Deepfakes are a real threat for payment security
Fraudsters are smarter and more devious than ever before. With that evolution comes an increase in successful fraud attempts, seen especially by companies that do not practice modern payment safety protocols.
This number is higher than it should be: According to the 2019 AFP Payments Fraud & Control Survey, a record 82% of organizations surveyed reported fraud incidents in 2018.
Business Email Compromise (BEC) also set a record, with a whopping 80% of companies reporting an incident. Now we're starting to see reports of fraud schemes involving "deepfakes," which are artificial intelligence (AI) technologies designed to imitate real images and sound. For example, late last year, Nikkei, a Japanese media company, reportedly sent $29 million via wire transfer in response to a phone call purportedly from a company executive—but in reality, a robocall using an AI-generated imitation of the executive's voice.
What's a company to do? Even for companies already investing in fraud prevention, it's hard to keep up. The payments landscape keeps getting more complicated. Just a little over a decade ago, most businesses paid exclusively by check, and only had to worry about check fraud. Now, in the digital age, they are also paying by ACH, card, and, as more businesses go global, by wire. That means the battle against fraud is on multiple fronts, leaving AP to juggle all these different payment workflows.
Positive Pay and Positive Payee, available for a fee through most banks, can help catch fraudulent check and ACH payments. Accounts payable receives a list of checks or ACHs presented for payment from their bank every day, which they cross-check against those that they issued. If anything is amiss, they can catch it before the bank pays the funds, which saves the trouble of trying to retrieve their money after it leaves their account. However, this process is very manual and, as experienced AP managers will tell you, time-consuming. Add more payment workflows on top and they've got a mess of processes to sift through each week.
Companies need to combine advanced technologies with human effort to mount a comprehensive effort across all payment types. For example, virtual cards can reduce card fraud. Sometimes referred to as Single-Use Ghost Accounts (SUGAs), these are one-time use "card" numbers that can only be used once by the specified payee in the specified amount. That's a significant improvement from the days of giving out card numbers over the phone or keeping a card on file.
More companies are consolidating their payment processes with single-payment-workflows through electronic solutions. This simultaneously minimizes AP teams’ workloads—enabling them to focus on more complex initiatives—and shores up security by limiting the entry-points available to bad actors.