American ExpressAmerican ExpressAmerican ExpressAmerican ExpressAmerican Express
United StatesChange Country

Businesses Fight Rising Payment Fraud with Machine Intelligence and Widespread Awareness

By Bill Camarda

Payment fraud is up for the fourth straight year, according to a new survey released in April 2018 by the Association for Finance Professionals (AFP). But, at the same time, wire fraud experts have identified multiple practices to help businesses avoid payment fraud scams, and the FBI has established a process that can – sometimes – help a business recover money stolen via fraudulent wire transfer.

Payment Fraud is Growing


Seventy-eight percent of the companies surveyed by AFP in 2017 reported experiencing fraud attempts, with nearly as many reporting business e-mail compromise (BEC).1 BEC attacks typically spoof the identity of a legitimate executive or business partner to convince an employee to make a fraudulent payment, or to provide information thieves can use to raid an account themselves.2 Occasionally, criminals commandeer a legitimate corporate e-mail account; often, they send e-mail from a spoofed domain with a name extremely similar to the legitimate corporate e-mail domain.3


Of BEC attacks reported in AFP's 2017 survey, 54 percent attempted fraudulent wire transfers. This represents a continuing increase: five years ago, only 14 percent of AFP survey respondents said they'd encountered attempted wire fraud.4 For criminals, wire transfers are an especially attractive form of payment fraud, because once funds have been sent they can be difficult to recover.5


Payment Fraud Hits Real Estate Transactions


Fraudsters are always looking for new targets and payment fraud methods. For example, wire transfer fraud has recently emerged as a serious problem in the real estate industry. According to FBI data, during fiscal year 2017 $969 million was reported "diverted or attempted to be diverted" from real estate purchase transactions and wired to "criminally controlled" accounts – up from $19 million in 2016.6


Criminals hack e-mail systems and monitor social media to track the status of real estate closings and financings. At the right moment, they send the buyer a spoofed e-mail pretending to be from the title company or real estate agent, providing updated wire payment instructions.7 Since many individuals and organizations may be involved in a real estate transaction, it can be easy to overlook the true source of a request, and hard to recognize a problem. When the buyer sends payment, it appears in a "drop account" controlled by the criminals – who immediately move it where it can't be traced.8


Card-Not-Present and Check Fraud Rise


Wire transfer fraud isn't the only form of payments fraud on the rise. For example, according to AFP, 74 percent of businesses encountered check fraud last year, slightly more than in 2016.9


Last year did see one significant piece of good news: counterfeit card fraud dropped precipitously in the U.S. as merchants rapidly moved to accepting chip cards. Unfortunately, Card-Not-Present (CNP) payment fraud associated with online and phone transactions increased. ACI Worldwide reports that one in 85 online transaction attempts were fraudulent during the 2017 holiday season, up from one in 109 two years earlier.10


According to Riskified, the travel and airline industries were hit especially hard by CNP payment fraud last year, because merchants in the travel industry must approve orders almost instantly before prices change and customers go elsewhere. Data mismatches, which often signal payment fraud, are common even in legitimate travel bookings (which are often made on others' behalf).11


Riskified also saw fraud increases in electronics, cosmetics, fashion, and home goods – though it also reported modest fraud decreases associated with gift cards, jewelry and watches, and the automotive sector.12


Practices for Avoiding Payment Fraud


Preventing payment fraud starts with enforcing good security "hygiene": for example, requiring employees to establish strong passwords and change them regularly. Law firm Bryan Cave Leighton Paisner recommends requiring multi-factor authentication to log into e-mail systems, accept initial payment information, and receive payment change requests.13


The firm also suggests sending separate confirming letters or e-mail in response to requests for a change in payment information. In other words, don't simply click "Reply": you might be replying to the criminals. It also suggests building in delays for payments to changed or foreign accounts.14


Real estate attorney Daniel Kaskal recommends advising new clients upfront that all wire transfers and changes to payment instructions will require both written and verbal consent, even if payments are being made to the clients themselves.15


