• Innovation & Transformation
    • Improve Efficiency

Three ways to identify payment fraud

  • Article

Business email compromise. Chargeback scams. Phishing. Vishing. Smishing. Card-not-present fraud. If you are a business owner, there is no shortage of ways that fraudsters can try to separate you from your hard-earned revenue.

In fact, according to PwC more than half of Canadian companies experienced fraud between 2016 and 2018 – a stark increase from the 18% who reported the same just two years priori.

And that was long before COVID-19, which saw a wave of bad actors launch fraudulent scams designed to trick consumers and business owners out of hard-earned money. Canadian businesses and consumers reported more than 21,000 cases of COVID-19-related fraud between March 5, 2020 and May 31, 2021, resulting in nearly $7.5 million in losses during that timeii. And those are just the cases reported to the Canadian Anti-Fraud Centre.

So how can business owners stay safe from the various forms of payment fraud - like business email compromise, phishing, chargeback scams, vishing, smishing and card-not-present fraud - they could fall victim to?

As with anything, knowledge is half the battle.

Here are three common ways that fraudsters try to trick management and employees into accidentally directing their money into the pockets of the bad guys.

  1. Urgent payment requests

    Urgency is often used by fraudsters as a method to trick business owners into making bad decisions.

    If you receive communications from a potential customer or partner that demands you to respond or act immediately, you are being asked to make decisions without having the time to properly evaluate them. This can lead to making payment transfers to fraudulent destinations, and a series of challenges trying to recoup those funds.


  2. Unexpected changes to payment information, location, or timeline

    When you have an ongoing relationship with a partner or customer, often relatively standard and repeatable payment processes are developed.

    Typically, you can expect to send money to the same location time and time again with each customer, but last-minute changes in wire instructions or recipient account information can be an easy-to-identify sign that the invoice you are about to pay may end up in the wrong hands.

    Similarly, last-minute changes in payment terms or methods – such as requests for pre-payment for goods and services, accelerated payment timelines, or payment via credit card instead of wire transfer – telling you to confirm details before issuing payment can be another red flag.


  3. Unexpected changes in communication methods or documents

    Odds are that if you have established an ongoing relationship with a partner or customer, you tend to communicate by one method – be it phone, email or otherwise. That does not necessarily mean that specific way will be the only method used to interact, but it should give you pause when important requests or information are shared in a new or infrequent manner.

    For instance, if you have become accustomed to communicating with a partner by email nearly exclusively, a request for important information (such as payment details or account numbers) via SMS (smishing) or from a different email address (phishing) – should be treated with extreme caution.

    Sudden changes in established communication platforms or email could be a sign that the person on the other end of the line may not be who they say they are.

    Similarly, an unexpected URL or attachment in an email – even from a trusted address – could be another area of concern. Emails can be spoofed, meaning those unexpected attachments could contain malware that could compromise your systems, or URLs could send you to genuine-looking websites that may not be what they appear. If you were not expecting the attachment or URL, chances are it may be a phishing attempt meant to trick you into making a payment or sharing information that could come back to haunt you.

How can business owners protect themselves?

Unfortunately, there is no silver-bullet measure that will keep business owners safe from every form of payment fraud they may encounter. But there are several measures that can help them identify vishing, business email compromise, chargeback scams and any other form of fraud attempt early and limit the damage that could be done their business.

The single most effective fraud prevention measure a business owner can undertake is educating their employees about what to look for. The more knowledgeable that employees (from the C-suite to the front-line customer support staff) have about scams, the more likely they are to identify payment fraud attempts before they happen.

Verification is another important element. If changes are being requested to established payments processes – such as methods, timelines or otherwise – make sure to reconfirm with the receiving party through an alternate, established communication method. For example, if a request for an urgent payment was received via SMS (aka smishing), ensure to confirm with a trusted contact at the requestor’s organization by phone.

Lastly, if a payment fraud attempt is caught AFTER payment has been issued – act quickly. Notify your financial institution, the Canadian Anti-Fraud Centre and your local police department as soon as you can. Each can help you take steps to try to recoup any potential losses and catch the fraudsters before they target others.

Working with financial partners that can provide you with the tools you need to stay on top of your accounts and transactions can help you to identify any out-of-the-ordinary activity early. For instance, HSBCnet Mobile Banking allows you to access recent transactions and account balances at any time right from your mobile device, meaning you can keep a close eye on cash flow in real time. Services like HSBCnet also feature Multi or Dual Authentication (2FA) to limit the potential for bad actors to access your accounts, as well as Dual Transaction Control that requires two separate users to authenticate a transaction before it’s executed. Account Reconciliation and Positive Pay – two products available in HSBC’s cash management solutions – can also help the fight against cheque fraud by providing checks-and-balances before it’s too late.

Contact HSBC to find out more about how your business can fight back against payment fraud.

Need help?

Get in touch to learn more about our banking solutions and how we can help you drive your business forward.