Receiving and making payments are part of your business’s everyday. But when was the last time you checked in on your payments solutions to make sure they’re secure? According to a 2022 report by PwC, 60% of Canadian organizations experienced fraud in the previous 24 months—that’s almost 10% higher than global fraud rates.

The good news is that fraud is preventable, given the right knowledge. We reached out to fraud expert Aisha Kitchlew-Hydrie, Senior Manager of Fraud and Cybercrime at ATB, to get her insight on payment-related fraud—unauthorized or fraudulent transactions during payment processing—and how to prevent it.

What are the most targeted payment methods for fraud?

The “what” isn’t as important as the “how”, Kitchlew-Hydrie advises. Any transaction type can be used by fraudsters if they access your online banking, accounting software or email inbox. What’s more important is exploring how fraudsters are able to gain access to conduct these transactions—the answers can lead us to how to prevent fraud in the first place.

What are trends to look out for in payment fraud and how can I prevent them?

Aisha highlights two main categories of payment-related fraud, along with trends she’s noticed for each.

Cheque fraud explained

“Cheque fraud is on the rise throughout Canada, and many businesses are being affected by it,” Kitchlew-Hydrie shares. Cheque fraud involves manipulating or forging cheques to make unauthorized transactions and access funds. There many forms of cheque fraud, including forging signatures, altering information on a cheque (like the payee or amount), creating counterfeit checks and more. “A specific trend we’re seeing right now is cheque theft, through the mail or dumpster diving,” says Kitchlew-Hydrie.

“Cheques are considered one of the least secure payment methods for exchanging money”

Why? Aisha lists a few reasons:

1. Cheques valuable personal information about the payor and payee: account numbers, signatures, addresses, phone numbers, signing authorities on accounts and more.
2. They’re easy to manipulate or forge.
3. In the process of mailing a cheque, it passes through the hands of many people: admin assistants, accounting teams, post office staff and more.
4. Since there’s no specification of which account the cheque should be deposited into, it’s relatively easy for a fraudster to change the name or payee details.

How to prevent cheque fraud

• Try using an electronic payment method—like e-transfers, wires and pre-authorized payments—instead. “Digital methods are more inherently secure than paper cheques, when used properly,” confirms Kitchlew-Hydrie.
• Check your accounts regularly—Kitchlew-Hydrie and her team recommend daily. “This will allow you to identify and report any discrepancies immediately.”
• If you have to use cheques, use them securely. Avoid mailing cheques, store them securely (locked away and out of sight) and never sign cheques before completing all fields.

Business email compromise explained

Next, we have business email compromise—or BEC for short—when a fraudster accesses a business’s email account. “Once they have access,” shares Kitchlew-Hydrie, “they impersonate the account owner to make fraudulent transactions, access confidential personal and company information, and reach out to employees, partners or vendors to deceive them into taking action. These actions include fulfilling a fraudulent invoice, updating account numbers to fraudulent accounts, sharing highly sensitive information and more.” These types of scams have only become more convincing with the use of AI fraud.

Aisha has been noticing a trend of BEC attacks targeting the accounts payable departments of organizations. “This area can be an easy target if your team isn’t aware of the risk and red flags of cybercrime, or if your business doesn’t have authentication controls and multi-person approval policies in place for processing transactions.”

How to prevent Business email compromise (BEC)

• Create employee training. Awareness has the power to equip your entire team to prevent fraud. Make sure that your employees are reaching out to the sender who is requesting the changes, using a trusted phone number, like the one from their company website. Using email as the only form of communication especially when accepting instructions is risky.
• Put email authentication protocols in place. “This allows you and your team to verify incoming emails and reduce the risk of email spoofing.”
• Enable multi-factor or two-factor authentication for email accounts and other important systems.
• Apply email filtering to identify and block suspicious emails.
• Establish strict authorization protocols. Having clear policies and procedures—and communicating them to your team—allows for greater peace of mind for everyone.
• Use secure communication channels. “Explore the use of encrypted email methods for confidential conversations, like exchanging account numbers and other personal or corporate information.”

Learn more about BEC prevention.

What payment methods and practices can I use to prevent payment fraud in my business?

Two payment methods that can’t be intercepted are EFTs (electronic fund transfers) and wire transfers. They’re considered the safest methods of payment transfers, since you have to input the account details of where the funds will be deposited. “While fraudsters may ask for wire transfers or EFTs in their scams, this doesn’t mean this payment type is unsafe—the opposite is true,” Kitchlew-Hydrie clarifies.

If you’re sending an amount under $25,000, Interac e-Transfer® allows for secure transactions and instant deposits. When your recipient is set up for auto-deposit, it’s a safe option. If they don’t use auto-deposit, choose a password that only you know and can’t be easily guessed.