A staggering 71% of finance professionals reported that their companies were victims of payment fraud in 2021, according to the 2022 Association for Financial Professionals (AFP®) Payments Fraud and Control Report, once again demonstrating that no industry is immune. In 2021, checks and ACH debits were the payment methods most impacted by fraud activity (66% and 37%, respectively).
A commercial card solution for B2B payments can help lower your risk of fraud by providing safeguards that protect against possible fraud. Built-in controls like chip technology, customizable merchant category code (MCC) restrictions, spend limits and cash access constraints reduce the ways in which criminals could misuse your cards. If suspicious use occurs, fraud alerts enable cardholders to quickly validate legitimate transactions or confirm fraudulent activity.
In addition to leveraging these built-in features, your organization can reduce the risk of fraud by becoming familiar with the latest scams and taking additional steps to protect your commercial card program.
Watch out for common scams
Given the prevalence of fraud, it’s critical for companies to stay one step ahead of potential threats. Below are common scenarios for commercial card fraud attempts.
Business email compromise
-
Urgent or persistent requests from senior leaders should raise suspicion
A fraudster spoofs an executive’s email account and sends an employee an urgent request to purchase multiple high-value gift cards
-
Verify any requests to ignore protocol or appeals for confidentiality
The fraudster presses the employee to activate the cards in-store, scratch off the claim code on the back to reveal card numbers and email a photo of the cards with all numbers visible
-
Make sure email addresses match your organization's standard email domain
The employee completes the request without reviewing the fraudster’s email for irregularities—such as an incorrect email address or poor grammar—or validating it internally
-
Validate fund requests by calling requestors at established telephone numbers on file
Money on the cards is quickly depleted by the fraudster and the organization bears the full loss
Account takeover
Account takeover is a similar scheme to BEC in which a criminal gains access to account information and poses as the cardholder. This type of fraud may take longer to notice and result in a greater loss.
When a merchant falls victim to a data breach, your cardholder data could be accessed and stolen.
How to protect yourself
Encrypt all sensitive data at rest, limit user access to your account and implement card controls, including MCC restrictions and credit and cash limits; enroll to receive fraud alert notifications via SMS text message, email or phone.
How we can help
We can send real-time text, email and voice alerts when we suspect fraudulent use of your account. Make sure your cardholders sign up to receive notifications.
Fraudsters can gain access to account numbers and personal data through phony links that trick you into providing information.
How to protect yourself
Be on the lookout for warning signs like a vague or incorrect email address, poor grammar, urgent language, requests for personal information and improper use of logos or graphics.
How we can help
Learn more about best practices to defend against phishing attempts.
Your personal information is vulnerable when browsing online, especially over an unsecured connection.
How to protect yourself
Avoid free, unsecured Wi-Fi connections; choose strong passwords and update them frequently or use a password manager; conduct regular employee training on adhering to policies.
How we can help
Our Fraud and Cyber experts constantly monitor the evolving threat landscape and take steps to verify client identity to help protect your account.
Add security with a virtual card solution
A virtual card payment solution—like J.P. Morgan’s Virtual Cards —enables an even higher level of security that can reduce vulnerability to evolving scams. In fact, J.P. Morgan virtual cards experience nearly 0% fraud1 when compared to other electronic payment solutions.
In addition to supporting MCC limitations, virtual cards put you in control of your payments with:
- Unique account number: Each virtual card payment has a distinct 16-digit account number. This unique number is valid only for the transaction in question, and voids afterward. The benefit is it helps protect you from fraud losses if a card number ever got into the wrong hands.
- Secure access: Your payment information is sent securely and directly to your vendor and can only be processed by that specific vendor.
- Credit limit control: You set the credit limit to match the exact payment amount, so you won’t be overcharged.
- Custom expiration date: Virtual cards support time period restrictions, so you decide for how long it’s valid.
As fraud attempts continue to grow, it’s important for your organization to remain vigilant with prevention efforts. Educate your employees to recognize red flags and optimize your payment strategy to help reduce your risk and avoid costly mistakes.
Learn more about our Commercial Card solutions, including Virtual Cards, or contact us to start a discussion.
© 2022 JPMorgan Chase & Co. All rights reserved. JPMorgan Chase Bank, N.A. Member FDIC. Visit jpmorgan.com/cb-disclaimer for disclosures and disclaimers related to this content.
References
1 Fraud rate of 0.0005%, J.P. Morgan proprietary data, 2021
