Commercial Card

How Commercial Cards Help Keep Fraud at Bay

Recognize emerging payment fraud schemes and learn how commercial card B2B payment solutions can help mitigate your risk.


A staggering 82 percent of finance professionals reported their companies were victims of payment fraud in 2018, according to the Association for Financial Professional’s 14th annual Payments Fraud and Control Survey, which represents the highest rate on record. Check and wire fraud decreased slightly, while ACH fraud increased.

Fraud on commercial cards is at a five-year low Chart showing that checks and wire transfers remain the primary targets, while fraud on commercial cards is at a five-year low. 10 % 0 20 % 30 % 40 % 50 % 60 % 70 % 80 % Checks Wire Card ACH Debit ACH Credit 2014 2015 2016 2017 2018

A commercial card solution for B2B payments can help lower your risk of fraud with safeguards that protect against possible compromise. Built-in controls like chip technology and customizable merchant category code (MCC) restrictions, spend limits and cash access constraints reduce the ways in which criminals could misuse your cards. If suspicious use occurs, fraud alerts enable cardholders to quickly validate legitimate transactions or confirm fraudulent activity.

In addition to leveraging these built-in features, your organization can reduce the risk of fraud by becoming familiar with the latest scams and taking additional steps to protect your commercial card program.

 

Watch Out for Common Scams

Given the prevalence of fraud, it’s critical for companies to stay one step ahead of potential threats. Below are common scenarios for commercial card fraud attempts.

 

Business Email Compromise

 

Business Email Compromise

  1. A fraudster spoofs an executive’s email account and targets an unsuspecting employee with an urgent order to purchase many high-value gift cards for clients. Red flag: Urgent or persistent requests from your organization’s senior leadership should raise suspicion.
  2. The fraudster presses the employee to activate the cards in-store, scratch off the claim code on the back to reveal card numbers and email a photo of the cards with all numbers visible. Red flag: Requests to ignore protocol or appeals for confidentiality should be verified internally.
  3. The employee completes the request without reviewing the fraudster’s email for irregularities—such as an incorrect email address or poor grammar—or validating it internally. Red flag: Anything different from your organization’s standard email domain should be examined. One or two letters may be altered.
  4. Money on the cards is quickly depleted by the fraudster and the organization bears the full loss.

 

Keep Fraud at Bay Urgent or persistent requests from senior leaders should raise suspicion. A fraudster spoofs an executive’s email account and sends an employee an urgent request to purchase multiple high-value gift cards. The fraudster presses the employee to activate the gift cards and email a photo of all card numbers. Verify any requests to ignore protocol or appeals for confidentiality. The employee fulfills the request without reviewing for irregularities—such as an incorrect email address or poor grammar—or validating it internally. Make sure email addresses match your organization's standard email domain. Money on the cards is quickly depleted by the fraudster and the organization bears the full loss Validate fund requests by calling requestors at established telephone numbers on file A fraudster spoofs an executive’s email account and sends an employee an urgent request to purchase multiple high-value gift cards Money on the cards is quickly depleted by the fraudster and the organization bears the full loss Validate fund requests by calling requestors at established telephone numbers on file Money on the cards is quickly depleted by the fraudster and the organization bears the full loss The employee fulfills the request without reviewing for irregularities—such as an incorrect email address or poor grammar—or validating it internally Make sure email addresses match your organization's standard email domain The employee completes the request without reviewing the fraudster’s email for irregularities—such as an incorrect email address or poor grammar—or validating it internally The fraudster presses the employee to activate the gift cards and email a photo of all card numbers Verify any requests to ignore protocol or appeals for confidentiality The fraudster presses the employee to activate the cards in-store, scratch off the claim code on the back to reveal card numbers and email a photo of the cards with all numbers visible A fraudster spoofs an executive’s email account and sends an employee an urgent request to purchase multiple high-value gift cards Urgent or persistent requests from senior leaders should raise suspicion Urgent or persistent requests from senior leaders should raise suspicion Select icon to view more

Account Takeover

Account takeover is a similar scheme in which a criminal gains access to account information and poses as the cardholder. This type of fraud may take longer to notice and result in a greater loss.

