While the coronavirus pandemic is disrupting businesses all over the world, there’s one industry that’s booming: payments fraud.
During a pandemic there’s no such thing as “business as usual.” We are all figuring out how to stay productive while we stay at home, and dealing with the stress that comes with a global health crisis. It’s this combination of disrupted business routines and deep anxiety that creates a perfect environment for scams.
Chaos-induced opportunism is not new. Predatory behavior always spikes in the confusion that follows disaster, and the FBI and other industry specific experts are warning that COVID-related scams are already proliferating to take advantage of businesses struggling to cope. The healthcare industry is an expected target during this crisis; just a few weeks ago, someone posing as a legitimate medical equipment supplier scammed a pharmaceutical company out of £6.6M.
BUSINESS EMAIL COMPROMISE IS ON THE RISE
Our customers know that, at their core, every fraudster is an opportunist. They’re looking for existing weaknesses in a process that they can use to gain access to a payment system, often by way of email compromise, in which a scammer will use fake email accounts to reroute legitimate payments. Some scammers are really, really good at this, and they’re getting better all the time.
Under normal circumstances, your team is likely aware of the risk of BEC scams and has even been trained to spot them. But these aren’t normal circumstances: standard operating procedures have had to be reworked or replaced in short order to accommodate stay-at-home restrictions. And when your team members aren’t sure of a new process, they are more likely to make errors in judgment. This uncertainty provides an opportunity for scammers to strike.
We’re hearing from our customers about how this scam “spike” is affecting them. Just last week, we saw a fraudster attempt to divert funds from one of our customers by impersonating a legitimate company by employing a slightly different email address than the real one. They were using real names, real invoice numbers, and other compelling details to try and reroute a payment worth more than $200K. The week before, a customer told us about a vendor email compromise that they noticed when they got an email that seemed to come from one of their vendors, attempting to change the bank account on file. As our customers are verifying the identity of anyone they need to pay, these attempts were foiled and no one lost any money. We know these are the kinds of attacks happening every day to businesses who may or may not have any fraud detection skills. The frauds are real, they are devastating, and they are happening everywhere.
WHAT CAN YOU DO ABOUT IT?
The success of payments fraud schemes depends on human error by someone responsible for sending payments. You can relieve the pressure of decision-making from your individual team members by providing more structure around the payments process. To start, you need to begin (if you aren’t already) enforcing strict protocols and implementing review bottlenecks. Then you need to begin to leverage technology partners to protect users and verify information, especially providing payees access to manage their own information through a secure system, which entirely circumvents the need for managing sensitive information (like bank account numbers and personal data) through vulnerable email accounts. Lastly, adding validation to the payee submitted information before you pay is absolutely critical to preventing payments fraud schemes.
The most urgent reason to do so in a period of increased risk is to provide certainty to those employees who are tasked with handling personal information and payments. Don’t let there be any question as to whether business payments are reaching the intended payee.