How to Safeguard Your Business from Payment Fraud

Here’s how to ensure your business is protected against payment fraud.

Payment fraud has become a widespread issue for businesses of all sizes and sectors. According to a 2021 survey conducted by the Association for Financial Professionals (AFP), three out of every four companies have received targeted payment fraud attempts during the previous year, with business email compromise (BEC) being the most common method of attack.

For certain industries, taking proactive steps to prevent payment fraud is especially important. According to an advisory published by the Financial Crimes Enforcement Network (FinCEN), the industries most frequently targeted by criminals are construction, commercial services, and real estate.

The real estate industry is a particularly appealing target for fraudsters, with attempts targeting this industry increasing more than tenfold over a two-year period according to FinCEN. Several key factors make real estate transactions particularly vulnerable, including:

  • The large dollar amounts associated with real estate transactions
  • Access to readily available public records
  • Ease of impersonation via email
  • Lack of strong authentication processes within the industry

Examples of Payment Fraud

Payment fraud can take many forms. Here’s a look at some real world examples of payment fraud among companies in the real estate sector:

  • Case #1: Internal, ACH, and check fraud. An affordable housing developer learned that a former controller had been using company funds to pay personal bills via ACH. The client also learned that checks had been duplicated and attempted to be cashed.
  • Case #2: Wire fraud. An office manager at an affordable housing developer and property management company received an email that appeared to be from the company CFO, requesting a wire transfer of funds to another institution. The office manager fulfilled the request, and the company later learned the email had been fraudulent.
  • Case #3: Business credit card fraud. When seven business credit cards were compromised within three weeks, the owner of this multi-family and affordable housing client had his personal credit card shut down because his Social Security number was connected to those business cards.

How to Prevent Payment Fraud

Taking proactive steps to prevent payment fraud is a necessary part of risk management in today’s business landscape. One of the most effective ways to protect your business is by educating yourself about common threats and training your employees on how to identify fraud attempts.

“Establishing internal controls to prevent payment fraud is no different than having a business continuity plan in case of a disaster,” says Jeff Taylor, Commercial Fraud Forensics and Payment Strategies at Regions Bank. “It’s something you need to do.”

Here are several steps you should take to protect your business against payment fraud:

1. Train your staff

Hold regular training for staff members so they can learn how to spot the signs of payment fraud. Your employee training program should cover how to spot fraud as well as best practices to proactively prevent it, such as the STOP – CALL – CONFIRM method. When an employee receives an unusual or suspicious request, they should stop, contact the individual the request appears to be from using a known phone number or email address, and confirm the details of the request before proceeding.

2. Be on the lookout for suspicious emails

According to the AFP’s report, email is the most common method of attack. There are two main types of fraudulent emails to keep an eye out for: phishing emails and business email compromise (BEC).

  • Phishing emails: Criminals create realistic-looking emails purporting to be from a familiar business such as your bank, a package delivery company, your cell phone provider, or a popular online retailer. If a recipient clicks on the link and enters any sensitive information, the criminal can steal this data and use it for malicious purposes. If you receive an email or text message that you’re unsure about, avoid clicking any links. Instead, manually enter the site’s URL into your browser, or contact their customer service team for guidance.
  • Business email compromise: BEC scams rely on impersonation emails that appear to be from someone the recipient knows, like a vendor or a company employee. Scammers often use information gleaned from public records and social media to make these emails appear legitimate. If you receive an email asking for a payment or requesting a change in vendor payment terms, call the sender at a number known to you to verify the request. If the email appears to be from an internal employee, remember to stop and verify the request with someone else at your company. Don’t respond to the email or call the number listed in the email — it may be controlled by an impersonator. Instead, use known contact information to verify the details.

3. Set up dual approval processes

In addition to knowing how to spot the signs of a payment scam, it’s also important to prevent fraud with internal controls. Set a dollar amount threshold and require two-employee approval for any transactions exceeding this amount. Requiring two sets of eyes on large transactions decreases the chance of a fraudulent payment going through, while also protecting your business against occupational fraud.

  • Regions’ iTreasury platform allows users to set up flexible security controls, establishing specific permissions based on each user’s role.

4. Avoid use of paper checks

While the use of paper checks has gone down over time, check fraud remains high. Criminals continue to target these transactions because the time it takes for a check to process provides leeway for criminals to get away. While technology has made it easier than ever for criminals to create realistic-looking checks using stolen account information, some fraudsters also use low-tech methods, such as altering the name or the amount on a legitimate check.

  • To help reduce the risk of check fraud, consider implementing Positive Pay, which allows you to compare and verify the checks you issue to those presented for payment against your account.

In episode 2 of our podcast, Taylor provides actionable insights to help businesses identify and prevent financial fraud.

5. Practice strong cybersecurity

Because criminals can also target more modern payment methods by exploiting network vulnerabilities, it’s also important to boost your cybersecurity efforts. In addition to best practices such as using an encrypted wireless network, be sure to establish the following safeguards:

  • Require employees to communicate via company email addresses. The use of free email accounts (, for example) can make it easy for scammers to impersonate your business.
  • Set up multi-factor authentication for all company accounts and require employees to do the same.
  • Use strong passwords and avoid using the same credentials on multiple platforms.

6. Monitor account activity

Often, payment fraud victims don’t realize a crime has occurred until months after the event, making it harder to figure out what happened and mitigate damages. Spot issues early by appointing someone to monitor account balances regularly and report any suspicious activities, or use a product designed to do so.

  • Consider implementing ACH Alert, which automatically monitors ACH debit activity to alert you of any unauthorized or suspicious transactions or transactions above a specific amount or transaction level. Clients then have the option to decline ACH debits.

Protecting Your Business

In addition to the above steps, your Regions banker is a good source of information about the latest trends in payment fraud, as well as products and services designed to help you stop fraud attempts against your business. To learn more about ACH Alert, Positive Pay, and other tools to help you protect your business against fraud, visit

For more tips to help you protect your business against fraud and improve your cybersecurity, visit


The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit, or speak with your Banker for further information on how you can help prevent fraud. References or links to third-party websites do not imply endorsement.

Regions provides links to YouTube and other websites merely and strictly for your convenience. The site is operated or controlled by a third party that is unaffiliated with Regions. The privacy policies and security at the linked website may differ from Regions' privacy and security policies and procedures. You should consult privacy disclosures at the linked website for further information