How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
1. Here’s how to ensure your business is protected against payment fraud.
Payment fraud has become a widespread issue for businesses of all sizes and sectors. According to a 2021 survey
conducted by the Association for Financial Professionals (AFP), three out of every four companies have received targeted
payment fraud attempts during the previous year, with business email compromise (BEC) being the most common method
of attack.
For certain industries, taking proactive steps to prevent payment fraud is especially important. According to
an advisory (https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2019-a005) published by the Financial
Crimes Enforcement Network (FinCEN), the industries most frequently targeted by criminals are construction, commercial
services, and real estate.
The real estate industry is a particularly appealing target for fraudsters, with attempts targeting this industry increasing
more than tenfold over a two-year period according to FinCEN. Several key factors make real estate transactions
particularly vulnerable, including:
Examples of Payment Fraud
Payment fraud can take many forms. Here’s a look at some real world examples of payment fraud among companies in
the real estate sector:
The large dollar amounts associated with real estate transactions
●
Access to readily available public records
●
Ease of impersonation via email
●
Lack of strong authentication processes within the industry
●
Case #1: Internal, ACH, and check fraud. An affordable housing developer learned that a former controller had
been using company funds to pay personal bills via ACH. The client also learned that checks had been duplicated and
attempted to be cashed.
●
Case #2: Wire fraud. An office manager at an affordable housing developer and property management company
received an email that appeared to be from the company CFO, requesting a wire transfer of funds to another
institution. The office manager fulfilled the request, and the company later learned the email had been fraudulent.
●
Case #3: Business credit card fraud. When seven business credit cards were compromised within three weeks, the
owner of this multi-family and affordable housing client had his personal credit card shut down because his Social
Security number was connected to those business cards.
●
How to Safeguard Your Business from Payment Fraud
(/personal-
banking)
2. How to Prevent Payment Fraud
Taking proactive steps to prevent payment fraud is a necessary part of risk management in today’s business landscape.
One of the most effective ways to protect your business is by educating yourself about common threats and training your
employees on how to identify fraud attempts.
“Establishing internal controls to prevent payment fraud is no different than having a business continuity plan in case of a
disaster,” says Jeff Taylor, Commercial Fraud Forensics and Payment Strategies at Regions Bank. “It’s something you need
to do.”
Here are several steps you should take to protect your business against payment fraud:
1. Train your staff
Hold regular training for staff members so they can learn how to spot the signs of payment fraud. Your employee training
program should cover how to spot fraud as well as best practices to proactively prevent it, such as the STOP – CALL –
CONFIRM method. When an employee receives an unusual or suspicious request, they should stop, contact the individual
the request appears to be from using a known phone number or email address, and confirm the details of the request
before proceeding.
2. Be on the lookout for suspicious emails
According to the AFP’s report, email is the most common method of attack. There are two main types of
fraudulent emails (/insights/commercial/risk-management/email-fraud-survival-guide) to keep an eye out for:
phishing emails and business email compromise (BEC).
How to Safeguard Your Business from Payment Fraud
How to Safeguard Your Business from Payment Fraud
Learn more about
how to create an anti-fraud training program (/insights/small-business/risk-management/anti-fraud-training).
●
Phishing emails: Criminals create realistic-looking emails purporting to be from a familiar business such as your
bank, a package delivery company, your cell phone provider, or a popular online retailer. If a recipient clicks on the
link and enters any sensitive information, the criminal can steal this data and use it for malicious purposes. If you
receive an email or text message that you’re unsure about, avoid clicking any links. Instead, manually enter the site’s
URL into your browser, or contact their customer service team for guidance.
●
3. 3. Set up dual approval processes
In addition to knowing how to spot the signs of a payment scam, it’s also important to
prevent fraud with internal controls (/insights/commercial/risk-management/fighting-fraud-with-internal-
controls)
. Set a dollar amount threshold and require two-employee approval for any transactions exceeding this amount. Requiring
two sets of eyes on large transactions decreases the chance of a fraudulent payment going through, while also protecting
your business against
occupational fraud (/insights/commercial/risk-management/protect-your-business-from-occupational-fraud).
