Fighting Payment Fraud

A growing risk

The number of payment fraud incidents—ranging from email scams to the hacking of accounts payable departments and employee embezzlement—continues to grow at an alarming rate. The cost to US businesses and their customers totals billions of dollars annually.

Here are some best practices for protecting your business.

Computer systems and online transactions

  • Install a dedicated, actively managed firewall
  • Use and regularly update antivirus and spyware-detection software and security patches on all computer systems
  • Conduct online banking activities from a stand-alone, hardened and locked-down computer system
  • Limit administrative computer rights
  • Access only trusted business websites during online banking to avoid accidentally downloading malware or viruses
  • Avoid all social media channels from company computers
  • Establish procedures to identify and isolate network computers infected with malware, and make certain infected computers are fully remediated before using them again for online transactions
  • Require two or more users to create, review and release payments, and set account limits

Electronic payment

  • Set individual payment limits appropriate for the user, and use a maximum dollar amount per transaction for initiating and approving wires and other funds transfers
  • Review Automated Clearing House (ACH) and wire transfer procedures regularly to ensure user entitlements support appropriate needs
  • Use ACH Positive Pay, a cash management service that allows a user to review ACH exceptions and make decisions to pay or return items
  • Consider receiving ACH payments through a masked virtual UPIC bank account number and consider paying employees by reloadable debit cards
  • Implement the segregation of accounts, reconcile accounts daily and sign up for payment alerts


Business Email Compromise, or BEC, is a popular vehicle for fraud. It's important to authenticate all suspicious email requests from superiors, agencies, vendors and colleagues through another communication channel. Curb faxing or emailing wire instructions to anyone.

Restrict access to personal email accounts, and match requests with known invoices. Ask: "Do I know the sender? Am I expecting a message from this company? Did I initiate action that would result in a response from the organization? What kind of change is the email suggesting?"

Check payment

Check fraud is both the oldest and most widespread form of financing fraud. Checks may be stolen, copied or altered. Here are some protective actions:

  • Reconcile accounts daily
  • Segregate internal audit from controller duties
  • Consider switching to electronic payment only
  • Verify with other institutions the legitimacy of checks
  • Safeguard check stock and use security features
  • Consider outsourcing check processing to a secured vendor
  • Use Payee Positive Pay or Positive Pay to compare presented checks against issued checks, with immediate alerts for exceptions

Educate your staff

It's critical to educate everyone in your organization to the signs of fraud. They must understand the purpose of security protocols, how to identify suspicious situations and what to do when anomalies arise.

Related topics

Protecting Against the High Cost of Cyberfraud  (Article)

Given the relative newness of cyber liability coverage and the variability of policy features, it's essential to carefully analyze one's needs and scrutinize available options before paying the first premium.

Staying Disaster-Ready in Treasury  (Article)

In the event of a natural disaster, a well-documented treasury continuity plan can help organizations increase the likelihood of resuming normal operations—and cash flow—in a timely manner.

Branch Banking and Trust Company, Member FDIC.

New York City residents: Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at

Branch Banking and Trust Company is now Truist Bank. Learn more.

BB&T and SunTrust have merged to become Truist. Both institutions will continue to offer independent product lines for a period of time. This may include differing underwriting guidelines, product features, terms, fees and pricing. Our friendly teammates at your local SunTrust branches will be happy to walk you through their respective products. You can also learn more by contacting them at 800-SUNTRUST or

BB&T Complete Client Protection

about Truist Bank