Internet Safety Your personal information is vulnerable when browsing online, especially over an unsecured connection. How to Protect YourselfAvoid free, unsecured Wi-Fi; choose strong passwords and update them every two months; and conduct semi-annual attestation of adherence to your policies. How We Can Help We’re aware of ongoing schemes and take several steps to verify it’s you and not an imposter. SkimmingSkimming devices can be placed unknowingly on a merchant terminal to capture card information when you swipe.How to Protect Yourself Always insert your chip-enabled card whenever possible. How We Can Help We utilize chip technology that assigns a unique code to each card transaction and makes it harder for thieves to skim your data. Data BreachesWhen a merchant falls victim to a data breach, your cardholder data could be accessed and stolen. How to Protect Yourself Encrypt all sensitive data at rest, limit user access to your account and implement card controls, including MCC restrictions and credit and cash limits. How We Can HelpWe can send real-time text, email and voice alerts when we suspect fraudulent use of your account. Make sure your cardholders sign up to receive notifications. Phishing SchemesFraudsters can gain access to account numbers and personal data through phony links that trick you into providing information.How to Protect YourselfBe on the lookout for warning signs like a vague or incorrect email address, poor grammar, urgent language, requests for personal information and improper use of logos or graphics.How We Can HelpLearn more about best practices to defend against phishing attempts.

 

Skimming

Skimming devices can be placed unknowingly on a merchant terminal to capture card information when you swipe.

How to Protect Yourself

Always insert your chip-enabled card whenever possible.

How We Can Help

We utilize chip technology that assigns a unique code to each card transaction and makes it harder for thieves to skim your data.

 

Data Breaches

When a merchant falls victim to a data breach, your cardholder data could be accessed and stolen.

How to Protect Yourself

Encrypt all sensitive data at rest, limit user access to your account and implement card controls, including MCC restrictions and credit and cash limits.

How We Can Help

We can send real-time text, email and voice alerts when we suspect fraudulent use of your account. Make sure your cardholders sign up to receive notifications.

 

Phishing Schemes

Fraudsters can gain access to account numbers and personal data through phony links that trick you into providing information.

How to Protect Yourself

Be on the lookout for warning signs like a vague or incorrect email address, poor grammar, urgent language, requests for personal information and improper use of logos or graphics.

How We Can Help

Learn more about best practices to defend against phishing attempts.

 

Internet Safety

Your personal information is vulnerable when browsing online, especially over an unsecured connection.

How to Protect Yourself

Avoid free, unsecured Wi-Fi; choose strong passwords and update them every two months; and conduct semi-annual attestation of adherence to your policies.

How We Can Help

We’re aware of ongoing schemes and take several steps to verify it’s you and not an imposter.

Add Security With a Virtual Card Solution

While traditional plastic cards have fewer instances of fraud than other payment methods, a virtual card payment solution—like J.P. Morgan’s Single-Use AccountsSM (SUAsSM) —enables an even higher level of security that can reduce vulnerability to evolving scams. In fact, SUAs experience the lowest fraud rate of any commercial card product, below the average rate of 0.0012 percent for electronic payment solutions.1

In addition to supporting MCC limitations, SUAs put you in control of your payments.

  • Unique account number: Each SUA payment has a distinct 16-digit account number, reducing the damage that could be done if a card number got into the wrong hands.
  • Secure access: Your payment information is sent securely and directly to your vendor and can only be processed by that specific vendor.
  • Credit limit control: You set the credit limit to match the exact payment amount so you won’t be overcharged.
  • Custom expiration date: SUAs support time period restrictions so you determine for how long it’s valid.

As fraud attempts continue to grow, it’s important for your organization to remain diligent with prevention efforts. Educate your employees to recognize red flags and optimize your payment strategy to help reduce your risk and avoid costly mistakes.

 

Learn more about our Commercial Card solutions, including SUAs, or contact us to start a discussion.

1 J.P. Morgan 2018 proprietary fraud data and 2018 RPMG Electronic Accounts Payable Benchmark Survey

Cybersecurity and Fraud Protection Payments Payments Strategy Commercial Card

Get in Touch and Stay Informed

icon
Loading...