“Â鶹´«Ã½ Talks†hosts top professionals from different sectors of the lumber and building material industry to share their expertise, with a heavy emphasis on practical, tactical strategies to help you serve your markets and grow your business.
Join Â鶹´«Ã½ Talks host, Thea Dudley, as she brings her razor-sharp expertise to dissect trends, regulatory changes, and offers real-world advice for credit professionals. This week, Thea discusses fraud, a huge challenge for businesses around the country. In this episode, Thea breaks down the Payment Fraud and Control Survey shared by the Association of Financial Professionals and Truist Bank to help you understand your risk and ways to prevent it from happening in your company.
Subscribe and stay up to date as we add more experts on key topics. Listen now and subscribe via your favorite podcast provider below:
Prefer to read about it instead? Take a peek at the transcript below for Episode 2: The Probability of Experiencing Fraud + Ways to Minimize Risk.
(Editor’s note: Transcript is AI-generated and may include some errors.)Â
“Hey everyone. Welcome back to another edition of Â鶹´«Ã½ Talks Credit. This is the only podcast you can go to to talk about trade credit, specifically to the lumber and building material space. I’m Thea Dudley, your host, also known as the Credit Overlord, and we are kicking off another edition talking about fraud. Now, for those of you that haven’t tuned into us before, this is all things trade credit, whether it’s processing credit apps, AR management, collections, you know, whether you’re a beginner, whether you’re a seasoned professional, we have something for everybody. And although we love putting out the webinars once a month, I love doing those webinars with you. You guys come up with some amazing topics, and you come up with some great questions along with the credit advice column. Love getting your questions on those.
But let’s face it, sometimes you can’t wait for a column or for a webinar. You need to talk about what’s happening right now, and fraud is so timely. So this is a huge challenge for credit professionals, not only in our space, but for everybody across the country. I don’t know one business that’s not affected by it. So one of the things I look forward to every year, I, if this is what I yeah, I’m embarrassed, almost embarrassed to say that I look forward to this every year, because it makes my world sound so small and so tall. I gotta get some better hobbies.
Right around the second week of June, the payment fraud and control survey comes out, and the Association for financial professionals puts this out, and they do it in conjunction with truist bank. And this report’s been done for the last, I think, 20 years. 5000 Treasury professionals participate in it. And so it really has some great consistency, and you can kind of see the trends year over year. And so you’ve got stuff to compare it to. I love when surveys come out, but I always want to know, okay, what’s happening? What was the year before? What was it five years is there a trend? Is this cyclical? Same reason that I like tracking KPIs, I like seeing what the DSO is doing, you know, year over year. But I digress. Let’s talk about the highlights from this particular survey. So 80% of organizations reported that they had payment fraud attacks or attempts of some type in 2023 that’s a 15% increase from the year before. I think that’s a ton. Sally, you really 15% that’s a lot.
Okay, for those of you that don’t know and have never met Sally. Sally is our producer here for Â鶹´«Ã½ Talks Credit. She does an amazing job, and she’s new to credit. She’s new to ours. By fact, she doesn’t, she’s learning a lot about credit that she didn’t really want to know. So I’m, you know, I’m trying to channel her in a credit professional. And then, you know, maybe we can. We can actually, I think Rick could kill me if I, if I turned you into a credit manager. But girls got a hope. Girl’s got a dream. So 15% seems like a lot, doesn’t it? Yeah, I just I 15% is amazing, and checks continue to be the most vulnerable to fraud. Now you all remember check fraud, especially when there was, like, check washing. Someone would steal a check out of your mailbox. They would wash it, you know, kind of it goes through, like a little solution, takes off the ink from it, and they let it dry, and then they can repurpose it and make checks for stuff you did not know you wanted to pay for.
So 65% of the respondents to this survey reported that their organization had check fraud. That’s 65% that’s over half, those are not those are not good odds. Anything that’s more than half is bad. So it continued to go on with fraud due to inter interference by the post office. I love how we politically corrected that interference by the post office is up 10% so that’s somebody stealing out of a post office box your mailbox. Could be a letter carrier. Could be somebody in the post office, but when they say interference, a lot of times, they don’t tell you exactly where the interference is coming from. We’re gonna talk more about that.
20% of respondents in this survey said that they had some type of fraud going on with this. They had experienced some type of interference with the post office, so whether that was it being taken out of a mail drop or their own mailbox out front. And I know I sound like a broken record, I keep talking about get a payment portal, pull a credit report. I know that everybody thinks I’m employed or I have, like, a side gig going with the credit reporting agencies, but a portal is probably not probably a portal is the best way to combat a lot of these frauds, and we’re going to talk. We’ve only topped up the tip of the iceberg on this, so let’s talk a few more highlights. I. So for the first time in history of this survey, ACH payments surpassed wire, you know, wire fraud as the most vulnerable type for BC fraud. And BC is just business email fraud. So now you only you have old school fraud, like, you know, stealing out of your, you know, your post office box, but now you have, like, a little more high tech now we’re stealing through email. And you guys know what I’m talking about. It’s you get a suspicious email. You don’t, you kind of look at it. You’re like, Oh, somebody’s asking me via email. One of our customers is asking me to change. You know how we do something? Or somebody within our company is saying, Hey, we’re changing the routing on this and you don’t check it out, maybe you don’t catch it. Or somebody hacks into your email and start sending out stuff to your customers, saying, Hey, we’re suddenly changing something. This is where you need to send your payments now. So ACH is surpassed wire fraud as far as this goes. And even as most payment methods continue to be vulnerable to business, email fraud, you know, BC payment made via ACH, 47% and wire transfers, 39% are the most targeted.
