B2B payment fraudsters exploit security holes: Trustpair

Dive Brief:

A wide majority of U.S. companies are insufficiently protected from business-to-business payment fraud due to their reliance on manual deterrence policies that can be easily exploited by scammers, according to Trustpair, a provider of automated fraud prevention services.
A survey conducted by Trustpair earlier this year found that 70% of companies still use phone calls to verify changes to suppliers’ bank account information. But this manual process is very time-consuming, especially for larger companies that have thousands of suppliers, according to Trustpair CEO Baptiste Collot.
“It’s also very risky, because you don’t know if the person on the phone is a fraudster,” he told CFO Dive.

Dive Insight:

Trustpair’s survey found that payment fraud is a growing concern for corporate financial professionals, with 56% of U.S. companies saying they were victims of a fraud attempt in 2022. About one in three respondents said the number of incidents has increased year over year.

Nearly a quarter of fraud victims said they lost more than $100,000, and 5% reported losing more than $1 million.

To combat the problem, companies have put a wide variety of measures in place, including manual reviews for payment change requests, according to Trustpair’s report. “These manual processes do not seem sufficient to fight fraud, especially considering the evolving nature of fraud,” it said, adding that technology can help finance teams “focus on where the risk really is and reduce low-value tasks.”

Last year, the FBI’s Internet Crime Complaint Center received 21,832 complaints involving fraud attempts via “business email compromise” scams, with adjusted losses totaling over $2.7 billion, according to a report released in March.

With such scams, criminals send an email message with a payment request that appears to come from a known source. This can include an emailed invoice with an updated mailing address from an individual impersonating a vendor.

Through its Recovery Asset Team program, established in 2018, the FBI works with financial institutions to freeze funds paid by fraud victims. In 2022, the program’s “financial fraud kill chain” process was initiated in response to 2,838 business email compromise complaints, and a total of about $433 million in payments were placed on hold, representing a 73% success rate, the FBI said.