Three quarters (73%) of UK businesses believe that fraudsters who carry out payments fraud are now ‘ahead of the industry’, according to the third annual Business Fraud Report from Vocalink, a Mastercard company.
Despite one in five (22%) reporting someone has previously attempted payments fraud on their business, and a further one in ten (12%) falling victim to this type of scam, many still don’t have a system set up to deal with it. Only 32% of UK businesses have tightened their processes to deal with payments fraud and nearly one in five (17%) say their accounts team don’t have any processes in place.
This lack of action may be in part due to continued low awareness of the types of scams fraudsters use. Payments fraud can come in many guises such as invoice and mandate fraud, as well as CEO fraud when a fraudster poses as a senior decision-maker within the business and emails employees to transfer money to a particular account. Unfortunately, a quarter (26%) of UK businesses are still unaware of these types of scam, with half (53%) saying the biggest barrier to protecting their business against fraud is not knowing enough about how fraudsters are able to attack.
Fraud can have a devastating impact on companies large and small. Almost four in ten (37%) business owners or MDs who have either been a victim of payment fraud, or know a business who has been, report that thousands of pounds were lost as a result. One in ten (10%) even contemplated closing their business.
With fraud costing the UK hundreds of millions of pounds each year1, businesses are calling for more support. 82% want the banks and government to do more to protect the business community.
In the UK, the industry is already working hard to support businesses and combat payments fraud with new technology solutions being developed to tackle it. For example, the Vocalink Services Corporate Fraud Insights solution flags suspected fraudulent transactions for businesses early on by applying advanced analytics and behavioural rules to payments data. Live with NatWest, it helped to prevent £7 million in losses in just the first 12 months.
However, the next step is better enable the financial institutions to repatriate stolen funds to the victims of fraud and scams. Unfortunately, under current law once funds have been moved to an alleged scammer, the customer no longer has legal title to them. This generally means a court order is needed to return the funds, so the finance industry is calling on the government and regulators to work with them to resolve this.
David Rich, Executive Vice President, Vocalink Services, commented:
“Payments fraud costs the UK hundreds of millions of pounds each year, and our report shows a widespread fear among UK businesses that fraudsters are now one step ahead of them. Yet, at the same time, there seems to be a worrying lack of understanding of the importance of protecting the business against payments fraud.
“Fraudsters use highly sophisticated methods to trick their victims into sending money in good faith to an illicit account. Our Corporate Fraud Insights solution can help banks work with their business customers to investigate risky transactions early on, but we’d also like to see the government and regulators make it much easier for victims to get their stolen money back. We also encourage businesses to better protect themselves, for example by double-checking invoices, educating their teams, or putting in place additional checks and processes before payments are submitted.”
Katy Worobec, Managing Director of Economic Crime at UK Finance, commented:
"This report shows the devastating effect that fraud is having on UK businesses. With criminals becoming ever more inventive when it comes to scamming money from companies, it's imperative the financial services sector continues to work together to prevent existing and emerging types of fraud. The industry is constantly investing in advanced security systems to protect customers, and successfully prevents £2 in every £3 of attempted unauthorised fraud. The development and deployment of innovative technological solutions are a key part of this fight.
"As the industry continually improves its response to fraud, it is important that other sectors play their part by securing customers' data. Businesses need to take additional steps to better protect themselves from falling victim to scammers. At the same time we are supporting law enforcement in disrupting criminals and assisting the government in improving intelligence sharing, both of which are crucial in tackling fraud."
Vocalink has also produced some advice on steps businesses can take to help protect themselves:
1. Be vigilant - make business fraud the business of everyone, not just the accounting teams. Train client-handling or account-facing teams about the risks & implications of business fraud, and how to identify the signs.
2. Authenticate - verify any requests from the MD, CEO or board through a tiered system where emails and telephone conversations requesting movement of monies are verified by a second contact.
3. Introduce checks - instigate checking of communications amongst finance and account-handling teams such as email addresses, use of English, and written mistakes in the email. Encourage a system whereby suspect emails are checked by a second team member.
4. Protect - anti-virus software should be kept up to date, and computer systems must be secure. This is not an additional cost but an essential part of day-to-day business practice.
5. Be alert - pay special attention to any request from suppliers or clients for payment details to be changed, especially via email or fax. Fraudsters will often use social engineering to trick staff into updating details. Employ a secondary validation process by calling a known number/contact at the supplier to verify the request is legitimate.