How to Safeguard Your Business from Payment Fraud

According to a 2019 analysis by FinCEN, the real estate sector is one of the top three industries targeted for fraud. What can you do to better protect your business against payment fraud?

Fraud and email breaches have become a widespread issue. According to the 2020 Association for Financial Professionals Payments Fraud & Control Survey, 81 percent of companies were targets of payment fraud in the last year. As the number of organizations incurring financial losses from fraud continues to rise, business leaders can take proactive and preventative measures to help protect their business from payment fraud.

Whether your business is large or small, you may consider learning how to protect your business against fraud. A 2018 survey conducted by the Better Business Bureau (BBB) found that nearly seven in 10 small business owners believe the risk of a business scam is higher today than it was three years ago. Even when a company is able to handle the costs of fraud, an incident can have an outsize impact on reputation, employee morale, and productivity.

“It’s more than just the loss of the funds themselves,” says Jeff Taylor, senior vice president for Treasury Management Core Products and Services at Regions Bank. “You also have the ancillary costs like the time and effort to research the event and any other expenses.”

For real estate businesses, preventing payment fraud may be especially important. Real estate is among the sectors most commonly targeted in business email compromise schemes, according to the Financial Crimes Enforcement Network. A recent advisory released by the agency noted that the real estate industry in particular represents a lucrative opportunity for scammers due to the large dollar amounts associated with transactions. Additionally, the increased vulnerabilities due to readily available public records paired with the ease of impersonation via email and a lack of strong authentication processes make this industry a particularly appealing target for fraud.

In fact, between 2015 and 2017, the number of email scams targeting the real estate sector increased more than tenfold. In 2018, the real estate and rental industry lost nearly $150 million to fraud. Further, 97 percent of property management companies say that they have experienced fraud in the properties they manage.

Fortunately, as a business leader, you don’t have to wait until an event occurs to put preventative measures in place. Taking time now to learn more about common fraud cases and the preventative steps you can take may help protect your real estate business in the future. 

Recent Cases

According to the BBB survey, among small businesses that had fallen victim to a scam, 57 percent were targeted via telephone, 50 percent were reached by email, and 24 percent were targeted during an in-person encounter.

Here’s a look at some of the fraud cases affecting our industry:

  • Case #1: Internal, ACH, and check fraud. An affordable housing developer learned that a former controller had been using company funds to pay personal bills via ACH. The client also learned that checks had been duplicated and attempted to be cashed.
  • Case #2: Wire fraud. An office manager at an affordable housing developer and property management company received an email that appeared to be from the company CFO, requesting a wire transfer to funds at another financial institution. The office manager fulfilled the request, and the company later learned the email had been fraudulent.
  • Case #3: Business credit card fraud. When seven business credit cards were compromised within three weeks, the owner of this multi-family and affordable housing client had his personal credit card shut down because his Social Security number was connected to those business cards.


How to Protect Your Company

As a business leader, being proactive is a necessary part of risk management in today’s business landscape. As fraud awareness grows, business owners are expecting to designate more funding to protecting their operations against criminals. In fact, 55 percent of businesses expect to increase their budgets for anti-fraud technology over the next two years.

“Establishing internal controls to prevent payment fraud is no different than having a business continuity plan in case of a disaster,” Taylor says. “It’s something you need to do.”

Here are several steps you can take to protect your business against fraud:

1. Train all staff members

Hold regular training for staff members so they understand the types of payment fraud. The training should cover how to spot fraud as well as best practices to proactively prevent it. These practices may include identification requirements for check and credit card payments; using strong, unique passwords for online accounts; and setting up a plan for employees to reference if they suspect fraud.

