J.P. Morgan has issued a report titled “Payments Fraud: How It Happens And What You Can Do To Protect Your Organization” in which the company shares best practices for battling check, automated clearing house (ACH), and credit card fraud, as well as tips on protecting treasury operations from advanced phishing techniques. The report also explores the key areas of fraud vulnerability and proliferation, and reviews fraud protection products and services available today.
According to the Association for Financial Professionals, more than 70 percent of organizations polled experienced attempted or actual payments fraud in 2008. While more than one-third reported losses, 30 percent also showed an increase in payments fraud over the previous year, and the majority of respondents expect these illegal activities to grow. (Source: 2009 AFP Payments Fraud and Control Survey, sponsored by J.P. Morgan)
“Economic uncertainty coupled with the emergence of new technologies have brought out fraudsters of all stripes – from first-timers desperate for cash to organized crime to the most sophisticated technological manipulators in the industry,” said Iqbal M. Khan, executive director, J.P. Morgan Treasury Services. “Our new report offers tips on the most effective actions to take to stop criminals in their tracks.”
Among the best practices highlighted in the report are:
- Check Fraud. To prevent check fraud, take practical defensive measures such as securing check stock and implementing dual control around key treasury functions such as check issuance and account reconciliation. Using high-quality check stock with built-in security features will reduce the likelihood of check manipulation. Industry tools such as Positive Pay reduce the possibility of fraudulent check payment.
- ACH Fraud. To minimize ACH or electronic payments fraud, sensitive information needs to be protected. Masking account numbers and Tax ID numbers in your written correspondence, and utilizing encrypted email for confidential, nonpublic information are both critical steps to reducing fraud. ACH debit blocks or ACH debit filters guard against unauthorized ACH debit transactions.
- Corporate Credit Card Fraud. Misuse of corporate payment cards by employees is not typically considered fraud by card issuers. The company is usually responsible for any loss, so organizations must have prevention programs in place. Protective controls, such as setting transaction limits and monthly limits for all cardholders, as well as blocking unauthorized vendors will greatly reduce misappropriation. Companies should also use Web-based payments tools that provide enhanced reporting and real-time visibility into spending.
- Phishing Fraud. Phishing spammers establish fake emails and Web sites in an attempt to steal security information, such as login names, passwords and other personal data. Organizations should ensure that browser and security software information is continually updated, and that spam blocking filters and surfing block controls are maintained companywide. Privacy locks should be utilized to restrict access to sensitive data.