May 13, 2022

AFP Survey Finds Business Email Compromise Cases Down, But Caution Urged


Michael W. Kahn

Michael W. Kahn


Checks Still the Payment Method Most Susceptible to Fraud

There’s encouraging news in the war on Business Email Compromise (BEC), though the numbers remain cause for concern. 

“Sixty-eight percent of organizations were targeted by BEC in 2021, eight percentage points lower than in 2020 and the lowest figure reported since 2015,” according to the 2022 Payments Fraud and Control Report from the Association for Financial Professionals (AFP). The report explained the decline by noting that “companies have become much better at identifying and mitigating this type of risk through better training and policies and procedures.”

But it’s no time to let your guard down, especially in accounts payable departments, which 58% of survey respondents said is their most vulnerable business unit targeted. The report also found greater vulnerability among AP departments at larger organizations, which were defined as those with annual revenue of more than $1 billion and those with both annual revenue of more than $1 billion and more than 100 payment accounts.

Overall, the survey found that 71% of organizations reported incidents of payments fraud attacks or attempts in 2021, a high number, but down from the 82% peak AFP saw in 2018. 

Checks continue to be the payment method most susceptible to fraud, cited by two-thirds of organizations, a figure unchanged from a year earlier. Wire transfer incidents fell from 39% to 32%.

Incidents of fraud involving ACH credits and debits ticked up, cited by 24% and 37% of respondents, respectively. “Larger companies are more susceptible to fraud via ACH debits than are other organizations, and are collaborating with internal partners to identify and return ACH debits in a timely manner within the return window to help in preventing fraud,” the report said. At the same time, AFP noted that ACH fraud controls are easy to implement. 

“Utilizing simple banking tools to mitigate this risk such as ACH filters and blocks will help to alleviate the concern. More importantly, having a full suite of proper controls in place by reconciling activity on a regular basis, separation of duties and having a good banking/vendor partner to fully understand best practices in preventing this type of fraud is very helpful,” the report said.

“The 2022 AFP Payments Fraud and Control Report shows that businesses still face the highest incidence of fraud with checks at 66%. Checks are also the most likely source of banking information used in committing other types of fraud,” said Michael Herd, Nacha Senior Vice President, ACH Network Administration. 

“Nacha is committed to ensuring that the ACH Network continues to be safe, fast and reliable through rules, tools, industry best practices and education,” said Herd. “We agree with and strongly support AFP’s recommendation that corporates utilize simple and widely available banking tools to mitigate the risk of fraud.”

In this year’s survey, AFP asked if employees working remotely were to blame for any increase in payments fraud at their organization. Forty-seven percent said no, 32% said yes, and 21% were unsure.

Finally, the report warned that payments fraud isn’t going away, and urged financial professionals to “prioritize payments fraud in their strategies and tactics” and “keep up to date on new technologies—fraud perpetrators certainly do.” 

“The more frequently organizations succumb to these attacks,” the report concluded, “the more encouraged those fraudsters will be.”