Despite the dramatic shift toward electronic business-to-business payments and the adoption of fraud prevention techniques, the rate of payment fraud has remained "stubbornly high," as 71 percent of nearly 400 surveyed corporations in 2010 experienced attempted or actual payment fraud, according to an annual poll.
The 2011 Association for Financial Professionals Payments Fraud and Control Survey, underwritten by JPMorgan, found that the incidence of fraud in 2010 rose from 2009 at 29 percent of responding organizations. Fraud rates since 2006 have remained fairly consistent at around 71 percent.
As in six prior annual surveys, checks were the "dominant payment form targeted by fraudsters with 93 percent of affected organizations reporting that their checks had been targeted," according to the study. But 15 percent of respondents said corporate/commercial cards had been subject to fraud, 25 percent cited Automated Clearing House debit payments and 23 percent cited consumer credit or debit cards. Four percent of respondents cited wire transfers, and another 4 percent named ACH credit as fraud payment targets.
Less than one in three companies experienced losses due to the fraud. Of those, more than half reported less than $25,000 in losses, a quarter set losses between $25,000 and $249,000, and 19 percent claimed losses exceeding $250,000.
Unlike check fraud, where larger organizations were subject to a larger percentage of payment fraud losses, corporate/commercial card fraud hit hardest for companies with revenues under $1 billion.
[PULL_1]Asked if they experienced more, less or about the same amount of fraud in six areas of exposure during 2010 versus 2009, 15 percent of respondents said they were subject to more attempted or actual payment fraud on corporate cards.
To prevent fraud, AFP advised corporations to use spend controls and "remain vigilant in monitoring accounts against fraud and adopt best practices against hackers and corporate account takeover situations."
Of organizations that cited corporate/commercial card fraud, 77 percent said an "unknown, external party" committed the fraud." One in 10 such victims said a third-party vendor, "professional services provider or business trading partner" committed the fraud.
Three-quarters of all respondents said their organizations used corporate or commercial cards for business-to-business payments. Most prevalent: purchasing cards at 73 percent, followed by T&E cards at 44 percent, ghost or virtual cards at 32 percent, one-cards at 29 percent, fleet cards at 13 percent and airline travel cards, such as UATP, at 6 percent.
Across the U.S. card payments industry, Aite Group estimates that fraud losses total about $8.6 billion a year. "Although just 0.4 percent of the $2.1 trillion in U.S. card volume per year, this number remains a troubling area for the industry due to the volatile nature of fraud," according to the firm.
Fraud Deterrence Tools
To deter fraud and encourage corporate program compliance, Visa last month announced the global launch of a new web-based monitoring tool that provides misuse and abuse detection, regulatory compliance reporting, analytics and a drill-down dashboard to help measure program performance.
"We give them the ability to identify transactions that are out of the norm," said Visa head of global commercial solutions Rafael De la Vega. For example, if a cardholder usually traveled only between San Francisco and New Jersey, charges in Chicago would trigger an alert to the company card manager.
Companies create their own rules in the tool, which reviews raw transactional data to identify violations within 24 to 48 hours of each charge, said De la Vega. As part of a test, Visa "modeled as many workflows and policies as possible" into the tool. "If there is a limit to the number of rules [companies could create], we haven't identified it yet."
Compliance management is part of the Visa IntelliLink suite that also includes Spend Management, used by about 50 financial institutions to support commercial card offerings, De la Vega said. "We already have three of the largest banks in the United States signed up for Compliance Manager and are working with two more banks, one in the Asia/Pacific region and the other in Latin America." U.S. Bank is among the earlier adopters; it private-labeled the Visa tool as U.S. Bank Payment Analytics.
"It can cost hundreds of thousands of dollars to manually audit transactions for misuse, and audit sample sizes typically cover only 20 percent of an organization's transactions," said U.S. Bank Corporate Payment Systems senior vice president of strategy and product Kurt Adams. "Payment Analytics can monitor 100 percent of the transactions and catches problems before they show up on the monthly statement. Reducing the rise of misuse and abuse allows an organization to focus its attention on growing its program."
MasterCard and several of its issuing banks are touting the fraud features of InControl as a means for corporations and issuers to more tightly control the issuance and permitted use of various cards. MasterCard Worldwide also introduced to its issuers an Expert Monitoring Compromised Account Service that allows banks to more closely watch accounts that have been compromised. Instead of simply closing an account and reissuing a card, the service "provides issuing banks with a comprehensive, real-time view of account data compromise fraud risk during authorization with an ADC Threat Score that predicts the likelihood that fraud will occur on accounts exposed" by an event. According to a 2010 Javelin Strategy and Research study, cardholders who receive a new card account as a result of a data compromise event often abandon the card or use it with much less frequency.
Using the service, "the ADC Threat Score predicts the probability of fraud over the coming seven to 14 days, helping issuers to determine when, or if, to close the exposed account and reissue a new account number to the customer," according to MasterCard. "We believe the Compromised Account Service represents the next generation in precise fraud prediction for issuing banks," said Wendy Murdock, MasterCard chief payment system integrity officer.
In a separate annual study on occupational fraud, the Certified Fraud Examiners in its 2010 Report to the Nation on Occupational Fraud and Abuse, estimated that a "typical organization loses 5 percent of its annual revenues to fraud," which when applied to the 2009 gross world product translated to a fraud loss of $2.9 billion. Within that total are a small percentage of expense reimbursement frauds reported by corporate fraud examiners.
In 2010, the reported 278 cases, or about 15 percent of all asset misappropriation frauds, one of three general areas tracked. The median loss for those cases was $33,000. Billing frauds, in contrast, represented 26 percent of all asset misappropriation audits conducted by examiners who reported a median loss in such cases of $128,000."