Understanding the Trends in Payment Fraud Attacks
Introduction: Addressing the Challenge of Payment Fraud Attacks
In the dynamic world of financial accounting, the challenge of countering payment fraud attacks is more pressing than ever. Amidst technological advancements and the shift to remote work, legal professionals find themselves navigating a constantly evolving threat landscape. As a trusted source of accounting insights for the legal profession, we are committed to keeping you informed about the latest trends in this critical field. Drawing from JPMorgan’s comprehensive 2022 AFP (Association of Financial Professionals) Payments Fraud and Control Survey Report, this blog post delves into key fraud trends, the impact of remote work, and protective measures gaining traction across industries.
Decline in Payment Fraud Attacks: A Silver Lining
Over the past few years, organizations have reported a significant decline in payment fraud attacks, following the record-high levels in 2018 and 2019. According to the AFP survey, the proportion of organizations falling victim to fraud dropped to 74% in 2020, with a further decrease to 71% in 2021. Despite these promising figures, the necessity for vigilance in combating payment fraud remains paramount.
Remote Work and Payment Fraud: Debunking the Myth
The widespread transition to remote work has raised concerns about its potential impact on payment fraud. However, the survey findings challenge this notion. A considerable 47% of respondents stated that remote work had not contributed significantly to any increase in payment fraud in their organizations. These insights underscore the importance of a balanced perspective when evaluating potential fraud risks in the remote work paradigm.
Business Email Compromise (BEC): A Notable Decrease
In a positive turn, the survey pointed to a sharp decrease in Business Email Compromise (BEC) attacks. The percentage of organizations targeted by BEC dropped to 68% in 2021, marking a significant reduction from the previous year. Despite the decline, organizations must remain cautious of BEC, particularly in Accounts Payable (AP) departments, which are often key targets for such attacks.
Strengthening Defense with Beneficiary Information Validation
To fortify defenses against payment fraud, many organizations are implementing robust validation processes for payment beneficiary information. The survey indicated that two-thirds of respondents validated this information through their vendors/banks or external services, illustrating a proactive approach towards fraud prevention.
Payment Methods and Fraud: Checks and ACH Debits Bear the Brunt
The AFP report highlighted checks and ACH debits as the most susceptible payment methods to fraud, emphasizing the need for specific controls in these areas. Meanwhile, fraud via wire transfers displayed a declining trend, offering yet another encouraging sign in the fight against payment fraud.
The report speculates that the three-percentage-point increase in fraud via ACH debits in 2021 could be a result of one of the following scenarios:
- Companies are shifting checks to digital, and with that shift organizations may also need to make sure the policies and procedures for identifying ACH debits promptly remain in place
- Conducting daily reconciliations rather than monthly
- Utilization of ACH debit filters/debit blocks
- Updating company IDs for filters on a timely basis
- Holding an independent review of the processes done by internal audit
Rise in ACH Credit and Debit Fraud: A Growing Concern
While the findings from the AFP Payments Fraud and Control Survey present a generally promising picture, an area of growing concern lies in the realm of ACH credit and debit fraud. With the Same Day ACH limit increasing from $100,000 to $1 million as of March 18, 2022, heightened vigilance in monitoring bank transactions becomes crucial for companies. Any transactions that appear abnormal, unexpected, or easily returned require immediate attention and swift action.
Fortunately, countermeasures are being put into place to combat ACH fraud. One such measure is NACHA’s ACH WEB Debit Account Validation Rule, which came into effect on March 19, 2022. According to the NACHA Operating Rule Supplement #2-2018, originators of WEB debits are obliged to use a “commercially reasonable fraudulent transaction detection system” for screening WEB debits. This new rule makes it explicit that account validation forms an integral part of any such system.
Specifically, the rule requires originators of WEB debits to validate the receiver’s account number at its first use with a WEB debit entry, and for any subsequent changes to the account number. The WEB/Internet format is used for both one-time and recurring payments initiated by consumers using the internet. As a matter of fact, 38% of the 2021 ACH Network Volume was in the WEB/Internet Format, surpassing both direct deposit volume and B2B volume.
Given these developments, it’s prudent to engage in conversations with your banking or vendor ACH partner about the status of their ACH Format. As the battle against payment fraud intensifies, staying informed and proactive is key to ensuring the security of your organization’s financial transactions.
Impact on Law Firms and Future Outlook
For law firms, these insights offer a roadmap for navigating the complex terrain of payments fraud. With the rise of remote work and digital transactions, law firms – like all businesses – are at an increased risk. However, the data suggests that the transition to remote work may not significantly escalate the risk of fraud. This dispels the prevalent myth and allows law firms to focus on developing robust, comprehensive anti-fraud strategies that go beyond the confines of office premises.
The decreasing trend in Business Email Compromise (BEC) and wire transfer fraud is promising. However, the rise in ACH credit and debit fraud is a matter of concern, especially with the increased ACH limit. Law firms often deal with high-value transactions, which could potentially expose them to increased risk. The introduction of the ACH WEB Debit Account Validation Rule could serve as a significant deterrent, but it’s essential that law firms take proactive steps in engaging with their banking partners to ensure they are adopting this and other protective measures.
Please note that the information provided on this website is for general informational purposes only and is not intended as legal or tax advice. The information is subject to change, and it is important to consult a specialist before making any decisions. Law Ledgers provides accounting services to New York lawyers and law firms, including escrow protection, tax advice and bookkeeping administration. Contact us today for personalized support.