This year’s Business Payments Barometer surveyed financial decision-makers in Great Britain to gain insights on the payment industry and examine the next 12 months.
This episode on the Payments Podcast featured James Richardson, Head of Market Development for Risk and Fraud analyzing what this year’s results mean in the Compliance, Fraud and Sanctions section of the report.
Rich Williams: What makes payment fraud such a powerful topic for businesses today? Is it the fear of possible monetary loss, or is it the negative effect on their brand in the media?
Hello, I'm Rich Williams, host of The Payments Podcast, and this episode will focus on the statistics around compliance, fraud, and sanctions, as discovered in the 2019 Business Payments Barometer.
Payment fraud is a topic that’s always been high on the agenda of financial decision-makers in all four years of the annual reports, which is why today, I'm joined by James Richardson, Head of Market Development for Risk and Fraud, who is always the face behind the topic in the barometer. Hello, James.
James Richardson: Hi, Rich.
Rich Williams: The main concern this year, for financial decision-makers, was external cyber-attacks, which has been a running theme for the last four years of the barometer. Now, why is this still high on the agenda for organisations?
James Richardson: I think what we’re dealing with here is the difference between perception and reality, and organisations still have this belief that the bad guys are just on the outside. You’ve got a good firewall, you’ve got good people, then they're going to keep the threats at bay. I think the unfortunate reality here is that you need a much more balanced perspective on where these threats are.
The good news is that organisations have definitely caught up. They’ve now got a more balanced view. The insider frauds and risks are something to take note of, but that’s definitely a reason why external threats feature very highly on the agenda for organisations and their concern.
The other thing that’s great is there's a much greater opinion, less uncertainty, and what the statistics show in the barometer is that 9 out of 10 have a degree of concern when it comes to payment fraud risk.
Rich Williams: It seems what you're saying here, James, is that the default for organisations is to expect payment fraud to occur from outside of their business, and this leads us nicely to the impact payment fraud actually has on an organisation. Now, this was up last year, this year, wasn’t it?
James Richardson: Yes, up 45% actually, compared to just 15% last year.
Rich Williams: Why are more organisations being impacted by fraud now?
James Richardson: I think, let’s look at the positive first of all, so the good news is there is far more certainty year-on-year as to whether or not organisations have been impacted by payment fraud. Last year, a chunky 41% didn’t know if they had been impacted, and that’s actually gone down to 16% in this year’s barometer.
The bad news, unfortunately, is that has shifted into greater certainty that they have actually been impacted by payment fraud, and that’s a whopping 45% compared to 15% in last year’s report.
I think those are the total numbers around the whole report, and all of the different sizes of organisation. I always find it quite helpful to look at the small business impact here, in addition to looking at it in aggregate. Small businesses would frame this as being less than 249 employees, less than £2 million turnover.
One in four of those businesses are feeling the impact, feeling that pinch on payment fraud and pinch is probably the right word, because for a small business, losing cash is critical. It can be the difference between operating one week and not surviving at all.
Rich Williams: Whilst organisations are becoming more aware of payment fraud, how does this actually influence the losses they're able to recover?
Now, surely, if they're even aware they’ve become a victim, it should, theoretically, make these losses easy to recover, right?
James Richardson: You would think so. The financial loss from fraud is significant. Unfortunately, in the majority of cases, the money is actually lost forever, and let’s just talk about that in the context of this report, 87% of businesses are unable to recover more than half of fraud losses, and that actually rises to 93% for small to mid-size businesses. Just say that again because it’s a quite a statistic, 9 in 10 companies don’t recover more than half of their payment fraud losses.
The results from this year’s barometer, from 2019, they're showing that the average loss and this is again in aggregate across all the different size businesses, but the average loss sits at around £240,000. When you consider that the majority of businesses are unable to recover even half of that, that is a phenomenal impact in the day-to-day business for those organisations.
Again, to bring it back to the small business, 70% of small businesses are suffering £50,000 losses, up to £50,000 losses, and losing half of that is significant.
At the other end of the scale, enterprise businesses, nearly one in five are losing a million pounds plus. These numbers have grown year on year, so when we talk about understanding the impact of payment fraud, we’re certainly seeing greater certainty but unfortunately, we’re seeing the values increase too.
