In 2022, the FBI's Internet Crime Complaint Center (IC3) received 800,944 complaints, with total reported losses of more than $10.3 billion—an increase of 49% over the $6.9 billion reported in 2021. Even more alarming, law enforcement reports an increasingly prevalent tactic of spoofing legitimate business phone numbers to confirm fraudulent banking details.
This post walks through the 7 types of fraud every business should be aware of, with 8 key strategies accounting teams should implement to fight financial fraud in 2024.
What is financial fraud?
Financial fraud is a serious crime that uses deception in financial transactions to steal from both individuals and organizations. Examples of financial fraud include business email compromise (BEC), check fraud, credit card fraud, and social engineering attacks. As annual losses due to financial fraud continue to climb, savvy finance and accounting teams are implementing strict countermeasures to protect their organizations.
7 types of financial fraud
The following list includes the 7 common scams and financial crimes every business should be aware of in 2024. Companies of every size fall victim to these fraud schemes every year—with sources of attacks that can be either internal or external.
1. CEO fraud - business email compromise (BEC)
In CEO fraud, company employees receive texts and emails that look like they're from the CEO—or the CFO, or some other named executive. These messages request quick action and/or information, offering enough detail to look legitimate. Also known as "spear phishing," these well-researched scams can be extremely hard to detect and highly effective.
2. Check fraud
In check fraud, bad actors use or alter paper checks to steal money from individual or business account holders. These checks may even be stolen from mail carriers and post office boxes. Because checks don't generally come with the same protections as digital transactions—and because your bank account number is printed on every one—they're more vulnerable than most other payment methods in use today.
3. Credit card fraud and identity theft
Credit card fraud occurs when a bad actor uses stolen credit card numbers to complete unauthorized transactions for financial gain. Businesses can fall victim to credit card fraud when they unknowingly charge a stolen credit card number for a transaction or when their own corporate card information is compromised—either internally or externally.
4. Expense fraud
Expense fraud includes any fraudulent disbursement in which an employee uses company expense funds for their own personal gain or fraudulently claims reimbursement for fictitious or artificially inflated expenses. According to a study by the Association of Certified Fraud Examiners (ACFE), fraudulent expense reimbursement represents about 15% of business fraud, costing businesses millions of dollars across the US.
5. Occupational fraud
Occupational fraud is broadly defined as the inappropriate or illegal use of an organization’s property, assets, or resources. Expense fraud, listed above, is one specific kind of occupational fraud. Others range from pocketing office supplies to large-scale kickbacks, bribes, and financial statement fraud.
6. Social engineering
Social engineering is the crime of manipulating people through the use of simple social expectations—tricking people into doing something like transferring money or giving hackers access to a corporate network. Unfortunately, a large portion of financial crime comes down to using people's common decency against them, whether it's holding a door open for a stranger or responding to an urgent email request for help.
7. Vendor fraud
Vendor fraud refers to fraud that occurs through vendor channels, in which either fraudulent invoices are received or legitimate vendors are impersonated. In the first type, dishonest vendors may charge a company for goods or services it did not provide. In the second type, bad actors impersonate legitimate vendors and send false invoices for payment to a fraudulent bank account or address.
Financial fraud in business
Thousands of incidents of business fraud every year cost organizations millions of dollars in the US alone. Unfortunately, no one is immune—from local small businesses to global enterprises. Even nonprofits can be targets of business fraud.
To take stock of your company's financial security and data protection, start by asking these 7 key security questions.
What are some consequences of financial fraud?
Beyond the obvious financial losses, financial fraud can also have significant effects on a company's reputation. If losses rise to the point at which a company is struggling to meet its financial obligations to vendors and suppliers, those relationships can take a long time to repair. If a data breach is involved in an incident of financial fraud, customers and vendors alike may stop trusting the organization to protect their financial information.
Another consequence of financial fraud that many companies might not be aware of involves PCI compliance requirements. Normally, small businesses that process fewer than 20,000 card transactions annually are held to simpler standards than large enterprises. However, once a business experiences a data breach, it's held to level-one compliance—a standard usually reserved for businesses that process more than six million card transactions a year.
8 strategies to prevent financial fraud
To help combat this growing problem, many companies today are using financial automation tools like digital payment providers and spend management software along with clear processes, procedures, and policies designed to minimize the chance of fraud.
The following sections outline 8 specific strategies that can help protect your business. To learn even more, download our complete guide: The 8 layers of AP security.
1. Check pay protections
Use positive pay for checks. Offered by some banks and payment providers, positive pay is an automated system that looks for potential fraud by comparing checks presented for payment to a list of information provided by the business about every check they’ve written.
Use digital payments whenever possible. Because digital payments are more secure than paper checks, look for a digital payments provider that offers digital options such as BILL Pay By Card—so you can pay by credit card even for vendors that don't usually take cards.
