Business Payments Fraud in Times of Chaos: 2023 Edition

by Lana Malizia

Fraud Operations Manager

Back at the start of the COVID-19 pandemic, my colleague Taylor Nemeth wrote Business Payments Fraud in Times of Crisis.

With the recent collapse of SVB and Signature Banks, I thought it was worth revisiting his blog to see what, if anything, has changed.

From his opening:

Chaos-induced opportunism is not new. Predatory behavior always spikes in the confusion that follows disaster, and the FBI and other industry specific experts are warning that COVID-related scams are already proliferating.

Swap out “COVID-related” for “SVB-related” and you have the 2023 version of this blog!

B2B Payments Fraudsters Are Thriving Right Now

Our fraud operations team is on the frontlines of combating B2B payments fraud. At PaymentWorks, we identify and resolve vendor impersonation and social engineering frauds.

We know firsthand how dire it is for organizations to be targeted. In fact, 71% of Business Email Compromise (BEC) attempts targeted AP, treasury and procurement documents.

Here’s the thing. Fraudsters of this ilk have a ball on the average day. But in times of chaos, they start applying their tactics full force. We saw it during the first few months of COVID, and we’re seeing it now.

Additionally, it’s getting harder and harder to protect against fraud. One lingering effect of fraud during COVID is that the pandemic introduced a whole new generation of fraudsters.

This generation has access to inexpensive low- and no-code technology that makes it extremely easy for them to carry out their tactics.

If there was ever a time to invest in making your vendor management strategy more secure, it’s now.

How B2B Payments Fraud Works

When I see a news story about a successful business payments fraud scam, I know immediately how it unfolded.

First, the fraudster found a flaw–most likely a manual process.
Then, they used that flaw to infiltrate the vendor master with fraudulent banking information.
Finally, they received a payment meant for the real vendor.

That is simply how these scams unfold: someone at an organization is tricked into changing bank account info when they shouldn’t.

I always feel a pang for the person who unwittingly made this change to the vendor master file. Even though that person is partly at fault, it’s not the responsibility of one single person to protect an entire organization from fraud.

Rather, business payments fraud protection should be an organization-wide, leadership-supported effort. When an organization is targeted, everyone should mobilize, update their skills, and adjust their efforts accordingly.

Now this can happen any day, at any time. However, organizations with manual vendor management processes are particularly vulnerable in times of market chaos.

The State of B2B Payments Fraud in 2023

Our network data shows that at least 30% of an active vendor list makes a change to their information every year.

Now, with two bank collapses in a matter of days, you’ve likely seen a spike in existing vendor banking changes, creating a ton of extra work for your organization.

Fraudsters love this.

To stay ahead of fraudsters, or at least mitigate the effect they have on your organization, it’s crucial to stay informed.

Here are few statistics about payments fraud you need to know:

In 2022, there were $10.3B in victim losses from just reported cybercrimes.
53% of organizations that experienced either a successful or attempted payments fraud scam reported that the scam was done via BEC.
27% of organizations reported that they do not conduct fraud reviews.

Worried about your manual vendor management processes putting you at risk? Keep reading. We list several actions you can take to improve your security and peace of mind.

Foundational vs. Ad hoc Vendor Master File Management in Protecting Against B2B Payments Fraud

Across the PaymentWorks customer base, we have organizations who understand that investing in the foundation of their vendor master data is the key to positive business outcomes.

No matter what the market throws at them, or how fraudsters evolve their tactics, their strong foundation withstands.

Take a moment to survey your organization’s vendor onboarding and change management process. Ask yourself and/or your team these questions:

How many people are involved?
Who can approve/change information?
Who makes the call on new banking information?

Here’s a quick way to determine the strength of your current process. Does your vendor management process include expecting a human at the vendor desk to spot every type of sophisticated business email compromise scam?

If so, you can count yourself in the ‘garbage in’ category. To quote our recent blog on vendor onboarding trends in 2023,

If your vendor master file is built on a crappy foundation, then a lot of garbage is going to make its way in.

Don’t wait for the next crisis to unfold before you invest the time, the energy and maybe the money into shoring up your foundation.

How to Secure Your Current Vendor Management Process

As we said in our COVID blog:

The success of payments fraud schemes depends on human error by someone responsible for sending payments. You can relieve the pressure of decision-making from your individual team members by providing more structure around the payments process:

Here’s how to begin to make your process less vulnerable to fraudsters:

First, if you’re not already, enforce strict protocols and implement review bottlenecks.
Then, leverage technology partners to protect users and verify information. This includes providing vendors access to manage their own information through a secure system to eliminate the need for managing sensitive information like bank account numbers and personal data through vulnerable email accounts.
Last, add validation to the vendor submitted information before you pay. This is critical to preventing payments and fraud schemes.

I’m one of the people who help foil actual fraud attempts for our customers. And I promise you, you’ll sleep better at night when you have a locked down, airtight foundation in place.

Want More Ways to Protect Your Organization From B2B Payments Fraud?

We have several resources to help you make your vendor management process more secure.

10 Questions to Determine if Your Vendor Management Process Needs an Update

There are many in-person events happening in the vendor management space that will cover B2B payments fraud, fraud protection, and more. Here are the ones we’re attending that you might like.

Vendor Onboarding Trends in 2023: Prediction #1