If a large wire fraud occurs, the FBI's Financial Fraud Kill Chain (FFKC) process, sometimes can – if launched rapidly enough – help recover large international wire transfers stolen from within the United States.16


Machine Learning Adapts as Fraud Tactics Evolve


Companies that accept payments at scale – for example, e-commerce sites relying on CNP transactions – might consider investing in advanced machine learning fraud-detection technologies. Traditional systems have relied on sets of rules to score each new order. Newer systems are learning how to detect new fraudulent behaviors and activities automatically, as these manifest themselves in credit card fraud, payment fraud, account takeovers, and fake account applications.17


Machine learning is becoming increasingly important for several reasons, experts say. One is the increasing volume of e-commerce and other remote "card not present" transactions, in which speedy approval is often required yet the purchaser's physical card is not present for additional verification.18 Another reason for the growing importance of machine learning in fraud detection is the worldwide shift to immediate payment systems, which require correspondingly faster identification of potentially problematic transactions.19 Yet another is fraudsters' ability to continually change their tactics to evade anti-fraud controls; fraud-detection systems must therefore continuously adapt to keep up.20


Machine learning is suited to addressing fraud in payments solutions in part because of the feedback loop inherent in payments, observes Russ Jones, a partner at payments industry strategy consulting and research firm Glenbrook Partners, in a blog post.21 When fraud attempts succeed, the bad transactions are continuously reported back to the payment network and can be fed into risk-scoring algorithms along with all other data associated with each transaction.22


This means machine learning systems can analyze vast amounts of historical data to identify patterns associated with fraud. Machine learning is coming to the fore now, technology providers say, in part because faster, low-cost computers and data storage make it possible for machine learning systems to process high volumes of transactions in real time, making decisions based on complex criteria in a fraction of a second.23



Fraudsters are getting smarter and more agile. But by following the practices experts suggest, potential payment fraud victims can anticipate, respond, and outwit them. Such practices include improving security awareness throughout the organization and leveraging advanced machine learning technology to detect and halt fraud in real-time.

Bill Camarda - The Author

The Author

Bill Camarda

Bill Camarda is a professional writer with more than 30 years’ experience focusing on business and technology. He is author or co-author of 19 books on information technology and has written for clients including American Express Private Bank, Ernst & Young, Financial Times Knowledge and IBM.


1. 2018 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals;
2. “Business email compromise (BEC, man-in-the-email attack),” TechTarget;
3. “Wire Fraud Just Got More Challenging,” Bank Info Security;
4. “Wire Transfer Fraud Picks Up,” Treasury & Risk;
5. “Bulletin No. 18-04: Wire Transfer Fraud,” State of New Jersey Department of Banking and Insurance;
6. “Nearly $1B in Real Estate Transactions Target of Wire Fraud in 2017,” Morgan & Morgan Business Trial Group;
7. “Here’s another cyber scam that could cost you thousands,” Miami Herald;
8. “Some Tips to Avoid Wire Fraud This Year,” Daily Business Review;
9. 2018 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals;
10. “U.S. Online Fraud Attempts Increase 22 Percent during 2017 Holiday Shopping Season,” ACI Worldwide;
11. “5 Global eCommerce and Fraud Trends to Expect in 2018,” Riskified;
12. Ibid.
13. “Wire Transfer Fraud: A How-To Guide,” Bryan Cave Leighton Paisner;
14. Ibid.
15. “Some Tips to Avoid Wire Fraud This Year,” Daily Business Review;
16. “Hit by Wire Transfer Fraud? Use the Kill Chain Process,” New Jersey Land Title Association;
17. “AI Trends to Watch in 2018,” Feedzai;
18. Real-Time Fraud Detection – In Your Next Pizza Order,”;
19. “Why machine learning may help stop payment fraud,” CIO Australia;
20. “The role of machine learning in real-time fraud detection,” NCR Financial Blog;
21. “Artificial Intelligence in Payments,” Payments Views;
22. Ibid.
23. “Machine Learning in Fraud Management,” Payments Views;

Related Articles

Existing FX International Payments customers log in here