Features, Regulation, fraud

5 common types of payment fraud that hurt businesses

Modulr By Modulr on 27 August 2020   •   6 mins read
<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >5 common types of payment fraud that hurt businesses</span>

Many types of payment fraud are on the rise in the UK. Businesses and their employees need to stay hyper vigilant about potential scams. But it’s not always easy to spot the signs.  

Our Chief Operating Officer has previously written about how fintech is better protecting customers from fraud, and we're continually adding new features like Confirmation of Payee to reduce fraud. By making our customers aware of fraudulent tactics, we also hope to reduce the likelihood that you could fall victim to a scam.

Here are some of the most common types of payment fraud that impact businesses, followed by our recommendations to help your company stay safe and prepared.  

1. Cheque fraud 

To consumers, cheques might seem like a relic of the past, but many businesses still use them for high-value payments. And high-value transactions tend to attract criminals, who have found ways to exploit this old payment method. According to UK Finance, £53.6 million was lost to cheque fraud in 2019 – a value increase of 161% on the year before.

The vast majority of cheque fraud is what’s known as ‘counterfeit cheque fraud’ – where fake cheques are created from scratch that look incredibly realistic. These are cashed by scammers and used to draw funds from real business accounts.  

There are also instances of genuine cheques being stolen and used by scammers. A fraudster may steal a cheque and use it to forge the victim’s signature elsewhere. Or they may alter an existing cheque by editing the account number or name of the recipient. 

2. Malicious payee scams

“If it sounds too good to be true, it probably is.” It’s a mantra that’s often forgotten online – and many people suffer the consequences. 

Also known as purchase scams, these attacks tend to happen through social media, online auctions or ecommerce sites. The victim sees an online business advertising an amazing price or deal. They pay for the goods or service, but never receive anything.  

Often the buyer is convinced to pay via a bank transfer rather than using a more secure payment option – this means they can’t request a chargeback as easily and the criminal quickly disappears with the money.  

While the majority of purchase scams affect consumers, companies are also at risk of buying goods that don’t exist. UK businesses lost £7.9 million to purchase scams in 2019. 

3. Malicious redirection fraud

Also known as invoice or mandate scams, these often target accounts payable and finance employees. The victim attempts to pay an invoice to a legitimate recipient, but a fraudster intervenes and convinces them to redirect the payment to a different account.  

This happens through social engineering. The attacker does research beforehand and performs a convincing impersonation of an existing supplier through email or phone, asking for account details on an invoice or mandate to be changed. In more sophisticated versions of the scam, the criminal may gain access to a supplier’s email account and send requests directly.  

Invoice scams cost UK businesses £82.4 million in 2019.  

4. CEO or BEC fraud

CEO fraud, also known as business email compromise (BEC) fraud, is when a criminal emails or calls an employee pretending to be the CEO. They ask for an urgent payment to be made or for account details to be changed on an invoice. You guessed it – the money ends up in the criminal’s account. 

CEO fraud has been around for a long time and it’s a problem that’s still on the rise. UK businesses lost £16.5 million to CEO fraud in 2019. If you’ve worked in any office for long, you’ve probably seen obviously fake emails purporting to be from your CEO, but criminals are getting increasingly sophisticated with their techniques. 

These days they’re often highly targeted attacks. Fraudsters may spend weeks or even months researching a target to make the scam as convincing as possible. And they’re after big pay-outs. Sometimes really big – in 2019, an employee at a company in Japan was reportedly tricked into paying $29 million to a fraudster’s bank account.

5. Other impersonation scams 

CEO fraud isn’t the only kind of impersonation scam you need to worry about. Lesser known impersonation scams, like fraudsters pretending to be utility providers or government departments, can also catch employees off-guard. These attacks cost UK businesses £14 million in 2019. 

These impersonation scams may rely on a mass-attack approach like phishing, or they can be highly targeted. Many scam artists are even taking advantage of the COVID-19 pandemic by pretending to be from the government and calling employees to offer COVID related grants, funding or tax relief. 

How to protect your business 

Falling victim to these scams can be disastrous for a business of any size or industry. The financial losses can be hard to reclaim, it can damage your reputation and customers’ trust, and it can be highly stressful for the employees involved. 

Fortunately, there are steps you can take to protect your company. Many of these attacks – malicious redirection fraud, payee scams, CEO and impersonation fraud – rely on employees authorising an online payment to an illegitimate account.  

Modulr has recently launched Confirmation of Payee (CoP) which helps to stop many of these online payment scams in their tracks. CoP checks whether the recipient’s account name matches the account details held by their bank – and warns the payer if there’s any discrepancy. 

Of course, CoP doesn’t catch all kinds of payment fraud, so it’s important to remain vigilant about any unusual payment request. Stop and ask for more information if you’re even a little bit suspicious about a payment. Teach all of your employees to do the same, and how to recognise the red flags.  

Finally, there are also ways to avoid cheque fraud: always fill cheques in with a ballpoint pen, draw a line through unused spaces and keep your chequebook under lock and key. Or consider a more secure method of paying suppliers. Many businesses now use temporary virtual cards as a safer way of making time-sensitive payments. 

These are just some of the scams and fraud methods that target businesses. Always be vigilant, and contact Action Fraud if you think you’ve been scammed. 

View our shareable infographic for a quick guide to staying safe in the age of COVID-19. 

Interested to find out more about our Confirmation of Payee (CoP) product? Have a look at our CoP product guide or try it in our Sandbox.