So it’s easier for someone to get you to switch an ACH because, you know, let’s face it, everybody’s busy. I know we should all be like watching for phish, phishing, smishing, all kinds of issues. But it does get overwhelming. Not only do you have to know what’s happening in credit, you have to know payment, collections, mechanics liens, joint checks, you’ve got to deal with collecting money now you have to look at every single email that comes in and eyeball it to see if there’s a dot where it shouldn’t be, or somebody’s name is slightly misspelled. But most of us, we look at something, your eye kind of glazes over it. You don’t really notice that that, that, you know, BEC fraud is happening, so you have to be constantly vigilant on it, and you know, kind of see what’s going on. But 47% of Ach, according to this survey, was vulnerable, you know. So it was up almost what eight, 9% from what wire transfers were, and of the organizations that were victims to payment fraud in 2023, 30% were unsuccessful in recovering funds due to fraud. So 30% now, okay, I understand that you’re like, Okay, well, 70% were successful, okay, but 30% that does not feel good when you’re in that 30% that costs a lot of money. That doesn’t even count your bad debt.
So now you all now you have bad debt to worry about, but now you have thievery. So you know, on an up note, 41% of organizations were successful in recovering at least 75% of the funds that were stolen from them. You know when? Or they say funds lost, honey, they weren’t lost. They were stolen. I nobody lost them. You know, it’s not as common anymore to hear, Oh, we lost a check in the mail. It’s like, I have a solution for that. You could have just paid me on my portal, and we could have gotten around all of this.
The other thing too is, if you’re seeing like a business email, it’s that that BEC fraud. It’s really hard to do that fraud through a portal. And you know, I’m going to grab one of our, one of our portal contributors, and, you know, kind of have them talk about a few things there, but we’ll save that for another episode. But you know, that’s our bright note. Our bright note is 41% of organizations were successful in getting at least 75% so less than half got more than half. I don’t really like those odds. I might, I might as well just go to Vegas and gamble the company’s money. So that’s our that’s our bright note. Less than half of the organizations impacted. So if that’s not depressing enough, that’s not enough to make you go, I’ve never everybody just, everybody just needs to pay me. COD, the post office is not a secure bet for mailing your checks.
I know I kind of alluded to that earlier in this podcast, but on July 11, news came out that two former postal workers abused their positions to allegedly, and let me quote this, allegedly pull off one of the biggest thefts at JFK International Airport. So the charges allege that there were, you know, five defendants stole, sold and fraudulently deposited millions of dollars in US Treasury checks, which, you know, included, you know, pandemic relief and some other like IRS payments for their own benefit. So of those five, two were former postal workers, so they knew how the system worked and how to get in it. There was also a case in Montgomery, in Montgomery where a formal postal service and. Employee was convicted of stealing checks and documents from the mail like okay, and then in the Houston area, another case involved a man who stole mail, including checks from us, postal services, collection boxes. Now he was sentenced to federal prison for possession of stolen and aggravated identity theft. But whether it’s the post office or somebody outside of the post office stealing your checks, it I want to cut that whole section out of this process. It’s like, if I could just take the post office out of my business, that would be great. I want to do everything via portal. And I know that sounds contradictory to what I just said about email fraud, but if I have a portal in place, there would be no reason for even if somebody got an email from us that said, Hey, we’re changing our routing. It’s like, well, I can go into your your portal and see that nothing has changed. I can see that everything is still going. I want to be able to put a link out there, whether it’s Ach, whether it’s credit card, and I, I hear you on the credit card. I know that 3% is a lot to give up, but you know, let’s can we? Can I roll you back to these numbers where 41% less than half recovered 75% and that was our bright note.
So one way or another, you’re going to pay or Well, we haven’t experienced fraud, so it’s okay. It’s like, well, it’s okay. Now it’s a lot different story when it turns out that it was you that got stolen from. It is a beast to collect from. You know, I was involved with a company where we ended up having almost half a million dollars stolen, and it took two years about 1000 man hours. And yes, we did recover about 18,000 all, but $18,000 of it. But at what cost you have all those employee man hours your care? You’ve got this blanketed bunch of money for, you know, two years. So the value of your money, even though it was great to get it back with no help from the post office, no help from federal government, so the more I can do to cut anybody, any third party, out of that that has hands in place, portals or like little robots, they just go right through. So now that I’ve depressed everybody, and I think everybody’s kind of like, okay, I’m going to start day drinking, because this is now my job. What can you do? I know I just harped on you to utilize payment portals for all customer payments that you possibly can preferably something with two factor authentication so that it makes it Hey, they have to log into the portal to be able to see their account. It’s not just hey, I’m sending you this so somebody can you know, you’ve got that extra layer in case you do get hacked.
