Payment fraud: Steps to take if your business gets scammed

Issue 2 2022 Security Services & Risk Management

Payment fraud is a nightmare scenario for any business. Irrespective of size, companies face substantial financial and reputational harm resulting from fraudulent activity. Depending on the severity of the crime and the losses incurred, the very survival of the business may be at stake.


Ryan Mer.

Ryan Mer, CEO at eftsure Africa, a Know Your Payee (KYP) platform provider, says banking and payment fraud remains a serious concern as fraudsters use increasingly sophisticated methods to exploit process vulnerabilities and take advantage of human error.

A 2021 TransUnion report noted a significant surge in fraud and criminal activity related to financial services in South Africa, with fraud in this sector surging over 187% in the last year. An Accenture report from the previous year confirms South Africa had the third most cybercrime victims globally, resulting in losses topping R2,2 billion.

“The risk of payment fraud is not limited to any one sector or industry. Any business that makes use of Internet banking or EFT facilities is vulnerable. Fake invoices, business email compromise (BEC) and even insider scams have become worryingly commonplace,” says Mer.

What to do when the worst happens

Payment fraud happens most frequently when companies are paying invoices or doing payment runs. Mer says it’s important to remember banks require only the account number and branch code to process an EFT payment. This means the onus of making sure all payment details are correct and haven’t been altered or manipulated, is on the payer.

When payment fraud is discovered it’s vital to act quickly and methodically:

• Contact the bank immediately to freeze payments and/or accounts to prevent further monies from being stolen.

• Gather as much paperwork and bookkeeping relating to the theft as possible.

• In the event of internal fraud, ensure any laptops, tablets and mobile phones of employees are recovered and safely stored.

• Open a police docket as soon as possible.

• Contact the Southern African Fraud Prevention Service (SAFPS).

Prevention is better than cure

While there is a small possibility stolen money can be recovered, it is mostly not the case as the stolen funds are withdrawn very quickly. In any event, Mer says the process is likely to be time-consuming and costly. “Strict banking terms and conditions place responsibility on the account holder making EFT payments to ensure the accuracy and integrity of payee details. An additional challenge is the unfortunate reality of the South African Police Service (SAPS) being understaffed and under-resourced to deal with crimes of this nature.

“Creating a fraud prevention ecosystem is the most effective way to mitigate risk and stop payment scams in their tracks. Even the best ERP systems cannot protect you from a malicious employee while a platform like eftsure can help limit the risks of internal fraud and BEC attacks by quickly and easily cross-referencing the payments an organisation makes with verified bank account details, before every payment is released.

“Given the potential losses and the onerous process with no guarantees of recovering stolen funds, real-time prevention at the point of compromise just makes good business sense,” says Mer.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Employee screening trends
iFacts Security Services & Risk Management
Criminal record checks still the most popular background check conducted around the world, but global employee screening trends are changing according to iFacts.

Read more...
South African business readies for a journey to the cloud
Security Services & Risk Management
There is an increasing demand for cloud services in the country, driven by the need to use advanced technologies such as AI while also providing hybrid workers access to data, regardless of their location.

Read more...
What to do in the face of growing ransomware attacks
Technews Publishing Cyber Security Security Services & Risk Management
Ransomware attacks are proliferating, with attackers becoming more sophisticated and aggressive, and often hitting the same victims more than once, in more than one way.

Read more...
South Africa can accelerate its move to smart cities
Security Services & Risk Management
What global smart city leaders have in common is that they have built on, and developed existing infrastructure, transforming it iteratively; South Africa is well positioned to adopt this approach.

Read more...
Where does SA logistics stand as far as cybersecurity is concerned?
Logistics (Industry) Security Services & Risk Management
Lesiba Sebola, director of information technology at Bidvest International Logistics, says it is paramount to safeguard IT infrastructure given how central it has become to operations.

Read more...
The Deposita Protector 3000 d-s1
Deposita Security Services & Risk Management
The Protector 3000 d-s1, designed for medium-sized enterprises, improves the level of security at the business and helps optimise resources by streamlining cash-handling processes.

Read more...
Top fraud trends to watch in 2023
News Security Services & Risk Management
Even though financial concerns remain a significant obstacle for companies in implementing new anti-fraud technologies, 60% of businesses expect an increase in their anti-fraud technology budgets in the next two years.

Read more...
Be cautious when receiving deliveries at home
News Perimeter Security, Alarms & Intruder Detection Security Services & Risk Management
Community reports of residents being held up at their gate when collecting fast food deliveries at home are once again surfacing.

Read more...
Sasol ensures Zero Trust for SAP financials with bioLock
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Multi-factor authentication, including biometrics, for SAP Financials from realtime North America prevents financial compliance avoidance for Sasol.

Read more...
Protecting yourself from DDoS attacks
Cyber Security Security Services & Risk Management
A DDoS attack, when an attacker floods a server or network with Internet traffic to prevent users from accessing connected online services, can be costly in both earnings and reputation.

Read more...