Three ways to identify payment fraud

In fact, according to a 2022 report¹ by PwC, 60% of Canadian organizations experienced fraud in the previous 24 months—nearly 10% higher than global fraud rates. The report revealed that 73% of the organizations surveyed reported that the pandemic has accelerated the risk of fraud.

Global e-commerce losses due to payment fraud were estimated at $41 billion in 2022² and online fraud losses are projected to reach $343 billion globally by 2027.³ So how can business owners stay safe from the various forms of payment fraud – like business email compromise, phishing, chargeback scams, vishing, smishing and card-not-present fraud - they could fall victim to?

As with anything, knowledge is half the battle.

Here are three common ways that fraudsters try to trick management and employees into accidentally directing their money into the pockets of scammers.

1. Urgent payment requests

   Urgency is often used by fraudsters as a method to trick business owners into making bad decisions.

   If you receive communications from a potential customer or partner that demands you respond or act immediately, you are being asked to make decisions without having the time to properly evaluate them. This can lead to making payment transfers to fraudulent destinations, and a series of challenges trying to recoup those funds.

2. Unexpected changes to payment information, location, or timeline

   When you have an ongoing relationship with a partner or customer, often relatively standard and repeatable payment processes are developed.

   Typically, you can expect to send money to the same location time and time again with each customer, but last-minute changes in wire instructions or recipient account information can be an easy-to-identify sign that the invoice you are about to pay may end up in the wrong hands.

   Similarly, last-minute changes in payment terms or methods – such as requests for pre-payment for goods and services, accelerated payment timelines, or payment via credit card instead of wire transfer – telling you to confirm details before issuing payment can be another red flag.

3. Unexpected changes in communication methods or documents

   Odds are that if you have established an ongoing relationship with a partner or customer, you tend to communicate by one method – be it phone, email or otherwise. That does not necessarily mean that specific way will be the only method used to interact, but it should give you pause when important requests or information are shared in a new or infrequent manner.

   For instance, if you have become accustomed to communicating with a partner by email nearly exclusively, a request for important information (such as payment details or account numbers) via SMS (smishing) or from a different email address (phishing) – should be treated with extreme caution.

   Sudden changes in established communication platforms or email could be a sign that the person on the other end of the line may not be who they say they are.

   Similarly, an unexpected URL or attachment in an email – even from a trusted address – could be another area of concern. Emails can be spoofed, meaning those unexpected attachments could contain malware that could compromise your systems, or URLs could send you to genuine-looking websites that may not be what they appear. If you were not expecting the attachment or URL, chances are it may be a phishing attempt meant to trick you into making a payment or sharing information that could come back to haunt you.

Unfortunately, there is no silver-bullet measure that will keep business owners safe from every form of payment fraud they may encounter. But there are several measures that can help them identify vishing, business email compromise, chargeback scams and any other form of fraud attempt early and limit the damage that could be done to their business.

The single most effective fraud prevention measure a business owner can undertake is educating their employees about what to look for. The more knowledgeable that employees (from the C-suite to the front-line customer support staff) have about scams, the more likely they are to identify payment fraud attempts before they happen.

Verification is another important element. If changes are being requested to established payments processes – such as methods, timelines or otherwise – make sure to reconfirm with the receiving party through an alternate, established communication method. For example, if a request for an urgent payment was received via SMS (aka smishing), ensure to confirm with a trusted contact at the requestor’s organization by phone.

Lastly, if a payment fraud attempt is caught AFTER payment has been issued – act quickly. Notify your financial institution, the Canadian Anti-Fraud Centre and your local police department as soon as you can. Each can help you take steps to try to recoup any potential losses and catch the fraudsters before they target others.

Working with financial partners that can provide you with the tools you need to stay on top of your accounts and transactions can help you to identify any out-of-the-ordinary activity early. For instance, HSBCnet Mobile Banking allows you to access recent transactions and account balances at any time right from your mobile device, meaning you can keep a close eye on cash flow in real time. Services like HSBCnet also feature Multi or Dual Authentication (2FA) to limit the potential for bad actors to access your accounts, as well as Dual Transaction Control that requires two separate users to authenticate a transaction before it’s executed. Account Reconciliation and Positive Pay – two products available in HSBC’s cash management solutions – can also help the fight against cheque fraud by providing checks-and-balances before it’s too late.

Contact HSBC to find out more about how your business can fight back against payment fraud.