While check fraud declined a bit last year, there was amarked pick-up in fraud involving credit and debit cards, accordingto the Association for Financial Professionals' annual survey of payment fraud.

Sixty percent of the almost 450 corporate finance practitionerswho responded to the AFP survey said their company experiencedfraud or attempted fraud involving payments last year, littlechanged from 61% in 2012. The portion of companies experiencingattempted or actual payment fraud has fallen in recent years from apeak of 73% in 2009.

Magnus Carlsson, AFP's manager of treasury and payments,suggested the decrease reflects the decline in the use of checksthat occurred over the same time frame. “Since fraud is so high onchecks, any little movement in check use should have a greatereffect when it comes to fraud,” Carlsson said.

Checks are still the weakest link, with 82% of the respondentswho experienced fraud last year citing fraud or attempted fraudinvolving checks, down from the 87% that saw check fraud in 2012.(See Figure 1 below.)

While fraudulent activity involving checks declined, fraudinvolving cards took off. Forty-three percent of respondentsexperienced fraud or attempted fraud involving credit or debitcards last year, up from 29% in 2012.

“That's the one that stands out, the rising fraud in cards,”Carlsson said, noting that the increase occurred even though thesurvey shows the use of cards for business-to-business (B2B)payments declined between 2012 and 2013.

Fraudsters that previously targeted checks may have switched tocards, Carlsson said. And U.S. companies continue to use cards thatare lacking from a security standpoint, since the EMV chip-and-pincards that are now standard in many parts of the world haven't yetbeen implemented here, he noted. “So it may be a trend that's evenmigrating from overseas.”

Chip-and-Pin to theRescue

Cards using EMV technology are due to replace the current cards,which use magnetic stripes, in the U.S. by October 2015, and thesurvey respondents were generally optimistic about thatdevelopment. Twenty percent expect the switch to EMV cards toresult in a major reduction in card fraud, while 72% expect somereduction. Just 8% predicted the new technology will have no effecton the level of fraud.

But in Whac-A-Mole fashion, about two-thirds of respondentsthink the anticipated decrease in card fraud brought about bychip-and-pin cards will result in an uptick in some other type ofpayment fraud. Fifty-four percent predict an increase in checkfraud, 27% a rise in fraud involving ACH debits, 10% an increase infraud related to wire transfers, and 8% an increase in ACH creditfraud.

“Thefraudsters will go after the easiest one,” said Carlsson, picturedat left. “You just have to stay on top of them.” He noted thatother countries that have implemented EMV have seen a decrease incard-present frauds but a pick-up in fraud involving transactionsin which cards aren't physically present, like online orover-the-phone sales.

Companies seem to be pushing back hard against payment fraud, adevelopment the report links to the huge data breaches that Targetand Nieman Marcus reported late last year. Twenty-nine percent ofthe respondents said they have adopted more security measures, andanother 34% said they plan to do so in the near future.

The efforts to bolster security may also reflect the fact thatin October 2015, the liability for fraudulent transactionsmade on apoint-of-sale terminal that is not fully EMV-capable willshift from card issuers to the companies that accept credit ordebit cards from customers. Twenty-two percent of companies thataccept cards from customers said the change will have a significantimpact on their investment in card-fraud security measures, while50% said it will have some impact on their investment.

Asked about current methods of securing customer data andcompany accounts, 74% said they perform daily reconciliations ofthe company's transactions, while 73% are reviewing andstrengthening internal procedures and controls. Almost half (49%)said they are adopting a stronger method of authentication oradding layers of security to requirements for accessing bankservices, and 44% are making sure the company's disaster recoveryplans include provisions to maintain strong controls aroundaccessing networks.

Other methods of payments aren't immune from fraud. Twenty-twopercent of the finance practitioners surveyed said they experiencedactual or attempted fraud involving ACH debits last year, down from27% in 2012; 14% cited wire transfer fraud or attempted fraud, upfrom 11%; and 9% ACH credit fraud or attempted fraud, up from8%.

Four-fifths of the actual and attempted payment frauds last yearwere perpetrated by people outside the company, with just 11% offrauds the responsibility of company employees and 8% theresponsibility of third parties or outsourcers.