4. Avoid use of paper checks
While the use of paper checks has gone down over time, check fraud remains high. Criminals continue to target these
transactions because the time it takes for a check to process provides leeway for criminals to get away. While technology
has made it easier than ever for criminals to create realistic-looking checks using stolen account information, some
fraudsters also use low-tech methods, such as altering the name or the amount on a legitimate check.
Commercial Insights with Regions Bank
Safeguarding Your Business From F
00:00 | 13:05
In episode 2 of our podcast (/insights/commercial/risk-management/safeguarding-your-business-from-payment-fraud), Taylor
provides actionable insights to help businesses identify and prevent financial fraud.
5. Practice strong cybersecurity
Because criminals can also target more modern payment methods by exploiting network vulnerabilities, it’s also
important to
boost your cybersecurity efforts (/insights/small-business/operations/essential-cybersecurity-strategies-to-keep-
your-business-safe)
. In addition to best practices such as using an encrypted wireless network, be sure to establish the following safeguards:
Business email compromise: BEC scams rely on impersonation emails that appear to be from someone the recipient
knows, like a vendor or a company employee. Scammers often use information gleaned from public records and
social media to make these emails appear legitimate. If you receive an email asking for a payment or requesting a
change in vendor payment terms, call the sender at a number known to you to verify the request. If the email appears
to be from an internal employee, remember to stop and verify the request with someone else at your company. Don’t
respond to the email or call the number listed in the email — it may be controlled by an impersonator. Instead, use
known contact information to verify the details.
●
Regions’ iTreasury (/treasury-management/itreasury) platform allows users to set up flexible security controls,
establishing specific permissions based on each user’s role.
●
To help reduce the risk of check fraud, consider implementing
Positive Pay (/treasury-management/fraud-prevention-resources/positive-pay), which allows you to compare and
verify the checks you issue to those presented for payment against your account.
●
Require employees to communicate via company email addresses. The use of free email accounts
(yourcompany@gmail.com, for example) can make it easy for scammers to impersonate your business.
●
Set up
multi-factor authentication (/insights/wealth/family/protecting-assets-and-family/how-does-two-factor-authentication-
work)
for all company accounts and require employees to do the same.
●
Use strong passwords and avoid using the same credentials on multiple platforms.
●
4. 6. Monitor account activity
Often, payment fraud victims don’t realize a crime has occurred until months after the event, making it harder to figure
out what happened and mitigate damages. Spot issues early by appointing someone to monitor account balances regularly
and report any suspicious activities, or use a product designed to do so.
Protecting Your Business
In addition to the above steps, your Regions banker is a good source of information about the latest trends in payment
fraud, as well as products and services designed to help you
stop fraud attempts (/treasury-management/fraud-prevention-resources) against your business. To learn more about
ACH Alert, Positive Pay, and other tools to help you protect your business against fraud, visit regions.com/stopfraud.
For more tips to help you protect your business against fraud and improve your cybersecurity, visit
Regions.com/FraudPrevention (/fraud-prevention/business-fraud).
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds
its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect
their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves
daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur.
Visit regions.com/STOPFRAUD, or speak with your Banker for further information on how you can help prevent fraud.
References or links to third-party websites do not imply endorsement.
Regions provides links to YouTube and other websites merely and strictly for your convenience. The site is operated or
controlled by a third party that is unaffiliated with Regions. The privacy policies and security at the linked website may differ
from Regions' privacy and security policies and procedures. You should consult privacy disclosures at the linked website for
further information
(/personal-
banking)
nk) (https://www.facebook.com/regionsbank) (https://www.instagram.com/regionsbank/?
hl=en)
(https://www.pinterest.com/regionsbank/) (https://www.
financial-corp
Consider implementing ACH Alert (/treasury-management/fraud-prevention-resources/ach-alerts), which
automatically monitors ACH debit activity to alert you of any unauthorized or suspicious transactions or transactions
above a specific amount or transaction level. Clients then have the option to decline ACH debits.
●
Personal (/personal-banking)
Small Business (/small-business)
Commercial (/commercial-banking)
Wealth (/wealth-management)
Resources (/insights/personal)
About Regions (/about-regions) Investor Relations (https://ir.regions.com/) Economic Reports (/about-regions/economic-update)