Treasury and Payments
Many businesses have yet to implement payment fraud controls. Here’s why they matter
Businesses can tailor payment fraud controls to help increase their protection through customization and save costs. To do this, they’ll want to understand the most important controls for their needs and determine a partner that’s best for them.
As the world becomes more digital, organizations should keep fraud mitigation on their radar. The attempted value of fraudulent purchases rose by almost 70% in 2020, and the volume of global cashless transactions will nearly triple in 2030 to 3.02 billion. Therefore, businesses should strive for best-in-class solutions to prevent increasingly higher per-transaction fraud losses from occurring across a larger number of transactions.
One untapped opportunity is fraud controls. Treasurers often believe fraud won’t happen to them and avoid implementing proactive controls that can stop fraud before it happens. Read on to learn more about why fraud controls are valuable, how to optimize them for your business, and what to look for in a partner to best enable these protections.
Why fraud controls are important
While fraud is a universal problem, each organization requires a customized solution. Fraud controls are so important because their strength is in adding layers of customization, which are essential to help identify bad actors with more precision and minimize issues with legitimate customers. Each control serves as a dial that organizations can fine-tune around their unique needs.
Another key benefit is cost savings. One study showed that companies who have a dedicated program for their most disruptive types of fraud save 27% in response costs, 55% in remediation, and 76% on fines and penalties. Fraud controls are one component of a dedicated program, so organizations should identify their unique vulnerabilities to identify any additional ways to find potential savings.
How to personalize fraud controls
If customizing fraud controls is so important, what should businesses think about when customizing? The first step is assessing overall risk tolerance, or a company’s willingness to protect funds from fraud at the expense of impacts to legitimate client business. Risk tolerance is a constant balance between these two factors, and it will evolve over time as a business’s needs and priorities change.
Then, organizations should focus their risk tolerance around fine-tuning the most impactful controls. They’ll want to identify which controls would best indicate business anomalies and have them flag more perceived irregularities. They should start with client-level security controls like maximum individual personnel limits and matrix approvals where an amount above a certain threshold requires additional supervisor approval. Then, businesses should consider the following controls:
New Beneficiary controls are similar to know-your-customer checks that flag transactions sent to new recipients. These controls help employees understand whether they’re conducting business with the right person before making any payments or major changes, which is critical to prevent Business Email Compromise (BEC) fraud discussed below.
Geographical screens flag when a transaction is sent to a country or region. Businesses can begin creating these screens with a partner’s pre-existing list and then identify any necessary customizations based on their business model’s unique risks.
Transaction Value screens flag transactions above a specific threshold that requires manual review. Businesses may also consider screens around an entire day’s transaction value in aggregate.
Finally, businesses should add extra measures when fraud controls are necessary but insufficient. One important example is BEC fraud, where fraudsters trick employees to divulge company-sensitive information or make payments. One report found that 55% of surveyed companies experienced actual or attempted BEC fraud in 2021 — often through fraudsters emailing employees under the guise of a senior internal figure. Fraud controls can flag these emails as external, but businesses must also train employees to identify suspicious emails.
Best practices for choosing a partner
Organizations will need to work with a payments partner to enable fraud controls. Choosing a best-in-class provider is critical to help you have tailored and efficient controls such as what’s within J.P. Morgan Access. The right partner can also help you implement more sophisticated fraud control techniques such as anomaly detection and AI & Machine Learning.
Below are a few of the most important factors to consider when choosing a provider:
Scale: With scale, your partner has the size to make the necessary investments to create cutting-edge tools that stay ahead of fraud trends. For instance, scale can help with supporting the necessary tech investments to remain competitive.
Expertise: Beyond investments, scale also means that a partner has more data to analyze and can therefore provide a higher level of expertise and insights.
Integration: With scale, a partner is also more likely to offer a comprehensive suite of payments services. As a result, fraud payment controls can seamlessly integrate with other payments technology including via API integration to help reduce outage risks (and their costs) when a network of systems breaks.
To learn more about how we can support your business, please contact your J.P. Morgan representative.
2022 JPMorgan Chase & Co. Member FDIC. Deposits held in non-U.S. branches are not FDIC insured. All rights reserved. The statements herein are confidential and proprietary and not intended to be legally binding. Not all products and services are available in all geographical areas. Visit jpmorgan.com/disclosures/payments for further disclosures and disclaimers related to this content.