When it comes to the impact of fraud on Canadian businesses, losses can affect a company’s ability to pay its expenses, cover payroll or carry on basic day-to-day operations. Payments fraud is among the most common type of fraud experienced by Canadian businesses, with over one-fifth of owners reporting an incident in 2021.
The most common types include credit card fraud, wire fraud and cheque fraud.
1. Credit card fraud
In 2021, 17 per cent of businesses experienced credit card fraud. As many companies both make and receive credit card payments, credit card fraud can have an impact in a few different ways.
For example, when a credit card number is compromised, a fraudster can pose as a legitimate customer and use the card to make purchases at your business online in a “card not present” environment. Unless these transactions have been authenticated, you will be on the hook to cover these purchases once they’re discovered as fraudulent. The hassle and cost of dealing with such chargebacks can affect your productivity and take you away from running your business.
On the other hand, if your business credit card has been compromised, the financial impacts can be more direct. If a fraudster racks up charges on your account, it may prevent you from covering purchases you may want to make on your credit card. Or, you may (at least temporarily) need to cover the transactions with cash flow reserved for other purposes.
How credit card fraud can happen
An employee receives a text link from what appears to be a shipping company, asking for a customs payment to complete the shipment. The employee clicks on the link and enters the details of their business credit card on the website, including the expiry date and CVV. As it turns out, the email and the website were fake, and now your business’ credit card details are in the hands of a scammer who uses the information to make online purchases.
Most credit card issuers offer cardholders Zero Liability Protection, which protects businesses against unrecognized transactions made on your credit card. This makes a credit card a secure payment method for businesses. Still, the impact on business operations and cash flow can cause headaches and hassles and affect your business’ ability to perform at its best.
Here are ways to avoid credit card fraud:
- Regularly review account statements so you can quickly spot unauthorized transactions
- Avoid sharing credit card details with unreputable sources
- Limit access to credit cards to only a small number of trusted staff
- Regularly update passwords on account sites
- Educate yourself about phishing emails and text messages and put education in place for your employees with Kobalt.io’s security awareness and phishing training
Learn more here > RBC — Cyber Security
2. Wire fraud
Wire fraud occurs when criminals trick someone in your business into sending money via a wire transfer. This type of fraud can happen through Business Email Compromise (BEC) or Vendor Email Compromise (VEC) scams, phishing scams, malware, or a combination of tactics that give fraudsters inside information to take advantage of an owner or employee.
The impact on your business can be significant since funds are very difficult to recover — once a wire transfer is sent, the money is gone.
In a recent conversation between RBC Chief Information Security Officer Adam Evans and Michael Argast, CEO of Kobalt.io, Argast explains that an organization’s resilience depends on building a cyber security culture. “A culture isn’t just some person in a closet in IT working on the problem, but it starts with a Board and impacts leadership and management, all the way down to the frontline employees who interact with customers and deal with the day-to-day work for the company.”
When security is a top priority for an organization, it becomes embedded into its DNA, and everyone understands the priority cyber security has on delivering business services.
How wire fraud can happen
A fraudster hacks into the email of an owner, CEO or another high-ranking executive. They then send a fake email to an employee, requesting an out-of-the-ordinary deposit or transfer while the executive is travelling for business. They tell the employee that the transaction is highly time sensitive, creating a sense of urgency.
Because the fraudster has been monitoring email activity through the business and has done their research, they know to wait for the executive to go out of town so that the email recipient can’t verify the request face-to-face, and they include reasons for not following standard policy or for keeping a request secret: “I plan to make an announcement in the morning. Until then, please don’t tell anyone.”
The large transfer is made to the fraudster’s account, and the business loses the amount transferred immediately.
Wire fraud largely relies on social engineering tactics more than sophisticated technical applications, so your employees and your internal procedures will be the best defence against such scams.
Here are ways to protect your business:
- Educate your employees about phishing and BEC scams. Consider installing a formal 365 testing program to help staff identify suspicious emails. For example, Kobalt’s User Education tool sends fake phishing emails to staff to test awareness and measure vigilance.
- Carefully review all account numbers before any money is sent
- Adopt a ‘stop and think’ approach to strange behaviour
- Implement two-person verification processes — two sets of eyes on a transaction are better than one
- Confirm requests through alternative communication methods, such as a phone number you have used before. Don’t use the contact information included in the email
3. Cheque fraud
While electronic and card payments have replaced cheques across many business transactions, Canadians still made 404 million cheque transactions in 2021, valued at $3.3 trillion. These high numbers keep the door open for cheque fraud, which continues to be pervasive across Canada. Cheque fraud can happen in a few different ways — through the theft of cheques, the creation of fraudulent cheques or by changing the name or amount of a legitimate cheque.
Remember, doing your due diligence for all the cheques you deposit into your account is crucial. While your bank may give you access to provisional funds in the interim, once you deposit a cheque, the amount will be removed from your account if the cheque is found to be fraudulent when processed. If the processing time is lengthy (i.e., if it’s a foreign currency cheque), you may have long spent the money and have a more challenging time recouping what’s owed to you.
How cheque fraud can happen
A fraudster engages a company and requests a quote for services. Once the quote is sent, the fraudster ‘pays for the service upfront,’ which provides a false sense of comfort to the unsuspecting company.
The cheque the fraudster sends is intentionally made out for more than the invoice amount. The cheque is sent directly to the company via courier or to the bank to be credited to the company’s account. Subsequently, the person who wrote the cheque advises the company of the overpayment and requests that the excess funds be returned.
The cheques used in overpayment scams are fraudulent or counterfeit, and the victims return the overpayment amount before the cheque clears. By the time the company is alerted that the cheque is fraudulent, they’ve already lost their funds.
Here are ways to protect your business from cheque fraud:
- Use a cheque mitigation service, such as RBC Payee Match. With Payee Match, organizations meeting certain criteria provide RBC with the details of the cheques they intend to use. Any cheques that do not match those details will be flagged as exceptions, which allows businesses the option to pay or return the cheque.
- Businesses accepting payments via cheques should question cheques arriving at your business earlier than expected or for a larger amount than expected.
- Keep your cheques in a secure location
- Review your accounts regularly so it’s easy to spot unauthorized transactions and avoid issuing cheque payments for potentially fraudulent transactions
- Shred unused cheques from closed accounts
- Switch to electronic payments whenever possible and convenient
While payment scams have become more prevalent over the years, the solutions to mitigate risk and loss have evolved. Many online banking systems, such as Cheque Pro, are available for businesses to monitor their activity, designed to assist you in spotting issues on a timely basis. Keeping your prevention tactics top of mind — and adopting systems that can help you stay informed about unusual activity — can go a long way toward protecting your business from fraud and allowing you and your team to stay focused on your business priorities.
1 The Canadian Anti-Fraud Centre
This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.