Organisations take preventive steps, but payments fraud still persists


By Neil Amato

Organisations are on high alert about payments fraud as more sophisticated attacks specific to debit and credit cards continue to rise even as overall payments fraud has decreased.

The majority of organisations continue to be affected by payments fraud, according to an annual survey by the Association for Financial Professionals (AFP). Sixty per cent of respondents said their organisations were exposed to actual or attempted payments fraud, and 63% have either adopted additional security measures or are planning to do so in the near future. The increased security comes in the wake of several high-profile breaches of customer data, according to the survey of 449 financial professionals in January.

Compared with last year, fraud involving credit or debit cards has risen sharply. Forty-three per cent of those exposed to fraud attacks reported that credit or debit cards were targeted, up from 29% in 2012 and 20% in 2011.

Overall, payments fraud has declined in the past five years. In AFP’s 2009 survey, 73% of respondents reported attempted or actual fraud. That dipped to 71% in 2010, 68% in 2011 and 61% in 2012.

According to the most recent survey, the most common actions taken to defend against fraud were, in order:

  • Perform daily reconciliations, 74%
  • Review and strengthen internal procedures and controls, 73%
  • Adopt a stronger form of authentication or add layers of security to access bank services, 49%
  • Ensure disaster recovery plans include the ability to continue with strong control, 44%
  • Update the authentication procedures/devices used to access company networks, 41%

Chip cards and payments fraud

In the next 18 months in the US, liability is slated to shift from card issuers to merchants for fraudulent transactions made on point-of-sale (POS) systems that are not in compliance with EMV standards. EMV stands for Europay, Visa and MasterCard, the companies that created the global standard for chip cards and chip-card-compliant POS systems. Liability has already shifted to merchants in most other parts of the world, and, as a result, EMV cards and EMV-compliant systems are far more common. In Europe, for example, research shows that financial losses related to payment card fraud have fallen significantly since EMV standards became the norm in the mid-2000s.

Adoption of EMV standards has been slower in the US, where cheaper cards with less secure magnetic strips remain common. Major card issuers, such as American Express, Discover, MasterCard and Visa, have set October 2015 as the US date for the shift in liability for POS transactions. The liability shift is later for ATM withdrawals or pay-at-the-pump gas purchases.

A majority of respondents in the AFP survey expect a switch to EMV chip cards to cause a major reduction or some reduction in fraud, but 69% believe that fraud activity will migrate to other payment methods if EMV chip cards are successful.

“It is evident that those committing fraud are continuously adopting unique methods with far-reaching effects,” the AFP report said. “The challenge for organisations and the financial professionals who work for them will be to stay ahead of the game.”

Other key findings in the survey:

  • The typical amount lost by companies from payments fraud in 2013 was $23,100.
  • 70% of organisations exposed to actual or attempted fraud experienced no financial loss.
  • 80% of organisations exposed to fraud or fraud attempts report that the fraud came from outside the organisation.
  • 27% of respondents whose organisations had experienced fraud reported that the number of fraud attempts increased in 2013 compared with 2012. Fifty-seven per cent said the number of incidents remained the same, and 16% said the fraud attempts decreased.
  • Cheques remain the most common method of payments fraud. Eighty-two per cent of organisations reporting attempted or actual fraud cited cheques as the method, down from 87% a year ago. The most prominent method of cheque fraud, cited by 62% of respondents, was altering the cheque’s magnetic ink character recognition (MICR) line.

Related CGMA Magazine content:

Six Fraud and Corruption Trends for 2014”: EY has identified six themes related to fraud and corruption in 2014. Among them: dealing with cyber threats and balancing the opportunity for growth in emerging markets with perceived corruption risk.

Electronic Payments Rise, but Paper Cheques Still Dominate”: A survey by the Association for Financial Professionals shows that paper cheque use has declined over the years but that obstacles remain to going to a more digital model.

Why Companies Need a More Forward-Looking Approach to Cybersecurity”: Not so long ago, computer hackers focused mainly on organisations that had the most to offer. They followed the money, trying to breach big companies and access cash, sensitive data or intellectual property.

Neil Amato (namato@aicpa.org) is a CGMA Magazine senior editor.

Don't miss out on additional news and features from CGMA Magazine.
Sign up for our free weekly e-newsletter.