments fraud is as high as it ever was, according to a new survey by the Association for Financial Professionals (AFP), with corporate account takeover emerging as a serious threat. While cheques continue to be the most widely-used vehicle for payments fraud, corporations also must be vigilant to protect payments access points linked to web-based transactions and corporate cards.

The 2011 AFP Payments Fraud and Control Survey, underwritten by JP Morgan, found that despite a dramatic shift toward electronic business-to-business (B2B) payments and the adoption of preventative techniques, payments fraud has remained persistent over the last five years.

“Cheques have been a known vulnerability for many years. The fact that 93% of companies that had experienced payments fraud in 2010 are telling us that cheques were a target provides companies with a consistent incentive to shift more transactions to electronic payments,” said David Bellinger, AFP’s director of payments. “But cheques are not the only area of vulnerability. We are now seeing companies fall prey to corporate account takeover, where someone gains access to a company’s credentials and uses those to empty business accounts.”

In corporate account takeover, fraudsters use technology or social interactions – ranging from phone conversations to social networking messages – to induce an employee to divulge an organisation’s account information, allowing the fraudster to move money and cause large losses in a very short time. The AFP survey found that 14% of respondents experienced this type of fraud last year, with 2% actually suffering a loss. It has become prevalent enough to warrant warnings to businesses from the FBI and other federal agencies.

Across all types of payments fraud, criminals outside the corporation make most of the attempts, accounting for 87% of the fraud reported in the AFP survey. Roughly 10% of respondents suffered payments fraud originating from an organised crime ring or third-party/outsourcer. Only 9% of organisations were subject to internal payments fraud.

Key findings of the survey include:

  • Seventy-one percent of organisations experienced attempted or actual payments fraud in 2010.
  • Large organisations were significantly more likely to have experienced payments fraud than were smaller ones. Eighty-two percent of organisations with annual revenues over US$1bn were victims of payments fraud, compared with 58% of organisations with annual revenues under US$1bn.
  • Twenty-nine percent of survey respondents report more incidents of fraud in 2010 than in 2009.
  • Cheques were the payment format most frequently targeted by fraudsters, with 93% of affected organisations reporting that their cheques were targeted. Other payments formats targeted were:
  1. Automated clearing house (ACH) debit (25%).
  2. Consumer credit/debit cards (23%).
  3. Corporate/commercial cards (15%).
  4. ACH credits (4%).
  5. Wire transfers (4%).
  • Seventy-one percent of organisations that were victims of actual and/or attempted payments fraud experienced no financial loss from it.
  • For those that did suffer a financial loss resulting from payments fraud, the typical amount was US$18,400.


Related reading