2. Remain alert for bogus emails

There are two main types of bogus emails to keep an eye out for:

  • Phishing emails.Criminals create realistic-looking emails purporting to be from a client or business partner with links to fake websites. If a recipient clicks on the link and attempts to log in, the criminal can steal this information and gain access to the account. Antivirus software and spam filters help cutdown on phishing emails, but if you receive one that you’re unsure about, enter the web site separately into your browser rather than clicking through the emailed link.
  • Impersonation emails. Like the email described in Case #2 above, impersonation emails involve a fake email, from someone the recipient knows, requesting funds. Scammers often use information gleaned from public records and social media to make these emails appear more legitimate. If you receive an email asking for a payment or requesting a change in vendor payment terms, call the vendor at a number known to you to confirm before putting the change in place. Don’t respond to the email or call the number listed in the email because it is likely controlled by the impersonator.

One way to challenge criminals is to post less personal information on social media or tighten your privacy settings. With less available information online, you may become a less vulnerable or attractive target. “Before the proliferation of social media the fraudster didn’t know that you were on an international vacation for an extended period,” Taylor explains.

3. Set up dual approval processes for certain transactions

Set a dollar amount threshold and require two-employee approval for any transactions exceeding this amount. Requiring two sets of eyes on large transactions decreases the chance of a fraudulent payment going through. Plus, it makes it harder for an individual employee to commit fraud.

  • The Regions Bank iTreasury commercial online banking platform allows users to set up flexible security controls, establishing specific permissions based on each user’s role.

4. Avoid using checks

Check fraud remains the most common method used by scammers, according to the AFP report. Even as many consumers move away from checks, crooks continue to target check transactions because the time it takes for a check to process may provide leeway for criminals to get away.

Plus, technology has made it easier than ever to create realistic-looking checks via a home printer. Some check fraudsters also use low-tech methods, such as altering the name or the amount on a legitimate check.

  • Reduce the risk of check fraud by encouraging clients to pay via ACH or credit cards and securely storing any of your checks or deposit slips. Consider implementing Positive Pay, with Payee name verification, which helps prevent check fraud by comparing and verifying the checks you issue to those presented for payment against your account.
5. Use commercial cards

Switching to commercial cards, rather than business credit cards or personal credit cards, creates additional spending controls and visibility. Plus, commercial cards are connected to your company’s tax identification number, rather than an individual Social Security Number, which minimizes the risk that fraud can impact your personal finances.

6. Practice strong cybersecurity

While checks remain the top source of payments fraud, criminals can also target more modern payment methods. Consider these tips:

  • Use an encrypted wireless network that is closed to guests and visitors to help protect your company from online intruders. You can set up a separate internet network for guests. Further, require multi-factor authentication for remote access or to high risk systems.
  • Encourage employees to communicate via company email, rather than free accounts, which can make it easier for scammers to impersonate your business.
  • Install anti-virus software on all company computers, keep it up to date and maintain rigorous firewall protection for your network.
  • Use one designated computer for banking transactions, and do not allow email or social media access on that computer.
7. Monitor account activity

Often, payment fraud victims don’t realize a crime has occurred until months after the event, making it harder to figure out what happened and mitigate damages. Spot issues early by appointing someone to monitor account balances regularly and report any suspicious activities, or use a product designed to do so.

  • Consider implementing ACH Alert,which automatically monitors ACH debit activity to alert you of any unauthorized or suspicious transactions or transactions above a specific amount or transaction level. Clients then have the option to decline ACH debits.

Talk to your Regions Real Estate Banker about Regions products that can help

In addition to the above steps, your Regions banker is a good source of information about the latest techniques and trends in payment fraud. Regions Bank offers several products designed to prevent payment fraud and quickly alert you about suspect transactions. To learn more, visit


This information is general in nature and is provided for educational purposes only. Information provided should not be relied on or interpreted as accounting, financial planning, investment, legal, or tax advice. Regions encourages you to consult a professional for advice applicable to your specific situation. Information provided and statements made by individuals who are not employees of Regions are the views, opinions, or positions of the individual who made the statement and do not necessarily reflect the policies, views, opinions, and positions of Regions. Regions makes no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information presented.

Regions provides links to YouTube and other websites merely and strictly for your convenience. The site is operated or controlled by a third party that is unaffiliated with Regions. The privacy policies and security at the linked website may differ from Regions' privacy and security policies and procedures. You should consult privacy disclosures at the linked website for further information