Pick up any business publication and you’ll likely come across an article about cybercrime and payment fraud, yet this topic is rarely front and center in agribusiness. Operators usually don’t consider procedures and practices around cash flow and fraud prevention until there is an issue.
But cyberattacks and payment fraud are industry agnostic. According to the Association for Financial Professionals, in 2022, 71% of businesses were victims of payment fraud via email, and 63% faced check fraud. Digital payment fraud is also on the rise. Agribusinesses may be more susceptible than other businesses to payment fraud because fraudsters perceive them as being both lucrative targets and having less sophisticated fraud protection tools.
The FBI previously warned that farms and agriculture cooperatives are particularly vulnerable during the key planting and harvest seasons. Also, dairy farms collect more electronic data than ever. Think about all your farm management and financial records. They make a valuable target for fraudsters, leaving you more vulnerable to schemes such as ransomware, in which cybercriminals block access to your key systems until you pay a sum of money. Such attacks can disrupt production, shipping or receiving.
Given farming’s importance to regional economies, any disruptions to the supply chain can be significant. Furthermore, the financial and reputational risk of being a fraud victim can be expensive and damaging, so all business owners – including ag operators – should have solid fraud prevention protocols in place.
“We all rely on insurance for our businesses, homes, health, cars and equipment,” says Andrea Boom, BMO’s treasury and payment solutions consultant. “We hope insurance will cover us if something goes wrong. Fraud prevention tools and practices can prevent fraud from harming us before it goes wrong.”
The following are six common types of cyberattacks and the payment fraud they lead to, along with some suggested prevention tips that you can implement in your operation as part of your fraud prevention protocol.
1. Malware
This type of fraud infiltrates computer systems and performs unauthorized activities and transactions, such as email takeover, corporate account takeover, identity theft, data breaches and theft, and denial of service.
Fraudsters count on human behavior to execute their crimes, often by creating a false sense of urgency, such as warning that your account will be closed within 24 hours if you don’t act immediately. That appeal to immediate action should be a red flag. While email and mobile messages help keep communication flowing with vendors and others, it pays to be cautious before clicking on a hyperlink.
Prevention tips:
- Regularly update antivirus and antimalware software on all devices.
- Always verify the source of fund-transfer requests.
- Ensure website links are legitimate. Hover over a link to see where it is actually linking to.
- Be aware of any changes to financial service websites you frequently visit.
- Look out for unusual experiences, including unfamiliar URLs appearing in the browser window.
2. Phishing
This is one of the most common ways to infect computer systems with malware or begin a ransomware attack. Typically, criminals execute phishing attacks through unsolicited emails that appear legitimate, often with real company names and logos. The email may request personal or financial information or urge you to click a link that will direct you to a fraudulent website. From there, malware can infect email accounts and corporate networks, which can lead to identity theft and corporate email takeover, as well as facilitate hacking into databases.
Prevention tips:
- Validate that the person sending the email is who they say they are (A small spelling error in the email address is a telltale sign that the message is fraudulent).
- Review emails for grammar and spelling errors, which are often red flags that the email is not legitimate.
- Hover over any hyperlinks to see where they are really sending you, and don’t open any links that are unfamiliar or unexpected.
- Call the vendor directly to verify they sent the email.
3. Email compromise
These scams are highly prevalent and are often the starting point for executing fraudulent electronic payments or wire transfers.
Prevention tips:
- Always call a vendor at a known phone number before sending a wire or electronic payment.
- Always call a vendor at a known number to verify a change in wire or electronic payment information before sending payment to the new account.
4. Identity fraud
This uses another individual’s personal information – often obtained through malware or phishing – without authorization to commit a crime or defraud others.
Prevention tips:
- Don’t share sensitive information such as bank account, social security and passport numbers over email or social media.
- Monitor your accounts for fraudulent activity on a regular basis.
- Check your credit report regularly.
- Secure your vendor accounts with a personal passcode.
5. Electronic payment fraud
This occurs when someone steals another person’s payment information to make unauthorized transactions or purchases. A fraudster needs only two pieces of information to initiate an automated clearinghouse (ACH) transaction: 1) your checking account and 2) your bank routing number. Email compromise is often the starting point for electronic payment fraud.
Prevention tips:
- Monitor transactions carefully and often.
- Restrict business transaction access to authorized individuals.
- Implement dual control, which requires two users to complete a transaction, reducing the risk of payment errors and fraudulent transactions.
- Implement segregation of duties (i.e., the person authorized to initiate transactions is separate from the person authorized to approve transactions).
- Avoid paper checks or invoices.
- Consider using virtual, single-use credit cards.
- When using direct deposit payroll, require employees to provide a voided check for any payment changes.
- Enroll in ACH positive pay or an ACH filter from your bank to prevent unauthorized debits from your account.
6. Check/payroll fraud
This occurs when someone attempts to gain money by unlawfully writing bad checks, forging a check in another person’s name or fabricating a check. Farm clients typically discover this type of fraud when a check clears their account for an amount that is different from the one they wrote it for, usually a payroll check. Unfortunately, we’re also beginning to see an increase in check fraud where items are not altered; only the endorsement on the check is forged.
Prevention tips:
- Use electronic payment methods where possible, such as ACH, card or virtual card, and direct deposit payroll.
- Enroll in check positive payee with your bank. This service allows you to inform the bank of the check items you process. The bank can then compare this list to the items that are presented against your account. You can deny any fraudulent items.
- Monitor transactions carefully, preferably daily. Mobile banking can make daily oversight of transactions more accessible.
- Keep check stock locked in a secure location and restrict employee access.
- Review internal check creation and signing processes to ensure there are always at least two employees involved in the accounts payable process.
- Limit your check runs to monthly or twice a month if possible.
Fraudsters are constantly evolving and developing more sophisticated methods. The key to mitigating your risk is to remain vigilant and adopt best practices. Where possible, implement automation into your key processes. Where automation is not possible, consider implementing strong internal controls such as dual control and segregation of duties.
In an industry where margins are razor-thin, you can’t afford to be the victim of fraud.
References omitted but are available upon request by sending an email to the editor.
This article is provided for information purposes only. Readers should consult their own professional advisers for specific advice tailored to their needs. Information contained in this article may be subject to change without notice.