So pay close attention to emails that request change banks, routing numbers, changes to payments, all of those things should be a clue. I know everybody’s busy. I know it’s I’m not going to say that you’re going to catch every little thing, but the more vigilant you can be, the more alert and the more suspicious. Anytime someone asks me to change something like that, it’s, Hey, that’s not that’s not normal. Why are we doing that? It seems out of the blue, and most of the time a company will call you, or something will come out on a company letterhead, and they’ll talk about, hey, we’re changing. We’re moving from pushing out checks to ACH. We need you to log in and authorize your account or set up your account. They’re going to be asking for something. There’s going to be something on their letterhead. They’re not just going to send out some random email. Random email. So pay close attention to any details in those emails. Normally, a random email is not how companies roll out changes for banking or payment request habits. Check the email address that the email came in from, really close when you read say, you do get something like that. Look at it. You can see those ones. I think everybody gets those ones from, Hey, your package is being delivered. And you know, it’s like, Oh, I’m getting a package. You didn’t order something. You know, you’re not getting a package. So don’t click on the invoice. Don’t, you know, automatically respond. It’s that’s not happening. So check where it’s coming from closely. Fraudsters change little details, and they usually have spelling errors. It’s like, okay, if you’re going to, if you’re gonna BS, me, could you get a thesaurus or a dictionary and maybe, you know, turn a phrase a little better? Or spell check. You know, Microsoft has spell check.
Everybody has it consistently. Review your AR for past dues. You can find out if somebody who has suddenly paid on time, and they’ve been going along just great, and now they’re late, that could be a missing check, and the sooner you identify that, the better. So if you call somebody, you’ve got a customer, you call and you’re like, hey, you know, normally you guys pay right around this time. I haven’t seen anything. I’m just asking because we’ve, we’ve experienced some fraud, I know. There’s a lot going out there. I’m just trying to be vigilant. So a lot of times when you disarm somebody and you tell them, hey, I’m not done in you. I’m not hey, you’re one day past due. What the heck’s going on here? I’m just trying to stay on top of things. You guys normally pay around this date you’re running, you know, four or five days late. This is not normal for you. You know, I’m just a little concerned. And if you don’t have cybersecurity training programs for your employees, for your back office processes, you need to maybe consider not maybe you need to consider doing that. It is a small price to pay, to invest, to educate your employees. It’s got to be consistent, consistent, and you’ve got to have conversations about this type of situation with your employees, with your team, so they know what to watch for. And taking a couple of extra minutes to double check the email, double check the message, you know, hey, send it to your IT department. This looks suspicious. I hate to sound like a, you know, like a paranoid or I think everybody’s out to get me, but I’d rather be safe and waste a few minutes of its time than to have the whole company go on. Thanks a lot. Thea whole company shut down. We can’t get back up for weeks, and now our system’s been hacked because you had to click the button, or we lost a bunch of money because you ended up changing some things that you shouldn’t have.
So always ask questions. No one’s ever gonna get mad at you for that. And then there are firms out there that will push training out quarterly with testing to educate your team. And in those situations, you know, you hire them, they deploy training once a month. You know, little scenarios. They make you pick out what you think looks like the fake email, and then they go ahead and let you know, Hey, did you pass or fail? And if you failed, you’re going to be taking that test to get a bunch so speaking from personal experience, you know, if you turn it on and you don’t really listen to it and you just try to click the answers, they catch on to you.
So those are some things you can do to minimize the fraud. But it is. It is out there. It’s powerful. And we didn’t even touch on a lot of credit card fraud in this and we’re seeing that on a level, you know, all over the country, with cod customers, customers coming into branches, and they, you know, maybe they put down a credit card. You run it. Maybe it’s a customer you’ve never seen before. It’s some guy you know XYZ houses. He comes in, he’s like, Here’s my card. You don’t ask for any type of ID. You just take everybody’s busy. You take the card. You just assume this, Hey, his boss sent him in with something. It’s not my card. My boss sent me in here to buy something. If you’ve never heard of them before, and they’re taking materials, or they’re having it delivered, and, you know, next thing you know, a week goes by, somebody files a credit card discrepancy report. Hey, I didn’t, I didn’t buy it, you know, and buy $15,000 worth material from, you know, this yard over here, and then you’ve got fraud happening.
So credit card fraud has been really big, so just keep your eye out for that as well. That is our episode for this particular week. And on behalf of Sally and I, please tune in for our next one, which should be in about we’re running about every two weeks. Stop in, send your questions, anything you want to know, anything that’s going on in our industry, we are happy to review it with you. This is Â鶹´«Ã½ talks credit. I’m Thea Dudley, your host, also known as the credit Overlord, and we will be talking to you next time about trade credit in the building material space. Until then, happy collecting.”