International payments fraud: what you need to know
As banks close more branches and small- and medium-sized businesses embrace online banking, the fraud pandemic is getting worse, with many companies unaware of the new risks they take. You are ten times more likely to become a victim of fraud than be robbed. The fraud victims in the UK outnumber those who suffer theft, burglary, criminal damage and violence combined.
Companies that trade internationally are even more at risk. International trade exposes businesses to criminals from around the world. Nowadays, these criminals devise increasingly sophisticated scams to target the less digitally savvy - especially when it comes to Authorised Push Payments Fraud.
While tools such as Confirmation of Payee help reduce fraud risk for UK domestic payments, verifying account details for international transfers is still manual and complicated. And while many banks in the UK have started offering compensation for fraudulent domestic payments, there is no such protection scheme when you transfer money across borders.
WHAT IS AUTHORISED PUSH PAYMENTS FRAUD?
Authorised Push Payment (APP) Fraud happens when criminals manipulate an unsuspecting person into making payments from an account under her control. It can affect any individual or business. For many, it has a devastating impact on one’s finances. READ MORE.
Banks and other payment providers struggle to prevent APP fraud as the person instructing payments is authorised to do so. This makes it hard to spot abnormal activity with limited data and complicates fraud prevention.
Nevertheless, fintech companies such as HedgeFlows can help identify potentially fraudulent payments earlier and work with clients to keep their money safe. HedgeFlows can leverage the data from popular accounting software and cutting-edge technologies such as Artificial intelligence to spot outliers. As a result, we help clients spot more suspicious transactions before payments are made.
There are multiple other ways to reduce the risk, some of which we’ve covered in a separate article. Most of them rely on slowing down and verifying the legitimacy of any request or payment details. Take time to understand and educate your staff about how payment fraud happens. But unsuspecting humans will remain an easy target for professional fraudsters, and leveraging modern solutions to prevent fraud is a must for any growing business.
On the flip side, acting fast is key if you suspect you’ve been the victim of fraud. Criminals quickly forward misdirected funds and use elaborate schemes to move money, making it impossible to trace and recover. As soon as you’ve discovered a fraudulent payment, you must:
- Report the crime immediately to ActionFraud via their website or by calling 0300 123 2040.
- Contact your bank or payment provider and request to recall the transfer, notably if you used SWIFT as the payment method.
Fraud is a crime that affects more people and businesses than anyone realises. It is also best fought together - with your bank or other payment service provider. HedgeFlows is building safer and simpler solutions for SMEs, and fraud protection is essential to make foreign payments safer.
How does APP Fraud happen?
Criminal gangs worldwide use scam websites, emails, messages and phone calls to trick people into transferring money or sensitive information into the wrong hands. Authorised payment fraud differs from personal data or unauthorised payment scams (where the criminals primarily try to steal your sensitive data to use it later themselves or sell it on the black market). The APP scam may involve manipulating the victim into believing they are making a legitimate payment, but funds are transferred into a fake account.
Criminals may use a fake email, install malware on one’s computer or smartphone, or steal an email account of the victim’s supplier and impersonate them. Because the bounty for them in case of business payments is substantial, they can invest significant efforts to “groom” the victim with targeted messages designed to lower their guard and slow down their eventual ability to discover the crime. They may prey for several days or weeks and take time to “test" a potential victim with more innocent messages and requests.
Below are two relatively simple and the most common strategies used by criminals that target UK businesses:
Urgent director’s request
Fraudsters can impersonate a director or another senior person in the company and target staff who are authorised to make payments. This can range from creating a fake email account (that looks like a director’s) to hacking the director’s email. The fraudster may then send a tester message to an unsuspecting individual or an entire accounts team asking, “How long does it take to pay $50,000 to a supplier in China?”. If someone responds, they can follow up with a string of emails that eventually lead to a request to wire funds to newly created recipient. The sense of urgency is often used to reduce the opportunity to verify or ask questions.
Supplier account change
Nowadays, it is common to receive emails from a supplier or an internal contact asking to change payment account details. Often these requests are legitimate. Companies often open new accounts and change banks. Yet, email accounts are frequently hacked. Unfortunately, criminals know how to exploit this process and it is common for businesses to receive requests to change payment account details to fake ones. In some situations, the fraud can persist uncovered for weeks or months, with victim companies making multiple payments to one or several fraudulent recipients.