printer friendly version

Payment fraud: Steps to take if your business gets scammed

Payment fraud is a nightmare scenario for any business. Irrespective of size, companies face substantial financial and reputational harm resulting from fraudulent activity. Depending on the severity of the crime and the losses incurred, the very survival of the business may be at stake.

Ryan Mer.

Ryan Mer, CEO at eftsure Africa, a Know Your Payee (KYP) platform provider, says banking and payment fraud remains a serious concern as fraudsters use increasingly sophisticated methods to exploit process vulnerabilities and take advantage of human error.

A 2021 TransUnion report noted a significant surge in fraud and criminal activity related to financial services in South Africa, with fraud in this sector surging over 187% in the last year. An Accenture report from the previous year confirms South Africa had the third most cybercrime victims globally, resulting in losses topping R2,2 billion.

“The risk of payment fraud is not limited to any one sector or industry. Any business that makes use of Internet banking or EFT facilities is vulnerable. Fake invoices, business email compromise (BEC) and even insider scams have become worryingly commonplace,” says Mer.

What to do when the worst happens

Payment fraud happens most frequently when companies are paying invoices or doing payment runs. Mer says it’s important to remember banks require only the account number and branch code to process an EFT payment. This means the onus of making sure all payment details are correct and haven’t been altered or manipulated, is on the payer.

When payment fraud is discovered it’s vital to act quickly and methodically:

• Contact the bank immediately to freeze payments and/or accounts to prevent further monies from being stolen.

• Gather as much paperwork and bookkeeping relating to the theft as possible.

• In the event of internal fraud, ensure any laptops, tablets and mobile phones of employees are recovered and safely stored.

• Open a police docket as soon as possible.

• Contact the Southern African Fraud Prevention Service (SAFPS).

Prevention is better than cure

While there is a small possibility stolen money can be recovered, it is mostly not the case as the stolen funds are withdrawn very quickly. In any event, Mer says the process is likely to be time-consuming and costly. “Strict banking terms and conditions place responsibility on the account holder making EFT payments to ensure the accuracy and integrity of payee details. An additional challenge is the unfortunate reality of the South African Police Service (SAPS) being understaffed and under-resourced to deal with crimes of this nature.

“Creating a fraud prevention ecosystem is the most effective way to mitigate risk and stop payment scams in their tracks. Even the best ERP systems cannot protect you from a malicious employee while a platform like eftsure can help limit the risks of internal fraud and BEC attacks by quickly and easily cross-referencing the payments an organisation makes with verified bank account details, before every payment is released.

“Given the potential losses and the onerous process with no guarantees of recovering stolen funds, real-time prevention at the point of compromise just makes good business sense,” says Mer.

Share this article:

Further reading: