Traditional paper check usage has been on a downward trend for decades. Consequently, more organizations are aiming to incorporate digital payment solutions into their business-to-business (B2B) transactions. Shifting to digital payments can save time and money, but businesses must also heighten their security measures to prevent the associated fraud risk.
To learn more about the risk of fraud, what companies should look for in their next payment platform, and how to maintain strict compliance with changing regulations, PaymentsJournal sat down with Chris Clausen, Executive Director of Digital Payment Solutions at Deluxe, and Steve Murphy, Director of Commercial and Enterprise Payments Advisory Service at Mercator Advisory Group.
Paper checks and fraud: a recent history
According to Mercator research based on the 2021 AFP Payments Fraud and Control Survey, checks are by far the most frequent vehicle for both attempted and actual payments fraud. Every year between 2015-2019, at least 73% of surveyed U.S. companies experienced actual or attempted fraud, and for at least 70% of those companies, it was in the form of check fraud. Fraud in general saw an upward trend over those years.
2020 saw a slight reduction in check fraud, with 66% of companies reporting actual or attempted fraud, likely due to the rise in electronic payments induced by the COVID-19 pandemic. Analysts have been predicting the demise of paper checks for years, and many saw COVID-19 as the catalyst that would finish them off for good. “We’re seeing that in certain use cases and not in others,” Clausen remarked. Although checks were already fading away, the pandemic only bruised commercial check usage in the early months due primarily to office dislocation.
Naturally, as check use declined, fraudsters were denied access to the various points that were prone to check fraud. “The physical delivery of the check is where a lot of the exposure lies around fraud,” said Clausen. “There’s a lot of hands touching it.”
In fact, since the first half of 2020, checks have been on the rebound, reverting to pre-COVID levels. There are many possible reasons why paper checks have stuck around longer than expected. Broadly speaking, it can be somewhat difficult for businesses to make a full transition away from using checks. One reason might simply be that, even though payments were a pain point due to COVID-19, companies still have more pressing priorities.
“Business customers are dealing with other major pain points outside of just managing their payments,” said Clausen. “One of the things about the check is most businesses know how to use it. They don’t have to devote a lot of calories to making their payments, and they need to spend those calories elsewhere.”
Another reason involves payee portal fatigue. “A lot of the digital payment technology that’s out there struggles to meet all of the industry needs that go with the payment in terms of remittance, in terms of enrollment, and in terms of payees into the digital payment portals,” Clausen explained. COVID forced companies to try implementing new solutions, and according to Clausen, “a lot of those solutions didn’t check all the boxes.”
In many instances, the success or failure of phasing out checks in favor of digital payments was determined on a case by case basis. Some companies found it didn’t work for them, while others are still working it out but have not yet shifted all of their volume over. “It’s really an interesting mix,” Clausen summarized.
How digital payments can decrease fraud risk
On average, eight people are going to handle a physical check as it makes its way through the payment life cycle. “Every time somebody handles a paper check, you are exposing that payment to third-party fraud,” explained Clausen. Paper checks can be susceptible to alteration and counterfeiting, and though businesses like Deluxe have led the way on building improved security features into checks, most of those features rely on bank staff recognizing the problem and taking swift remedial action. “It is an imperfect system,” said Clausen.
Conversely, a digital payment tends to be handled by only two people: the payer and the payee. In terms of pure numbers, digital payments represent a significant security benefit. Additionally, digital payments provide a digital fingerprint that follows the life cycle of the payment. “You can easily deconstruct who has had access to that digital payment and what they were able to see and do with it,” said Clausen. “The good digital payment solutions make that information readily accessible so that if there ever is a problem, it can be identified early in the process, as well as prevent future issues.”
Another benefit of digital payments is separation of controls. Business owners can put structured processes in place to prevent any one employee from having all the pieces necessary to conduct large-scale fraud. “Digital payments can help, both with external fraud by third parties and also internal employee fraud,” Clausen summarized.
Clausen was careful to clarify that digital payments are not 100% fraud-proof, and that criminals can be rather creative in how they seek to attack emerging digital payments technology. “The industry will have to continue to innovate and be very aware of what’s happening,” he said.
Companies like Deluxe use different payment modalities, each of which adds additional security benefits such as Positive Pay, real-time verification, and separation of controls. These measures reduce risk and bring immediate benefit to both business and bank customers by lowering actual losses.
What organizations should look for in their next payment platform
When businesses evaluate their digital payments platform needs, they should focus on four main areas to ensure security and efficiency:
- Digital account access – Ensuring the right parties are credentialed to issue and process payments by setting up protections such as multi-factor authentication and separation of controls
- Payment delivery and retrieval – Preventing any opportunities for alteration, redirection, or money laundering and avoiding undue exposure of key details such as account or card numbers
- Payment deposit – Understanding how payment data are retained and protected and setting up notification requirements for any potential data breach
- Overall platform security – Regularly testing the payments platform from a penetration perspective and maintaining ongoing security protocols to retest for new vulnerabilities
Every security measure in place should be visible and explicit because deterrence is a big part of fraud protection. “Criminals do just like everyone else does by human nature: they go to where the easy money is,” Clausen explained. “If it’s difficult to get to, they are likely to pass and look for easier targets.”
Companies should also incorporate anti-fraud training programs, according to Murphy, so that employees can recognize and prevent business email compromise, ransomware, and phishing attacks. Overall, payment service providers should have clear measures to determine if fraud is being perpetrated. Businesses should be able to ask questions about all of the above measures, and if the provider cannot readily offer sensible answers, then that provider might not be the best option.
Finally, businesses must stay aware of changing regulations and compliance requirements in the industry. It can take a lot of resources and energy to keep an eye on evolving rules and regulations, so the best way to stay updated is partnering with an established entity such as a large bank, service provider, or fintech like Deluxe, with a strong reputation for compliance. This is especially important for smaller startups that may be bringing technological innovations that can brush up against legal boundaries.
“Whether it’s PII compliance, whether it’s HIPAA, whether it’s PCI compliance, there’s a lot of different regs that impact your business’s ability to stay current with the law,” Clausen concluded. “What you want to look for is an established player that has the bench strength to be able to stay current on state- and federal-level compliance related regulations.” Deluxe’s SOC-2 certified Deluxe Payment Exchange (DPX) platform leverages digital technology to lower costs and reduce fraud for B2B payments, all while maintaining strict compliance.
