How Commercial Cards Help Keep Fraud at Bay
BRIAN MCGOLDRICK, EXECUTIVE DIRECTOR OF FRAUD & CUSTOMER SERVICE OPERATIONS, J.P. MORGAN COMMERCIAL CARD
October 25, 2018
A staggering 78 percent of finance professionals reported their companies were victims of payment fraud in 2017, according to the Association for Financial Professional’s 14th annual Payments Fraud and Control Survey, which represents the largest share on record. Checks and wire transfers remain the primary targets, while fraud on commercial cards is at a five-year low.
A commercial card solution for B2B payments can help lower your risk of fraud with safeguards that protect against possible compromise. Built-in controls like chip technology and customizable merchant category code (MCC) restrictions, spend limits and cash access constraints reduce the ways in which criminals could misuse your cards. If suspicious use occurs, fraud alerts enable cardholders to quickly validate legitimate transactions or confirm fraudulent activity.
In addition to leveraging these built-in features, your organization can reduce the risk of fraud by becoming familiar with the latest scams and taking additional steps to protect your commercial card program.
Watch Out for Common Scams
Given the prevalence of fraud, it’s critical for companies to stay one step ahead of potential threats. Below are common scenarios for commercial card fraud attempts.
Business Email Compromise
- A fraudster spoofs an executive’s email account and targets an unsuspecting employee with an urgent order to purchase many high-value gift cards for clients. Red flag: Urgent or persistent requests from your organization’s senior leadership should raise suspicion.
- The fraudster presses the employee to activate the cards in-store, scratch off the claim code on the back to reveal card numbers and email a photo of the cards with all numbers visible. Red flag: Requests to ignore protocol or appeals for confidentiality should be verified internally.
- The employee completes the request without reviewing the fraudster’s email for irregularities—such as an incorrect email address or poor grammar—or validating it internally. Red flag: Anything different from your organization’s standard email domain should be examined. One or two letters may be altered.
- Money on the cards is quickly depleted by the fraudster and the organization bears the full loss.
Account takeover is a similar scheme in which a criminal gains access to account information and poses as the cardholder. This type of fraud may take longer to notice and result in a greater loss.
Skimming devices can be placed unknowingly on a merchant terminal to capture card information when you swipe.
Always insert your chip-enabled card whenever possible.
We utilize chip technology that assigns a unique code to each card transaction and makes it harder for thieves to skim your data.
When a merchant falls victim to a data breach, your cardholder data could be accessed and stolen.
Encrypt all sensitive data at rest, limit user access to your account and implement card controls, including MCC restrictions and credit and cash limits.
We can send real-time text, email and voice alerts when we suspect fraudulent use of your account. Make sure your cardholders sign up
to receive notifications.
Fraudsters can gain access to account numbers and personal data through phony links that trick you into providing information.
Be on the lookout for warning signs like a vague or incorrect email address, poor grammar, urgent language, requests for personal information and improper use of logos or graphics.
Your personal information is vulnerable when browsing online, especially over an unsecured connection.
Avoid free, unsecured Wi-Fi; choose strong passwords and update them every two months; and conduct semi-annual attestation of adherence to your policies.
We’re aware of ongoing schemes and take several steps to verify it’s you and not an imposter.
Add Security With a Virtual Card Solution
While traditional plastic cards have fewer instances of fraud than other payment methods, a virtual card payment solution—like J.P. Morgan’s Single-Use AccountsSM (SUAsSM) —enables an even higher level of security that can reduce vulnerability to evolving scams. In fact, SUAs experience the lowest fraud rate of any commercial card product, below the average rate of 0.0012 percent for electronic payment solutions.1
In addition to supporting MCC limitations, SUAs put you in control of your payments.
- Unique account number: Each SUA payment has a distinct 16-digit account number, reducing the damage that could be done if a card number got into the wrong hands.
- Secure access: Your payment information is sent securely and directly to your vendor and can only be processed by that specific vendor.
- Credit limit control: You set the credit limit to match the exact payment amount so you won’t be overcharged.
- Custom expiration date: SUAs support time period restrictions so you determine for how long it’s valid.
As fraud attempts continue to grow, it’s important for your organization to remain diligent with prevention efforts. Educate your employees to recognize red flags and optimize your payment strategy to help reduce your risk and avoid costly mistakes.
Learn more about our Commercial Card solutions, including SUAs, or contact us to start a discussion.
1 J.P. Morgan 2018 proprietary fraud data and 2018 RPMG Electronic Accounts Payable Benchmark Survey