Rich Williams: Although there's now more awareness by businesses, they're actually being hit with bigger fraud attempts than ever before, and as shown, are recovering actually less funds than ever before as well, which are really interesting trends.
Is this the fault of the risk that they're exposing themselves to on a day-to-day basis, or is the technology not at a point now to secure their payments sufficiently enough, James?
James Richardson: I think that the technology is absolutely there across the industry. What you see generally, is a really long time for adoption, and it’s that classic early adopter curve all the way through to laggards that seem to take a really long time.
The technology’s there. We see that in evidence in this report. Validation and verification of who people are paying is sitting at 57%. This is, by and large, a really good mechanism that organisations are using. Validate and verify who you're paying.
The other things to talk about and mention would be multifactorial authentication, 49% of organisations using that. I think we use that in our own day-to-day lives as consumers. We’re used to that now, so that’s no particular surprise, but really good to see.
The other item on the report, which is just at 16% but is really what I would call a bit of a ‘top tip’ for where the trend is heading, is automated employee behaviour monitoring, which is really looking at how employees are acting on the payment systems, getting payments into payment networks, and helping provide organisations with more proactive tools to identify and alert to anything that looks suspicious.
It’s definitely a growing trend within the market, and it’s good to see that that’s starting to rise, and certainly something that we’re widely expecting to see more of throughout 2019.
Rich Williams: Great, thank you. Now, sanctions checking for the first time ever was a large part of this year’s Payments Barometer and something that’s becoming a more widely spoken about topic now.
Historically, sanctions checking has been the responsibility of the banks themselves, but how are we seeing this evolve?
James Richardson: I was really surprised when I saw the results from this, and in a good way, 30% of corporates are now wanting to take responsibility for sanctions checking their payments before it goes through to the banks, that’s a growing trend.
Previously, historically, it’s largely been seen the responsibility of the banks to get this done. This growing trend across the industry is seeing this filter through into the corporates, who are ultimately wanting to take more responsibility in knowing who they’re paying, in having that proactive check, rather than leaving it to the bank to decide, and that’s seen with a further statistic that says, and again in this year’s report, 84% of businesses want to know if their payments are going to a sanctioned entity.
The banks can’t tell you. They can’t disclose that, that would be classed as tipping off. It’s too late in the cycle, so 84% want to know if it’s going to a sanctioned entity. The only way that that’s going to start to happen is if corporates themselves take more responsibility. The good news is that’s already starting to happen, and again, another tip is we’re expected to see that growing over the course of the year.
Rich Williams: Broadly, what do you feel these results tell us about the payment industry’s focus on fraud, compliance, and sanctions?
James Richardson: The good news is you look year over year, there's definitely more certainty than before about the situation that organisations find themselves in. There's more certainly rather than guesswork, rather than perhaps not having an opinion.
The bad news is that it’s largely that organisations have been hit by payment fraud. We’re seeing that values are meaningful, whether it’s £240,000 losses in aggregate for what we've seen across the report or for small businesses, £50,000 payment losses. These are meaningful.
The other thing that we've seen, emerging trends like transaction and user monitoring is absolutely on the rise. It’s great to see that feature as a security measure across businesses.
In addition, this kind of concept of really knowing who you pay, so know your payee through identification of the end beneficiary, validating them or verifying them, checking them against a sanctions list. This technology is available and in the market today.
I think the cautionary tale would be just don’t get left behind, when everyone else is advancing. Those without the burglar alarm on the street are going to be the target for the fraudsters.
Rich Williams: Fantastic summary, and thanks again for your time today, James.
James Richardson: Thank you, Rich.
Rich Williams: The insights from this year’s Payments Barometer provide some interesting thinking points for businesses of all sizes, and we’ll be releasing episodes on all three main topics of this year’s report, so keep an eye for them in future.
You can also listen to an overview of the report, as discussed by Cara O'nions, Global Marketing Director and Ed Adshead-Grant, General Manager of Payments on our channel, or to download the whole 2019 Payments Barometer report, head over to the bottomline.com website, and you can find it on the resource centre.
GET IN TOUCH
Want to learn more about Bottomline's security and compliance solutions?
Give us a call.
Our solution experts are here to help.+44 118 925 8250
Chat with us.
Chat with one of our solution experts. We'll recommend the right product to fit your needs.
Let us help you enhance your security and compliance.
Tell us a bit about you and your business and we’ll get back to you with all the information you need.