10/2/2024 7:00:00 AM | Business Success

Phishing, Payments Fraud, QR Code Threats on the Rise: Is Your Business Cyber-Safe?

October is Cybersecurity Awareness Month, serving as a reminder for businesses to review, reset and enhance their fraud prevention systems. However, safeguarding data is a year-round necessity. The Federal Trade Commission reported that in 2023, consumers lost over $10 billion to fraud—a nearly 15% increase from 2022. For businesses, the FBI’s Internet Crime Complaint Center (IC3) put last year’s financial losses from cyber-related fraud at more than $12 billion.

In this Q&A, Kathryn Albright, Umpqua Bank’s Executive Vice President and Head of Global Payments and Deposits, shares insight about emerging cybersecurity threats and what companies can do to protect themselves and their customers.

Q. How serious of a threat are cyber-attacks on U.S. businesses?
Fraud and compromised systems remain significant issues for enterprises, especially as they use more digital applications to conduct day-to-day business. Our clients tell us that breaches are increasing and becoming more sophisticated. Umpqua’s proprietary data supports this as well. Our 2024 Business Barometer found that four in 10 small businesses experienced phishing threats in the last 12 months.

In a 2023 survey by the Association for Financial Professionals, 80% of organizations reported experiencing payments fraud, an uptick of 15-percentage points from 2022. These statistics indicate that fraud not only remains a significant issue but continues to increase year over year.

Q. What are the biggest fraud vulnerabilities for businesses?
We continue to see the abuse of wire payments and changes in ACH payment templates as the biggest risk, with email systems being compromised through phishing and business email compromise attacks. Fraudsters are exploiting wire transfer systems to steal money by tricking businesses into sending funds to fraudulent accounts. Additionally, they are altering account and routing transit numbers on ACH payment templates to redirect payments to their own accounts. Altered and washed check payments are becoming increasingly common.

In fact, in the 2024 annual Association for Financial Professionals survey, 65% of the business industry reported being impacted by a recent check fraud loss. Additionally, fraud due to interference with the U.S. Postal Service is also up, with 20% of the industry respondents reporting check payments being intercepted in mail transit. Fraudsters intercept these payments in the mail, alter the check details, and then cash them for their own benefit. There are also more incidents of imposters posing as a company’s CFO and using stolen credentials over the phone to steal sensitive information. These are among the biggest vulnerabilities for businesses right now.

Q. What are examples of other threats that are more often being reported?
The Better Business Bureau has alerted businesses to the rise of fraudulent QR codes being used for illegal schemes. While we often use QR codes at conferences or restaurants without much thought, it’s important to be cautious. Deceptive QR codes can direct users to phishing websites or fraudulent payment portals. To protect your business, ensure that QR codes are from trusted sources and consider using secure QR code management tools that can verify the destination before scanning.

Q. Are you seeing businesses investing more to combat cyber threats?
It is a mixed picture. We are seeing midsize businesses, which tend to have more resources, investing in systems to combat such risks. According to the 2024 Umpqua Bank Barometer survey, 81% of midsize businesses expect to invest in financial tools to protect their payments systems over the next 12 months. On the other hand, only 40% of small businesses indicated they would make such investments. As a result, we are proactively working closely with our small business clients to help them combat current and emerging threats.

Q. What are cost-effective ways businesses can protect themselves from cyber fraud?
There are five practices that should be prioritized by businesses:

Always validate transaction authenticity: Take the time to pick up the phone and speak directly with the originator to confirm the details.
Implement dual authorization: If you haven’t already, set up dual authorization for ACH payment template modifications, as well as wire and ACH originations, on all digital banking portals.
Proactively identify vulnerabilities: Regularly review all your bank accounts for potential vulnerabilities. Set up payee positive pay and ACH positive pay on all disbursement accounts. Positive pay helps prevent fraud by allowing businesses send their banks an authorized check issue file. The bank then compares the issue file with the amount, date, check serial number and payee name for any checks attempting to post on the business’s account. The business is presented with any exceptions identified to allow the business to either pay or return the items in question. ACH positive pay enables businesses to control which approved vendors can be paid electronically, among other features.
Educate your workforce: Training is crucial. Ensure your employees know how to detect and respond to fraud incidents. This can save you significant time and headaches.
Prompt notification: The sooner businesses can notify relevant parties about a potential fraud incident, the better. Businesses should ensure their employees escalate any suspected fraud internally and with their bank immediately to increase the chances for loss recovery substantially.

Q. What are your final thoughts about fraud prevention and investment?
Enhancing fraud prevention solutions is paramount for businesses of all sizes. Bad actors are becoming more sophisticated, especially as the marketplace embraces the efficiency and convenience of real-time and final, irrevocable transactions. Investing in advanced security measures not only protects assets — it helps secure our digital economy. It also builds trust with customers, positioning businesses as responsible and dependable partners.

Phishing, Payments Fraud, QR Code Threats on the Rise: Is Your Business Cyber-Safe?

Related Posts

Business Barometer webinar: Umpqua Bank leaders discuss the economy, AI, fraud and more

2024 Business Barometer: Taking the pulse of U.S. small and middle market business leaders

A Look Behind the Numbers: Umpqua Bank leaders share their observations on Business Barometer Webinar

5 Facts for Business Owners About Merchant Services

Key Considerations for Business Success in 2023

Study Finds Sacramento Businesses Making Changes as Economic Uncertainty Grows

National Business Survey Highlights Response of Bay Area to Inflation, Changing Economy

National Survey Shows Impact of Inflation, Workforce, and Supply Chain Disruption on Phoenix Businesses

Survey of Puget Sound Businesses Highlights Response to Inflation, Labor Shortage

Economy, Trajectory and Strategy for 2022

2022 Business Barometer: 5 Strategies Small Businesses Can Employ to Drive Efficiency and Growth in a Challenging Economy

2022 Business Barometer: 6 Takeaways for Mid-sized Companies to Improve Financial Efficiency in a Tight Economy

Uncovering Working Capital: How to Make the Most of Your Accounts Payable

No More Business as Usual

Making Changes that Make Sense

Here’s Why it Might be Time for Your Small Business to Automate How You Make and Receive Payments

How Small Businesses Can Digitize to Save Time and Money

Five Ways Your Business Could Benefit from a Payments Upgrade

Five Ways Your Business Benefits from Using a Commercial Card

Why Cashflow Management Should be Top-of-Mind When Planning for 2021

Smith Tea: Becoming an E-commerce Business Overnight

Fraudsters Spoofing SBA Target PPP Loan Recipients