Using Dual Control to Help Prevent Payment Fraud
Authors: Cory Mann, Managing Director, Payments Innovation and Product Strategy
Payment fraud is plaguing American businesses, and it can be costly when fraudsters strike. In fact, companies lost nearly $2 billion to false payments and wire transfers in 2022. On the bright side, you can take steps to protect your company. Being proactive can help prevent fraud that may not be identified until you review your business bank account and see tens of thousands of dollars transferred to an unknown entity.
Although payment fraud can take many forms, in the majority of cases the scheme is initiated through email in a scam known as Business Email Compromise (BEC). A scammer posing as a vendor, supplier, employee or even an executive within the company sends an email asking that a payment be made into a designated account.
Common BEC schemes include:
- Posing as a vendor. A bad actor sends an email that appears to be from one of your existing clients or vendors, asking that future payments be made to a new bank. The new bank and account are controlled by the bad actor. Because the money is diverted to the scammer, the business may be out the funds and need to make a duplicate disbursement to pay the real vendor.
- Scammers hack into an executive email account or impersonate an executive or other employee with a near match of the email name and send payment instructions to internal areas, requesting funds be sent from the company into accounts that are fraudulent.
- A hacker sends an email requesting to be added as an authorized party for an account and then instructs funds be sent to a new bank account that is controlled by the hacker.
In the examples above, the email appears to originate from a valid source, so internal teams initiate the funds transfer via ACH or wire or act on setting up a fake authorized party. In many cases, the business doesn’t realize that fraud was committed until it is too late to stop the transaction or recover lost funds. In 2022, only 44% of businesses were able to recoup money lost to payment fraud.[i]
It is also important to know that a scammer may contact you, pretend to be a bank employee and ask for sensitive information. Although FNBO may reach out to its customers for a variety of reasons, our employees will never call, text or email to ask for personal information such as date of birth, social security number, password, etc.
If you feel pressured or concerned about a call, hang up and call your banker or business contact to confirm whether they are trying to reach you.
Despite the threats posed by cybercrime, there is good news. The 2023 AFP Payments Fraud and Control Survey indicates that incidents of payment fraud are steadily declining, dropping to the lowest point since 2014 in 2022. The study credits businesses for the positive trend, as companies work with their banking partners to prevent fraud. Dual control is a common tool being used today.
How Dual Control Can Help Stop Fraudsters
In traditional payment processes, one internal individual is responsible for initiating and approving transactions, with no additional oversight. Because no one checks the transaction for authenticity or accuracy, the process is highly vulnerable.
Dual control, a service offered by leading financial institutions like FNBO, requires action by two people within the business to complete a transaction:
- Step one: An employee creates the transaction, requesting payment be made.
- Step two: A request for approval is automatically sent to individuals within the organization who are authorized to provide approval.
- Step three: An employee with authority reviews and approves the transaction.
- Step four: The bank receives the approval and sends the payment.
Throughout the entire process, it is recommended that all parties involved in the payment verify that the instructions are accurate. If the payment instructions are for an existing vendor or client, a best practice is to call them and confirm the payment instructions with a known contact. The call should be made to a valid and known phone number, not to a contact phone number listed in an email received with payment instructions.
If the payment is for a new client or vendor, a best practice is to confirm the information with others familiar with why the payment is being sent. Often time, employee fraud consists of payments to new vendors when, in fact, the invoice is fraudulent, and the money is being sent to an account owned by the employee.
Businesses may authorize several employees to approve payment requests, but only one needs to endorse the transaction. The additional layer of oversight created by dual control authentication provides several advantages:
- Deterring fraudulent payments: Because every payment request is physically checked by a second party within the organization before funds are transferred, it is more difficult for bad actors to successfully complete fake transactions.
- Avoiding internal fraud: While few business owners want to think about employee deceit, fraud cases attributed to insider actions are on the rise. Whether employees are handing out credentials to outside scammers or skimming funds into personal accounts, dual control can help identify and shut down schemes before money is lost.
- Mitigating the effects of human error: While not malicious, human errors can affect a balance sheet. Consider what adding an extra zero to a payment amount can do. With dual control, the business doubles the chances of catching errors like these before transactions occur.
In the ever-evolving landscape of payment fraud, your organization must remain vigilant in safeguarding its financial transactions. Dual control has emerged as a formidable defense. By partnering with your bank to implement dual control, your business can improve fraud protection, helping to ensure peace of mind and greater financial security.
At FNBO, many of our payment solutions include dual control. We encourage all businesses to use this proven tool for reducing fraud risk. Reach out to an FNBO representative if you'd like to learn more.
About the Author
Cory brings a well-rounded list of professional experiences to his role at FNBO, including a history in product and innovation, strategy, marketing and client communications. He held various leadership positions across the financial services industry, and is frequently called upon to leverage his expertise as a marketing and technology consultant for businesses and nonprofits.
[i] “2023 AFP Payments Fraud and Control Survey Report.” Association for Financial Professionals, 2023. Web.
The articles in this blog are for informational purposes only and not intended to provide specific advice or recommendations. When making decisions about your financial situation, consult a financial professional for advice. Articles are not regularly updated, and information may become outdated.