3 Steps Your Organization Can Take to Mitigate Payment Fraud

According to the 2024 AFP® Payments Fraud and Control Survey conducted by the Association for Finance Professions (AFP), payment fraud via ACH, wires, and checks has increased by 65% since 2022, with 80% of organizations reporting fraudulent transactions. The rise of Business Email Compromise (BEC) attacks is a significant contributor, with 63% of organizations surveyed experiencing this type of attack.
Given that payment fraud is often initiated through BEC schemes, it is crucial for organizations to be prepared to combat these attacks, with training and awareness of employees being key. Below are the 3 steps every organization should take to protect itself from payment fraud.

  1. Develop Robust Internal Controls

Having a robust cybersecurity program and strong internal controls is essential for organizations to identify and prevent payment fraud attempts. Implementing comprehensive policies and procedures, utilizing bank ACH and checking positive pay, regularly monitoring banking activity, and conducting vendor phone call verifications are operational changes that can help protect against payment fraud.

2. Implement Resilient Cybersecurity Programs

In addition to operational changes, certain cybersecurity measures should also be considered. Utilizing Multi-Factor Authentication (MFA) dual control over payments, VPNs, firewalls, administrator activity logs, network traffic monitoring, and other security configurations are key practices that should be implemented to detect and prevent payment fraud. Vigilance in confirming bank account information with vendors, spotting deepfake invoices, BEC attacks, and other fraud schemes, as well as monitoring logs and activity, will help reduce the number of successful social engineering attacks on your organization.

3. Utilize Secure Encryption Protocols

The use of strong encryption protocols can help secure your payment transactions. Implementing strong encryption protocols will better protect payments over generally unsecure mediums, such as the internet or email. Both the National Automated Clearinghouse Association (NACHA) and Payment Card Industry Data Security Standard (PCI DSS) require robust protocols to be compliant with their standards. Security certificates (TLS/SSL certificates) and up-to-date encryption protocols (such as Advanced Encryption Standard (AES) 256-bit encryption) are industry standards that provide an added layer of protection for data in transit. Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificates are the foundation of a safe and secure internet. TLS/SSL certificates secure internet connections by encrypting data sent between your browser, the website you’re visiting (the bank or payment platform), and the website server. This helps ensure that transmissions are private and occur without modifications or loss of data. AES 256-bit encryption is the strongest and most robust encryption standard that is available today and adds a layer of protection to data in storage (or at ‘rest’). Protecting payment data both at rest and in transit will help minimize the number of successful attacks on payments and associated information being stored or transferred online.

How Centri Can Help

At Centri, we’re here to offer you the support, resources, and expertise you need, exactly when you need it most. Unsure about your current cybersecurity practices and the design and operational effectiveness of your internal controls? Centri can perform a comprehensive cybersecurity and/or internal control assessment to identify gaps and help you devise a tailored path forward. Whether it’s drafting policies and procedures, performing risk assessments, or designing controls, Centri’s cybersecurity experts are here to support your business.

    Karyn DiMassa

    Managing Director | CPA, PMP, CISA, CFE

    Karyn is a Managing Director in the IT Risk & Cybersecurity Practice at Centri Business Consulting. She has more than 13 years of combined experience in internal IT audit and external audit support (IT controls), third-party assurance (SOC 1 and SOC 2 reporting), internal controls consulting, project management, IT risk and cybersecurity, and system implementation support. View Karyn DiMassa's Full Bio

    Sunny Patel

    Managing Director | CPA

    Sunny is a Managing Director at Centri Business Consulting. He has more than 12 years of public and private accounting experience. View Sunny Patel's Full Bio

    About Centri Business Consulting, LLC

    Centri Business Consulting provides the highest quality advisory consulting services to its clients by being reliable and responsive to their needs. Centri provides companies with the expertise they need to meet their reporting demands. Centri specializes in financial reportinginternal controlstechnical accounting researchvaluationmergers & acquisitions, and tax, CFO and HR advisory services for companies of various sizes and industries. From complex technical accounting transactions to monthly financial reporting, our professionals can offer any organization the specialized expertise and multilayered skillsets to ensure the project is completed timely and accurately.

    Centri’s Capital Conference

    The Centri Capital Conference is a one-day event held at Nasdaq on April 22, 2025. This platform will connect investors with executives from presenting companies in various emerging and rapid-growth sectors, including disruptive technologylife scienceshealthcare, and more. The conference will feature industry panels, dynamic speakers, and networking opportunities and will give growth-oriented private and public companies a place to showcase their innovations.

    For more details, contact us at capitalconference@centristage.wpengine.com.

    Philadelphia
    Eight Penn Center
    1628 John F Kennedy Boulevard
    Suite 500
    Philadelphia, PA 19103
    New York City
    530 Seventh Avenue
    Suite 2201
    New York, NY 10018
    Raleigh
    4509 Creedmoor Rd
    Suite 206
    Raleigh, NC 27612
    Tampa
    615 Channelside Drive
    Suite 207
    Tampa, FL 33602
    Atlanta
    1175 Peachtree St. NE
    Suite 1000
    Atlanta, GA 30361
    Boston
    50 Milk St.
    18th Floor
    Boston, MA 02109
    Tysons Corner
    1775 Tysons Blvd
    Suite 4131
    McLean, VA 22102
    Denver
    One Tabor Center
    1200 17th St.
    Floor 26
    Denver, CO 80202
    Centri Everywhere
    1-855-CENTRI1
    virtual@CentriConsulting.com

    09/12/2024

    Be Prepared: Why A Disaster Recovery and Business Continuity Plan is Crucial For Your Organization

    September is National Preparedness Month, the perfect time to re-evaluate the necessity...

    Read More

    02/14/2024

    New SEC Cybersecurity Disclosure Requirements: Does Your Company Have a Disclosure Plan?

    On July 26, 2023, the SEC adopted new cybersecurity disclosure rules required...

    Read More

    Related Services