Fraud Prevention

Business Email Compromise – What You Need to Know Now

Protecting your business against the “invisible hand” of payments fraud

Payments fraud is not only alive, but thriving, now slipping its tentacles into 82 percent of companies surveyed for the 2019 AFP Payments Fraud and Control Survey. To put this in perspective, this same survey found 60 percent of companies reporting incidents of payments fraud just five years ago.

These rising numbers naturally beg the question: how are scammers gaining access to the inner sanctums of America’s businesses? While 75 percent of organizations reported check fraud, one increasingly popular way is through a relatively new phishing scheme, business email compromise (BEC). Infiltrating a record 80 percent of surveyed companies in 2018, up from 64 percent in 2014, this insidious break-in tactic relies heavily on social engineering to trick unsuspecting employees.

BEC scammers first do their homework, learning all they can about their corpoce target, typically the CEO, CFO, or any executive authorized to approve the release of confidential data or corporate funds. Then they impersonate that unsuspecting “author” by crafting an email instructing that data or funds (typically in the form of check or wire transfer) be sent to a third party (the scammer). The majority of corporate BEC victims, 54 percent, reported financial loss due to this highly sophisticated—and continually morphing—mode of trickery.

The majority of corporate BEC victims, 54 percent, reported financial loss due to this highly sophisticated—and continually morphing—mode of trickery.

What—or who—is to blame for the success of scams like BEC?

It’s become an almost knee-jerk reaction to blame IT when our business communication systems are compromised. But, according to the Ponemon Institute’s 2019 Cost of a Data Breach Report, one quarter of all corporate data breaches are caused by human error.

Today’s payments fraud trends serve as a warning call for companies to take preventative measures, ranging from employee education to implementing products and procedures that better protect what is typically the weakest link in the chain—the human link.

4 steps you can take to protect your company

  • Keep employees current on fraud trends as they evolve, including how to spot a fraudulent attempt. With the right training and education, they can be your best asset in terms of preventing and detecting fraud.
  • Train relevant employees to confirm requests for transfer of data or funds by using phone verification as part of two-factor authentication.
  • Set a standard for reconciling accounts daily and ensure that authorized signers are not the same people doing the reconciliation.
  • Subscribe to fraud prevention tools to help protect against unauthorized payments; some of the most essential include Positive Pay, ACH Debit Blocks, ACH Filter, Universal Payment Identification Code (UPIC) and Dual Control Security, among others.

Although fraud continues to be a major concern for businesses, the banking industry has taken proactive steps over recent years to help mitigate it. Union Bank, for example, has invested in the technology, tools and expertise to better support early detection and prevention and safeguard our clients’ businesses from loss due to fraud. Only with an aggressive two-line defense—your efforts combined with ours—can payment fraud be reduced, if not prevented.

Get started with a Commercial representative

Schedule a call