Taking a high-touch, human-centric approach might not be the best way to prevent these categories of fraud. In fact, treasury teams may get the most impact from a technology-driven approach in addressing the two most common obstacles to reducing risk: suppliers' continued use of paper checks (37%) and the increasing sophistication of business email compromise (BEC) and social engineering attacks (43%).

Moving From Paper to Digital Payments

By far the most common type of payment fraud occurs when using paper checks, with 50% of survey respondents experiencing this type of incident, whereas methods like wire transfers and ACH transfers are less often associated with fraud (33% and 10%, respectively).

Part of the problem could be misconceptions about security. "When you pay by check, you don't have to identify things like bank numbers, you just have put the name of the payee on it, so it might seem more secure," says Baptiste Collot, CEO of Trustpair.

Yet when using paper checks, companies tend to open themselves up more to the top type of fraud perpetration in the survey — changes to supplier credentials or other information on otherwise legitimate payments.

But even if a company wants to transition to digital payments, suppliers might be reluctant to change. "It's a problem of inertia," says Ramesh Menon, group director, product management, for digital identity and fraud at GIACT. "But we can do a better job as an industry of raising awareness of the risks."

Automating and Digitizing Verification

Companies also need to better address fraud risk, whether that's from paper checks or other payment methods. For example, treasury teams reported that human callback (70%) is the most common validation procedure for verifying supplier information changes.

"It's a huge paradox to see that companies are aware that fraud is getting more and more sophisticated and see this complexity as a major blocker in their fight against fraud, but still think they'll be able to stop fraud with manual methods like human callbacks," says Collot. "You can't fight cyber-attacks with a 'human only' policy"

While some might think training is a good solution here, "that means you're only as good as your newest, least-trained frontline employee," says Menon. "But automation can be constructed to be as good as your best employee. So that raises the standard and equips organizations to deal with fraud more rapidly."

Digital systems can automatically verify areas like whether names match account numbers and if phone numbers match the person purported to be on the call. That helps create a streamlined process, which can support strong supplier relationships.

Saving Time and Money

Ultimately, with manual-only controls "the cost is double, in terms of losing time and money" when fraud is missed, says Collot.

That's not to say that companies should solely rely on automated, digital controls, but these can help speed up verification and identify otherwise unseen risks.

"Technology should be used to enhance humans, not replace them," says Collot. "Software is one line of defense. Humans are one line of defense. You're always more secure having two lines of defense"