While check fraud declined a bit last year, there was a marked pick-up in fraud involving credit and debit cards, according to the Association for Financial Professionals’ annual survey of payment fraud.
Sixty percent of the almost 450 corporate finance practitioners who responded to the AFP survey said their company experienced fraud or attempted fraud involving payments last year, little changed from 61% in 2012. The portion of companies experiencing attempted or actual payment fraud has fallen in recent years from a peak of 73% in 2009.
Magnus Carlsson, AFP’s manager of treasury and payments, suggested the decrease reflects the decline in the use of checks that occurred over the same time frame. “Since fraud is so high on checks, any little movement in check use should have a greater effect when it comes to fraud,” Carlsson said.
Checks are still the weakest link, with 82% of the respondents who experienced fraud last year citing fraud or attempted fraud involving checks, down from the 87% that saw check fraud in 2012. (See Figure 1 below.)
While fraudulent activity involving checks declined, fraud involving cards took off. Forty-three percent of respondents experienced fraud or attempted fraud involving credit or debit cards last year, up from 29% in 2012.
“That’s the one that stands out, the rising fraud in cards,” Carlsson said, noting that the increase occurred even though the survey shows the use of cards for business-to-business (B2B) payments declined between 2012 and 2013.
Fraudsters that previously targeted checks may have switched to cards, Carlsson said. And U.S. companies continue to use cards that are lacking from a security standpoint, since the EMV chip-and-pin cards that are now standard in many parts of the world haven’t yet been implemented here, he noted. “So it may be a trend that’s even migrating from overseas.”
Cards using EMV technology are due to replace the current cards, which use magnetic stripes, in the U.S. by October 2015, and the survey respondents were generally optimistic about that development. Twenty percent expect the switch to EMV cards to result in a major reduction in card fraud, while 72% expect some reduction. Just 8% predicted the new technology will have no effect on the level of fraud.
But in Whac-A-Mole fashion, about two-thirds of respondents think the anticipated decrease in card fraud brought about by chip-and-pin cards will result in an uptick in some other type of payment fraud. Fifty-four percent predict an increase in check fraud, 27% a rise in fraud involving ACH debits, 10% an increase in fraud related to wire transfers, and 8% an increase in ACH credit fraud.
“The fraudsters will go after the easiest one,” said Carlsson, pictured at left. “You just have to stay on top of them.” He noted that other countries that have implemented EMV have seen a decrease in card-present frauds but a pick-up in fraud involving transactions in which cards aren’t physically present, like online or over-the-phone sales.
Companies seem to be pushing back hard against payment fraud, a development the report links to the huge data breaches that Target and Nieman Marcus reported late last year. Twenty-nine percent of the respondents said they have adopted more security measures, and another 34% said they plan to do so in the near future.
The efforts to bolster security may also reflect the fact that in October 2015, the liability for fraudulent transactions will shift from card issuers to the companies that accept credit or debit cards from customers. Twenty-two percent of companies that accept cards from customers said the change will have a significant impact on their investment in card-fraud security measures, while 50% said it will have some impact on their investment.
Asked about current methods of securing customer data and company accounts, 74% said they perform daily reconciliations of the company’s transactions, while 73% are reviewing and strengthening internal procedures and controls. Almost half (49%) said they are adopting a stronger method of authentication or adding layers of security to requirements for accessing bank services, and 44% are making sure the company’s disaster recovery plans include provisions to maintain strong controls around accessing networks.
Other methods of payments aren’t immune from fraud. Twenty-two percent of the finance practitioners surveyed said they experienced actual or attempted fraud involving ACH debits last year, down from 27% in 2012; 14% cited wire transfer fraud or attempted fraud, up from 11%; and 9% ACH credit fraud or attempted fraud, up from 8%.
Four-fifths of the actual and attempted payment frauds last year were perpetrated by people outside the company, with just 11% of frauds the responsibility of company employees and 8% the responsibility of third parties or outsourcers.