Keeping up in the ever-evolving world of fraud

New technology reshapes the business credit profession, as each innovation reframes the work of a credit manager by automating everyday tasks. Unfortunately, just as technology can transform a credit manager’s work, it can give rise to creative ways for fraudsters to take advantage of businesses.  

Why it matters: As fraud evolves, credit managers’ defenses must also evolve to meet the moment and protect their company from severe losses brought about by conniving swindlers. Staying aware of cyberfraud and the many forms it takes is key in an industry that begs professionals to keep their heads on a swivel.   

By the numbers: According to an eNews poll, 71% of respondents have received phishing emails, while 23% have seen check or credit card fraud and 6% have been the recipient of a spoofed call.   

Fraud, just like every aspect of the credit field, has advanced exponentially as artificial intelligence (AI) changes the playing field. As credit managers shift more and more of their day-to-day work to digital spaces, gaps begin to open for new forms of deception.  

“We’ve definitely seen a shift in recent years. A while back businesses were mainly dealing with stolen credit cards and bounced checks, but obviously fraud has evolved,” said David Norton, risk supervisor for United TranzActions (Miramar, FL). “With the rise of digital payments, the shift has accelerated in the last few years. Fraudsters have become more sophisticated, especially in how they impersonate customers or vendors, while using cyber tactics like business email compromise and fake payment confirmations.”  

Phishing emails are among the most prevalent forms of fraud; a link seemingly sent from a coworker or a request to change banking details from an email mimicking a larger customer’s business address can easily trick a credit manager accustomed to receiving an onslaught of messages.   

“We receive phishing schemes on almost a daily basis,” said Brett Hanft, CBA, credit manager at American International Forest Products (Portland, OR). “Email phishing is becoming a little more challenging to identify because I believe fraudsters are using ChatGPT so the terminology that’s coming in from emails is a little more professional than it was originally. It used to be very easy to spot because the spelling and grammar were bad, but it’s a little bit more challenging now.”   

There is software available that can not only make it easier to report phishing emails but send out mock phishing emails to test if members of your team will notice anything suspicious. “We use it to send out test emails internally to different people at random times,” said Justin Cowart, credit supervisor at Nucor Yamato Steel Co. (Armorel, AR). “The emails look somewhat passable. If we happen to click on a link or open an attachment on a test email, we’ve got to go through fraud prevention training.”  

Phishing emails, spoofed calls and deepfake AI may be symptomatic of new tech giving way to new scam techniques, but this new technology can also invade the physical payment space. “With advancements in technology, scammers are now using high-quality printers and stolen data from the dark web to create counterfeit checks that look realistic,” Norton said. “Some are hijacking legitimate business addresses and phone numbers to make the checks appear more authentic, which can help them bypass the verification process. In essence, businesses are fighting fraud on two fronts, the old school paper check and the AI-driven cyber threats.”  

Dishonest individuals have taken to submitting credit applications that list viable, legitimate businesses that can be verified with a credit application but include cell phone numbers and emails not affiliated with those businesses. Hanft’s and many other credit departments have revised their credit policy to include more verification steps to be more proactive.  

“We are now requiring Google searches and phone conversations with the businesses that we are receiving credit applications from,” Hanft said. “We are calling to say, ‘We’ve received a credit application from your company and this is the person who has submitted this application, is this person a valid employee? Did you submit this credit application and is your pending order or orders valid?’”  

Taking the time to verify this information can be challenging in a field like credit, especially when a salesperson might be pushing for a sale to happen quickly before credit managers get a chance to verify all the information. Finding a balance between quick decision-making and caution can be difficult, and fraudsters often stress the time-sensitivity of a sale in hopes that credit managers forgo their normal verification steps.  

“They are really trying to push a sense of urgency. They say, ‘It appears that you have this product that I can’t get anywhere else,’ ‘I’m in the middle of a job’ or ‘I need this on a job site,’” Hanft said. “It’s usually multiple loads of product, so it’s enticing to our salesman. They’re very excited about the opportunity to secure business that quickly and when the buyer stresses the urgency of needing product right now, they push credit to make fast decisions because they don’t want to wait—the market is moving.”  

To be proactive in the face of fraud, regardless of what form, credit managers must be loyal to their credit policy and verification steps, even when the situation appears urgent. Having multiple steps to verify a transaction before any materials are delivered is crucial.  

“The best defense against fraud is a layered one,” Norton said. “Using anomaly detection tools that flag unusual payment activity slows things down when needed. You don’t want to rush through a payment with a new customer without verification. Bring in a second set of eyes on a high-value transaction or an unusual transaction that’s out of the ordinary and always confirm sensitive requests. If they want to change their banking information or change an address on an existing customer’s order.”  

For some companies, cyber or crime insurance may be a facet of their fraud resiliency. “In addition to providing coverage for business downtime and other associated costs, most cyber policies provide resources on incident response planning, employee training, legal, forensics and breach notification services,” said Lauren Roth, client advisor at Marsh (Washington, D.C.).  

“It’s important to also consider the financial impacts a fraudulent email breach can have on your organization and your balance sheet’s ability to cover losses. Comprehensive cyber and/or crime insurance policies can provide organizations with an opportunity to recover from financial losses associated with email scams.” 

The bottom line: There is no simple approach to protecting your company from fraud, so it is important that you consider your industry, customer base and what areas of your company may be vulnerable to scams As fraud continues to advance, credit professionals must continuously take the time to revise and edit their credit policies to protect their companies from major losses.