Send checks with anonymized banking info. If you do have to send a check, use a digital provider that offers anonymized clearing accounts. That way, your checks won't display your banking information.
2. BEC protections
Educate your employees on BEC scams. Running regular cyber security awareness training for all your employees can help prevent social engineering attacks by teaching your teams what to watch for—and reminding them to stay vigilant.
Communicate securely (not by email). Email addresses are far too easy to spoof, making it look like an email came from someone it didn't. Instead, use a secure service for communication, especially when it comes to financial transactions. Ideally, your payments platform should include secure communication that ties each message to a specific invoice in an automatic audit trail.
Let vendors manage their own banking info. When your team manages the banking and contact info for your vendors, the burden is on your team to check whether requested changes are legitimate. Instead, connect to vendors through a secure network, like the BILL network, and let your vendors maintain their own payment information.
3. Insider fraud protections
Enforce separation of duties. Separation of duties adds another layer of security to your financial processes—so the same person isn't entering invoices, approving them, and paying them.
Set up dual controls for major changes. It's a best practice to require 2 admin approvals for major changes, such as a change to your primary banking information. Make sure any financial systems you're using allow for a dual-control setup.
Require detailed audit trails, timestamps, and approvals. Full visibility means being able to see everything that happens within your financial system. Your payments platform should include an automated, timestamped audit trail of every touchpoint along the way, from invoice entry to approval to payment.
4. User authentication and security protections
Enforce a strong password policy. Make sure employees aren't using their pet's name or their kid's birthday as their password. Short passwords connected to personal info are far too easy to hack. Instead, implement a strong password policy that requires complex passwords, unique to each account, that must be changed on a regular basis.
Apply two-factor authentication (2FA). This added layer of security is a must in 2024. Passwords alone don't provide sufficient protection, even with a strong password policy in place, so be sure your financial systems offer two-factor authentication.
Use built-in, secure channels and log out inactive users. When systems allow inactive users to stay connected, innocent employees who walk away from their desks for lunch become major vulnerabilities. Protect your financial systems by setting them to log out inactive users.
5. Information security protections
Prohibit employees from sending secure info over email. Instead, provide secure messaging systems for general business communication, and use a payment platform that includes secure messaging for financial transactions.
Protect customer data with TLS. Ensure your providers use Transport Layer Security (TLS) and industry-standard cipher suites to protect your customer data. Remember, all personally identifiable information can be used for identity theft—not just personal financial information and bank accounts.
Insist on SOC 1 and SOC 2 compliance. Want to feel confident in your financial vendors, including your payment platform? Ensure that they go through annual SOC 1 and SOC 2 Type II Audits by a leading national CPA firm.
6. Physical protections
Create standard security procedures. Especially in your secure areas, be sure to create standard security procedures and reinforce them with regular training for your staff. Differentiate between public lobbies and entrances into your private offices, and set a clear security policy regarding admittance.
Lock up blank check stock and secure documents. When documents include sensitive information, such as bank statements, they should be digitized and stored securely, with permission-only access. Minimize the number of financial institution documents you store on paper, and be sure to keep blank check stock under tight scrutiny.
Enable auto-logout on all company computers. Just as your financial systems should log out inactive users, make sure your physical computers also log users out of the machine's operating system after a minimal time of inactivity.
7. Use the latest technology and AI
Use AI to detect potential duplicate invoices. Your AP solution should include optical character recognition (OCR) technology with AI that can detect duplicate invoices and flag them for close review.
Use AI to scan continually for anomalies or fraudulent activity. Where human attention can wander or get tired at the end of a long day, machine intelligence is vigilant 24/7. Make sure your human team is partnering with AI that can flag anomalies for their inspection.
Automate financial processes. Financial automation ensures that your team always follows proper workflows and procedures. Building those processes into the system eliminates the temptation to skip security processes and protocols when time is tight.
8. Improve controls for employee spending
Review your receipt policy. Make your policy clear when it comes to receipts and employee spend, and build that policy into your BILL Spend & Expense app automatically. Employees can snap receipts in their phone, and BILL stores them in the cloud, even syncing them to your accounting software.
Use virtual cards for added security. When you create virtual cards, you can tie them to a particular vendor, employee, or both. If a vendor has a data breach, your financial institution exposure is limited to the funding on that card alone. If an employee leaves the company, a virtual card can be canceled in moments.
See budgets and spending in real time. Use corporate cards that are tied to automated expense management software so you can see employee spend in real time. Don't wait until after the end of the month to hunt down receipts and hope your budget worked out. Manage it proactively with real-time spending software.
Mitigate financial fraud with BILL
Learn more about BILL's advanced security for your financial operations. Or see for yourself how BILL adds more control, visibility, and security to your financial processes—for accounts payable (AP), accounts receivable (AR), and spend management.