Business email compromise (BEC) was the largest reported source of attempted or actual payments fraud attacks last year, according to the 2020 AFP Payments Fraud and Control Survey, underwritten by J.P. Morgan.

Sixty-one percent of treasury and finance professionals who experienced attempted or actual payments fraud reported BEC as the source, marking the first time BEC topped the list of sources of fraud attempts. Seventy-five percent of all organisations were impacted by BEC in 2019, down from 80% the year before.

Fully 81% of organisations reported being targets of an attempted or actual payments fraud attack in 2019. This is the second highest percentage in the past decade and reflects the uptick in attempted or actual payments fraud reported over the past few years.

“Payments fraud and business email compromise in particular have been thorns in financial professionals’ sides for years, but this recent surge is especially concerning,” said Jim Kaitz, president and CEO of AFP. “Organisations can better contain BEC scams by educating and training their employees, as well as adopting processes to validate payment requests internally.”

“Institutions shouldn’t wait until they’ve become victims of fraud to take the steps necessary to prevent it,” said Alec Grant, head of Client Fraud Prevention for Commercial Banking at JPMorgan Chase. “It’s encouraging to see financial leaders are taking this threat seriously as a majority of attacks can be prevented by putting the right controls in place.”

Other highlights of the 2020 AFP Payments Fraud and Control Survey include:

• Financial leaders at 80% organisations are educating and training employees on detecting BEC more efficiently, but more than half the respondents reported that BEC controls are challenging to implement.
• Cheques have remained a top target for attempted and actual fraud - 74% of organisations reported experiencing cheque fraud, up 4% from the year before.
• ACH payment methods appear to be of more interest to fraudsters, with results revealing a slight increase in ACH credit fraud (22%) and ACH debit fraud was unchanged from 2018 at 33% but a 5% increase from 2017.
• Nearly 60% of organisations have a fraud policy in place to combat and respond to fraud.

More than 500 treasury and finance professionals responded to the survey.