Frauds and scams in a business can devastate its reputation and finances. As people become aware of these frauds, fraudsters are becoming creative. To protect against these frauds, business owners need to learn about them, educate staff, and implement advanced preventive measures.
This guide will cover some payment frauds that have been trending for the past few years and are evolving significantly.
- Top 4 emerging payment frauds globally
- What are the best practices for securing payments?
- Wrapping up
Top 4 emerging payment frauds globally
1. Business email compromise and invoice frauds
A business email compromise is similar to an email from a trusted third party containing a request for funds transfer or payment and bank information. These fraudsters are usually someone you trust, like a senior executive or a vendor.
Similarly, invoice redirection is another malicious practice by fraudsters using social engineering to change the payment information on legitimate payable accounts. They often impersonate a supplier by asking for invoice fulfilment and provide the scammer’s bank details instead of the original supplier’s. These scammers send the billing statement via emails and ask for immediate bill settlement.
Ways to avoid them:
- Providing end-user Education and Training to identify threats and spear-phishing attempts
- Creating policies to check accounts, invoices or payment changes in the company
- To confirm a fund transfer request, executing callbacks to authorised contacts only
- Implementing strong internal controls to prohibit payment initiation via email
- The senior management needs to sign off on transactions above a certain threshold, say £1,500.
- Implementing two-factor authentication or other security measures before payment initiation
- Adopting colour-coding emails to identify external emails more readily
- Implementing intrusion detection systems that identify emails with suspicious extensions
- Restricting emails where the reply address is different from the sending address
2. Account takeover
ATO or Account Takeover is a scam where scammers gain access to one or multiple users’ accounts by phishing, malware, or hacking and stealing their credentials to complete unauthorised transactions. It makes up 12% of the attempted or actual payment frauds.
Last year, the online retailers observed a spike in a specific type of ATO known as buy-online-pickup-in-store. These fraudsters are becoming more innovative and opportunistic, using automated methods like script creation and credential stuffing to steal data and make ATO frauds easier.
The only way to avoid them is by educating users on recognising suspicious emails and validating the legitimacy of sensitive requests.
3. Man in the middle
Man in the middle or pharming scam occurs when a hacker steals sensitive information during data transmission between two other parties online.
Payment frauds are shifting from credit cards to e-wallets and social media-based transactions.
For example, a client is trying to log in to their online banking service. He then enters credentials and scans the QR code when a message appears in a different language asking him to re-enter his credentials for enhanced security. After re-entering the credentials, an error message appears on the screen saying the site was unavailable. This situation occurs when a man in the middle attacks is causing the second QR code to be displayed by a hacker to collect the victim’s account credentials.
To avoid such fraud, you must carefully study a payment page before initiating any payments. Plus, try to avoid those payment options which don’t allow for disputes or refunds. Make payments via a legalised payment gateway that often provides money back to ensure customers that they are on authorised sites.
4. Card-not-present frauds
Card-not-present or CNP fraud occurs when a scammer attempts to make a credit card transaction while not possessing the actual card. It is possible only when an individual provides his credit or debit card numbers to a fraudster by mistake, or cards are lost or stolen, a diverted mail or a malicious virus copies the card number and pins.
With the help of credit card skimming and pin capturing devices, these fraudsters capture data from the magnetic stripe on your card’s back. Scammers commonly use these cards at ATMs, petrol pumps, or other POS devices.
Increased payment digitisation has opened the door to new opportunities for cybercriminals, where the fraudsters use card details to make unauthorised online purchases, in many cases without any verification.
What are the best practices for securing payments?
To prevent payment fraud in your organisation, you first need to understand where the threats are coming from and then find preventive measures.
Some internal controls that you can implement in your company are:
1. Learn about the frauds
As an owner, you are responsible for staying updated with business frauds trending globally and learning how to manage them. Attend seminars and webinars, read expert blogs, and follow industry-related news publications and other government resources.
2. Educate employees
Several fraud attempts come through phishing and cross the disk and emails of employees; educating them on how to recognise these frauds and the first line of defence is essential. Most importantly, small and medium-sized businesses are vulnerable to these attacks under the assumption that they have a low-security measures.
3. Use two-factor authentication
The two-factor authentication is a new method in the market that grants access to a website, application, or payment system, only after the user gets an authentication depending on at least two pieces of evidence.
Asking for a password may be the first step of authentication, while the other may include a key card or security token, biometric verification, or GPS identification of the user’s location.
The two-factor authentication creates an additional layer of protection if the user’s login credentials become compromised.
4. Segregation of duties
You must segregate duties among your employees to reduce internal fraud risks. Allowing a single employee to access the entire payment process may allow him to breach the whole system while dividing tasks among more than one staff can protect you from fraud.
5. Daily finance review
You must keep tabs on your bank accounts, monitor the transactions daily, and reconcile records to support inconsistencies before a problem arises.
6. Validation of payment details
To further avoid the risk of payment fraud, you can add multiple validation layers to any transaction or payment information updates.
For example, if a single person is responsible for verifying a payment, any compromise to him or their access can result in problems. But, the second validation point reduces the chance of fraud unless both are compromised in the attempt to succeed.
Several payment frauds are evolving with the rapid growth of digitisation, e-commerce, and online payments. Every business must stay prepared ahead of time to deal with any malware attacks immediately. You can seek professional advice to implement better prevention measures and protect yourself or your business from fraudsters.