日本語
한국어
Tiếng Việt
简体中文
With over three decades immersed in the banking and payments sector, one truth stands clear: fraud prevention is an unwavering, daily commitment for financial institutions and their business clientele alike. At Columbia Bank, our team dedicates significant resources to managing fraud mitigation efforts with our business customers. It’s often the very first concern raised during initial meetings and remains a consistent discussion point throughout our engagements.
In fact, members of Columbia Bank’s Client Advisory Boards consistently identify fraud as their top “keeps me up at night” concern. This heightened anxiety stems from the escalating frequency and sophistication of fraud attempts. While technological advancements empower businesses in countless ways, they also introduce novel challenges, demanding a constant redesign of everyday payment workflows.
Consider the rise of AI deepfakes, which introduce a new dimension of risk. Businesses are increasingly vulnerable to process gaps that fraudsters exploit. Effective prevention, therefore, transcends mere technological solutions, requiring robust behavioral controls.
Here are crucial operational insights for executives to consider:
- Fraud prevention has evolved into a daily operational discipline. Banks can easily allocate a third of their client interaction time to preventing and recovering from fraudulent activities.
- Organizations are losing approximately 5% of their annual revenue to fraud, with cases typically going undetected for around 12 months, according to the Association of Certified Fraud Examiners.
- Business Email Compromise (BEC) remains a primary entry point for payment fraud, frequently involving urgent wire requests strategically timed for late Fridays or pre-holiday periods.
- Check fraud is experiencing a significant resurgence. Intercepted and “washed” checks can lead to substantial losses for businesses. In 2024, 79% of organizations reported experiencing or attempting payments fraud, as per a report from the Association of Financial Professionals.
- Deepfake voice scams are alarmingly on the rise. Banks are reporting multiple monthly incidents where AI-generated voices, convincingly impersonating clients, attempt fraudulent transactions.
- Implementing straightforward controls like dual payment approvals within digital banking platforms, along with Payee Positive Pay, Positive Pay, and ACH Positive Pay, offers effective ways to minimize risk.
Combating Business Email Compromise (BEC)
Business Email Compromise (BEC) is one of the most prevalent forms of fraud. According to a report from cyber insurer Coalition, BEC and funds transfer fraud constituted 58% of all cyber incidents last year. Furthermore, the FBI’s latest Internet Crime Complaint Center report revealed a staggering $8.5 billion lost to BEC between 2020 and 2022.
Attackers meticulously replicate email addresses and signatures, often sending urgent requests for large sum payments late on a Friday afternoon or just before a long weekend. These high-pressure emails instruct recipients to execute a wire transfer “ASAP.”
Key Precaution: Slow down! Organizations can implement numerous safeguards against BEC. We strongly advise clients to pause and meticulously review the email sender, the message tone, and the email content itself. Crucially, always pick up the phone and call the client at their known business number to independently validate the request.
In one recent instance, our intervention helped a client prevent a fraudulent wire transfer exceeding $600,000 simply by encouraging them to pause and conduct a deeper investigation into the email request.
The Unexpected Resurgence of Check Fraud
Check fraud represents another persistent threat that many businesses continue to fall victim to.
Consider this scenario: A customer recently mailed a significant quarterly tax payment to the IRS. Despite this not being their usual practice, an operational issue necessitated it. The check was cashed. However, months later, the IRS informed the firm that the payment was never received and that they now owed thousands in penalties. It was evident the check had been intercepted in the mail, and the payee name “washed” or altered.
We assisted this client in obtaining the altered check and presenting it to the bank of first deposit to attempt fund recovery. In such situations, we always recommend setting up Payee Positive Pay with their bank. Every form of payment, whether checks or ACH items, requires robust coverage.
This isn’t merely a historical problem. Nasdaq’s Verafin reported an 11% increase in check fraud incidents in 2023, even as overall check volume decreased by 7%. Many businesses mistakenly believe check fraud is an outdated tactic. Yet, intercepted and altered checks remain a highly common vector for financial loss. The “it won’t happen to us” mentality often leads to unforeseen vulnerabilities.
At Columbia Bank, we proactively engage with customers, providing in-depth account diagnostics. We help identify potential gaps and work collaboratively to implement preventative solutions before fraud occurs.
Vendor Payment Changes: An Overlooked Fraud Vulnerability
We’ve observed a significant increase in customers being targeted through fraudulent vendor payment update requests, where they are asked to alter routing and account numbers.
The Modus Operandi: A supposed supplier contacts our customer, stating, “We’ve changed banks. Please direct all future transactions to this new routing and account number to avoid late payment penalties.” Inevitably, businesses fall victim because these requests appear highly legitimate. Later, the authentic supplier notifies them of missed payments, inquiring about potential liquidity issues. ACH is a particularly common channel for this type of fraud.
Key Insight: What seems like a routine administrative task can become incredibly costly. Fraudsters are increasingly targeting the process of updating vendor payment instructions rather than directly intercepting payments.
Recommended Steps:
- Before updating any payment instructions, always mandate vendor callback verification.
- Establish clear approval workflows for any modifications to vendor banking details.
- Actively monitor for unusual changes in payment destinations and flag suspicious activity.
- Implement periodic audits of vendor banking records to ensure accuracy and detect anomalies.
Deepfakes: Reshaping the Fraud Landscape
The threat of AI deepfakes is rapidly intensifying, fundamentally altering the fraud game.
The Past: Previously, recognizing someone’s voice on a call was generally sufficient for identity confirmation.
The Present: Today, merely hearing a familiar voice is no longer a reliable indicator of identity. Multi-factor identity verification is absolutely essential, especially for high-value transactions.
The sophisticated innovation behind deepfake technology and AI’s rapid advancements have rendered traditional safeguards considerably less dependable than in previous years. Impersonation fraud now accounts for 1 in 20 identity verification failures, according to verification software company Veriff.
Key Insight: Financial institutions must educate clients about deepfake risks. Furthermore, customer contact center teams require training to identify voiceover characteristics and ensure the implementation of multiple forms of authentication. No payment approvals should ever occur based solely on a telephone call.
As fraud continues its relentless evolution, banks are positioned to play a critical advisory role. Fraud prevention is more than a set of cybersecurity measures; it’s an operational discipline where successful detection and prevention demand a strategic blend of behavioral changes and technological implementations.
While the complete eradication of fraud risk is unattainable, its impact can certainly be managed. Organizations that prioritize ongoing education, robust operational controls, and early detection will be best equipped to succeed. The contemporary fraud playbook requires institutions to take even more proactive steps to prevent incidents, provide consistent education to businesses on emerging scams and mitigation tactics, and guide clients through the increasingly complex payments landscape.
Kathryn Albright is EVP and head of global payments & deposits at Columbia Bank, based in Washington State.
Source: TheFinancialBrand.com