The 2021 numbers are in... and fraudsters are still gonna fraud.
Both the Association of Financial Professionals 2022 Payments Fraud and Controls Survey and the FBI's Internet Crime Report for 2021 recently published, and while there were no big surprises, there were a couple of points that are worth pondering.
First, the good news! Attempts and actual frauds appear to be down year over year (71% in 2021 vs. 74% in 2020). There are no conclusive data points to explain why, but there is a notion that education is paying off for those who are usually targeted. Our counterpoint to this? Fraud tactics evolve all of the time. So be sure your employee education also evolves at this rate: all of the time.
Second, the bad news! A good chunk of you (17%!) are not doing any payment beneficiary, aka, supplier banking verification. And those of you who are? You are not necessarily checking every one of your suppliers banking data in your verification process. Or, more likely, you believe your process is being followed 100% of the time, but have not actually audited it to be certain.
In February we had a live event with Christopher Arehart, SVP Product Manager a at Chubb where we were reflecting on the 2021 AFP survey, where 65% of respondents said they had a process in place to verify banking. From his seat as the product manager for crime, where he sees the aftermath of successful payments fraud scams daily, he offered this:
|“ I would call out these statistics as aspirational, at best. I don't see 65% of submissions (for insurance policies) actually making phone calls. They may have a policy that says you're supposed to be doing it, but when push comes to shove, it's not really happening.”|
Bernallio County, New Mexico sent nine payments to a fraudster. How? Their process wasn’t followed, and no one was auditing it. It’s worth noting that in this case, even if the process had been followed, it does not appear to involve verifying the bank account ownership.St. Peterborough, NH paid a $2.3M price for a “simple human failure to follow established procedures [which] allowed the scam to succeed…” This one was three payments initiated by three different fraud scams in four weeks. In each of these instances, the process was not followed.
Payments Fraud and Your Vendor Master: The Risk Inherent in Your Verification Process
June 7, 11 AM