One of the biggest sources of fraud in most organisations is payment fraud. Typically the biggest sources of payment fraud are from:
- cheques particularly in accounts payable and disbursement accounts. In the US, in 2014, 77 per cent of organisations were subject to attempted or actual cheque fraud*;
- card payments coming from card not present fraud, counterfeit card fraud, lost / stolen card fraud and card ID theft. The level of consumer fraud is probably static but still significant, and 34% of companies in the US reported losses in 2014 from corporate or commercial credit and debit cards*
- online payments fraud resulting from hacker attacks, data breaches in company systems and from internal fraud
- automated clearing house payments - in 2014, 25 per cent of companies reported attempted or actual payments fraud involving ACH debits, while the figure for ACH credits was 10 per cent*
(*Source: 2015 AFP Payments Fraud and Control Survey) The key good practices for preventing fraud in payment systems include:
- segregate accounts by account type, payment method, payment type - payroll, claims, and payment volumes
- segregate duties
- dual approval at all critical checkpoints
- monitor and reconcile accounts daily
- centralized fraud protection and governance
- human resources forces vacations and job rotations
- blocking transactions against that you never want debited.
The best practices for controlling cheque fraud include:
- positive pay services in which the paying bank checks that the cheque has been issued by the payer and to whom and has not been stopped, or reverse pay services
- reconcile banking transactions daily
- reconcile bank statements
- centralise cheque issuing (not allowing separate departments to have cheque books)
- operate tight security procedures and segregation of duties for handling and printing cheques
- use alternatives to cheques wherever possible.
The good practices for controlling fraud on payments by card from consumers include:
- use real time, automated systems that identify fraud as it is happening
- ensure for payments on telephone or on the Internet that the address verification services, card security codes, MasterCard's SecureCode, and Verified by Visa are used
The good practices for controlling fraud on business-to-business card payments include:
- requiring original receipts for purchases and/or print outs of web confirmations of purchases
- allocating card spending limits by each employee
- operating a modern and comprehensive card and expense management
- having a permanent business payment card administrator to train cardholders and monitor usage
- putting in place detailed cardholder agreements that both the cardholder and their supervisor must sign.
The good practices for controlling fraud in the online payments made by the company include:
- segregating responsibilities for payment template maintenance and amendment, payment entry and approval
- employing multi-factor authentication technologies such as tokens, digital certificates, secure smart card readers
- ensuring that user IDs are deleted immediately employees leave
- requiring online passwords to be changed regularly.
The good practices for controlling fraud on automated clearing house payments include using:
- a digital identification and approval system for all changes to the database of payments, e.g. payroll and for approval of all batches that are sent to the ACH
- bank positive pay for ACH services in which companies send their bank a list of trading partners authorized to initiate ACH transactions against their account(s). The bank matches the identities of those attempting to credit or debit your company's accounts against this list and kicks out exceptions for review.