Fraud is an evolving challenge in the world of business payments and the landscape is changing faster than ever. We sat down with Nick Telford-Reed to explore the current fraud trends, the emerging challenges for businesses and the strategies that can help mitigate the risks. As an indication of the size of the problem, in the UK alone, The Office for National Statistics (ONS) estimates that approximately 53% of all fraud is now online enabled. Here's what he had to share.
What’s the current fraud landscape like globally?
The reality is that the nature of fraud differs significantly depending on where you are in the world and what kind of organisation you're part of. For example, in the United States, the prevalence of cheques means there's still a lot of cheque fraud to deal with. And there are enormous cultural and societal differences internationally. Consider identity, while some nations have strict identity checks for everyday activities where others lack any such infrastructure.
However, in many regions, the rise of real-time payments, push payments and bank-to-bank transfers is driving new, sophisticated forms of fraud. Remote working has made it easier to manipulate individuals into making or approving fraudulent payments. These aren't typically initiated by fraudsters impersonating the payer, but rather by manipulating finance teams to make legitimate transactions to redirect funds to fraudulent recipients.
This spear phishing fraud is becoming more difficult to combat, particularly with AI advances. An employee receives an urgent email from someone impersonating their CEO, requesting an immediate transfer of funds. With the advancements in generative AI, emails can now be written to sound convincingly like the executive in question. The rise of deepfake technology also allows criminals to generate realistic audio and video messaging, targeting key members of an organisation who are often the most visible and accessible.
Moreover, the acceleration of real-time payments means there is less time to verify transactions. Where traditional payment methods allowed for a buffer period that could reveal fraud, real-time payments leave little opportunity for checks and balances.
How does B2B fraud differ to consumer-targeted fraud?
A key distinction is the difference in protections available for consumers versus businesses. Consumer accounts are protected by significant regulatory frameworks. In the UK, for example, there is the Consumer Credit Act and across Europe there are implementations of the Second Payment Services Directive (PSD2). However, these protections do not typically extend to business accounts.
I’ve had my own business credit card hit by fraud: hundreds of small-value transactions were processed without intervention or authentication. If this had been a consumer card, the bank would have likely stopped the activity much sooner. The fact that the card belonged to a company rather than a person made recovering the funds much more difficult. The lack of regulatory protections for businesses means that fraud in B2B payments can go undetected or unremedied for longer and the onus is firmly on business to protect themselves.
What are the key fraud prevention strategies?
Businesses need to adopt a mindset of assuming their communications and systems will be compromised. This means building business processes that anticipate vulnerabilities and add layers of verification. Strategies include:
- 1. Double verification: For high-value transactions, always use the ‘four eyes’ principle. If an email request for a fund transfer comes through, verify it via a separate channel – for example, by phone or a video call – before proceeding.
- 2. Leverage AI tools: Machine learning (ML) can be used to assess the legitimacy of emails and payment requests. There are many tools available that can give an estimate of whether content was generated by AI. Though not perfect, these tools can add another layer of fraud prevention.
- 3. Behavioural analytics: Monitoring for unusual activities is critical. ML can effectively sift through this data to highlight potential red flags, but due to a risk of hallucination, it’s still vital to have human oversight to make the final decision.
What role does data analytics play in fraud detection?
Data analytics plays a pivotal role in identifying fraud in its early stages. The goal is to identify anomalies - payments that deviate from the usual patterns. This might include money being sent to a new bank account, payments being made in unusual amounts, or funds going to unexpected countries or in different currencies.
ML can do the ‘hard grind’ of analysing data and models can be trained to detect exceptions, but again, the final step should still involve human experts verifying any anomalies flagged by the system.
What is the role of regulatory compliance and information sharing?
Effective fraud prevention requires strong compliance frameworks, especially around Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. Unfortunately, many institutions, particularly newer fintech companies, can deprioritise compliance in favour of rapid growth. As a result, fraudsters exploit the weak points in these systems.
A broader industry-wide challenge is the difficulty of sharing fraud-related information between banks, payment networks and financial institutions. While there are efforts under PSD3 and other regulatory initiatives to create a framework for data sharing, it's not without its challenges. Proper consent and careful framing are required to ensure data is shared responsibly and legally.
What are some of the emerging technologies in fraud prevention?
There’s potential in technologies like passkeys and roaming authenticators, which could play a key role in enhancing security for B2B transactions. Passkeys are a form of authentication that link to a physical device, require user verification (typically biometric) and can be synchronised across devices. However, challenges remain around integrating these solutions into corporate environments, especially where personal and professional device boundaries blur.
Behavioural analytics, such as monitoring typing patterns, mouse movements, or even the way a user interacts with their environment, are gaining traction as an effective fraud prevention measure. The European Banking Authority has recognised behavioural biometrics as a valid second factor of authentication, which could further bolster security in B2B payments.
What’s the future of fraud prevention in B2B?
Looking ahead personalised fraud detection models may become the norm. Rather than using broad models aimed at millions of consumers or businesses, we could see tailored models designed for specific individuals or small groups, providing more effective detection of fraudulent activity. This is likely to start with high net worth individuals or key executives who control significant budgets.
Consumer education also remains an important piece of the puzzle. While consumers may not want to engage with payments processes until fraud occurs, educating them about risks and the benefits of verification could help reduce their vulnerability.
It’s clear that fraud prevention in B2B payments is complex, with evolving threats and a shifting landscape. Businesses need to stay ahead by building robust verification processes, leveraging data analytics and pushing for stronger regulatory frameworks. But the key to effective fraud prevention is blending human oversight with the latest technology – a combination that could ultimately tip the scales in favour of businesses over fraudsters. To learn more about B2B payments challenges and AI advances in banking and payments, you can access our e-books on the Payments Content Hub.