Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
2016 AFP
Payments Fraud and Control Survey REPORT OF SURVEY RESULTS Underwritten by
9 out of 10 finance professionals strongly believe EMV cards will successfully alleviate point-of-sale fraud.
A majority of organizations were exposed to Business Email Compromise (BEC) scams in 2015.
KEY FINDINGS
2016 AFP
Payments Fraud and Control Survey
After checks, wire transfers were the second most popular vehicle for payments fraud, with 48% of organizations exposed.
EMV Card
Underwritten by
Association for Financial Professionals
4520 East-West Highway, Suite 750
Bethesda, MD 20814
Phone 301.907.2862
Fax 301.907.2864
www.AFPonline.org
2016 AFP
Payments Fraud and Control Survey REPORT OF SURVEY RESULTS
March 2016
Underwritten by
J.P. Morgan is proud to once again sponsor the AFP® Payments Fraud and Control Survey for the seventh consecutive year and we are pleased to provide you with a complimentary copy of AFP’s 2015 report. The survey results show that now, more than ever, the need for new cyber security models and strict control governance is crucial for all businesses given that 62 percent of companies were targets of payments fraud last year. Some of the key findings in this year’s survey include:
92 percent of finance professionals believe EMV (EuroPay, MasterCard and Visa) cards will be effective in reducing point-of-sale (POS) fraud
61 percent believe that chip-and-PIN will be the most effective authentication method in mitigating credit/debit card payments fraud
Wires fraud incidents nearly doubled, from 14 percent in 2013 to 27 percent last year Paper checks continue to lead as the payment type most susceptible to fraudulent attacks
even as their overall use continues to decline Credit and debit cards experienced a decline in fraudulent activity, down from 43% in 2013
to 34% in 2014 With these statistics in mind, it is important for all businesses to take preventive measures to prevent cyber fraud by educating their employees on current payments fraud practices and implementing the products and processes they need to protect their corporate assets. J.P. Morgan is one of the world’s largest providers of treasury management services and a leader in electronic payments technology and solutions. We’re committed to fraud mitigation and information protection across our entire infrastructure and will continue to invest in the technology, educational tools and risk management expertise in the ongoing fight to mitigate fraud. We’d like to thank the AFP for providing us with this year’s valuable insights. They are a cautious reminder that the best defense is to remain vigilant in fraud detection and cyber security protection protocols. With best regards,
Nancy K. McDonnell Managing Director J.P. Morgan
J.P. Morgan is a marketing name for certain businesses segments of JPMorgan Chase & Co. and its subsidiaries worldwide. The material contained herein or in any related presentation or oral briefing do not constitute in any way J.P. Morgan research or a J.P. Morgan report, and should not be treated as such (and may differ from that contained in J.P. Morgan research) and are not intended as an offer or solicitation for the purchase or sale of any financial product or a commitment by J.P. Morgan as to the availability to any person of any such product at any time. All J.P. Morgan products, services, or arrangements are subject to applicable laws and regulations, its policies and procedures and its service terms, and not all such products and services are available in all geographic areas.
J.P. Morgan is proud to once again sponsor the AFP Payments Fraud and Control Survey for the
eighth consecutive year and we are pleased to provide you with a complimentary copy of AFP’s
2016 report. The survey results demonstrate that cyber security models and strict control governance
is crucial for all businesses given that nearly 75 percent of companies were targets of payments fraud
last year.
Some of the key findings in this year’s survey include:
• 42 percent of survey respondents reported that the incidents of fraud attempts increased in 2015
(47 percent reported no change).
• Checks still continue to be the payment method most often targeted with 71 percent of
companies experiencing actual or attempted check fraud.
- Wire transfers were second, with nearly half reporting attacks via wire transfers.
• The security of mobile payments is a chief concern for 75 percent of corporate practitioners.
• 90 percent of respondents believe that chip-and-PIN will be the most effective authentication
method in mitigating credit/debit card payments fraud at the point-of-sale.
• 64 percent of respondents reported that their organizations have been exposed to business email
compromise (BEC), with wire transfers as the payment method most impacted by BEC.
• More than 50 percent of respondents foresee transactions in which cards are not present will be
exposed to greater fraud activity.
With these statistics in mind, it is important for all businesses to take preventive measures by
educating their employees on current payments fraud practices and implementing the products and
processes they need to protect their corporate assets.
J.P. Morgan is one of the world’s largest providers of treasury management services and a leader in
electronic payments technology and solutions. We’re committed to fraud mitigation and information
protection across our entire infrastructure and will continue to invest in the technology, educational
tools and risk management expertise in the ongoing fight to mitigate fraud.
We’d like to thank the AFP for providing us with this year’s valuable insights. They are a cautious reminder
that the best defense is to remain vigilant in fraud detection and cyber security protection protocols.
With best regards,
Nancy K. McDonnell
Managing Director
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 1
2016 AFP Payments Fraud and Control Survey
IntroductionPayments are attractive targets for criminals. Given the nature of their function and the
potential access to funds, they are especially appealing to fraudsters. The rapid advance-
ment of technology has spurred innovation in payment methods, but at the same time
it has opened up more avenues for criminals to pursue. Perpetrators of payments fraud
are using their technological skills and knowledge to hack systems and succeed in their
attempts to assail companies’ payment systems.
In 2015, payments fraud was again on the uptick—and at the same level as it was in
2009 after steady declines from 2009 to 2013. However, there was a shift in the types of
fraud activity: while check fraud continued to be the payment method most often subject
to fraud, there was a decline in such fraud. Offsetting that decline was an increase in
fraud via other payment methods including wire transfers and corporate/commercial credit
cards; indeed, in the past few years well-publicized reports of data breaches at retailers
exposed the vulnerability of corporate/commercial credit cards.
If finance professionals thought their plates were already full dealing with these attacks
on payments systems, they have in the past year or so faced a newer type of fraud: the
business email compromise (BEC) scam. There is heightened concern regarding the rise
of BEC-based fraud as it requires considerable more effort than, for example, altering a
paper check. In BEC scams criminals gather confidential information on their targets and
use it to deceive their victims via email. It is disconcerting that those committing these
crimes are able to acquire personal and confidential data. The payment method most often
impacted by this hoax has been wires. The past two years, wires have been increasingly
subject to fraudulent activity and in 2015 were the second most common payment method
subject to fraud.
It is evident that finance professionals are finding it increasingly challenging to protect their
organizations from exposure to payments fraud activity. The perpetrators of these malicious
crimes are finding loopholes in the various payment systems and, unfortunately, continuing
to stay a step ahead of those attempting to foil their plans. The ramifications of payments
fraud activity can be pervasive and harmful to the organizations affected. Beyond any costs
incurred from cleaning up after exposure to payments fraud, companies have to deal with
protecting or remediating their reputation which can be an even more challenging task.
To gauge the level of activity of payments fraud, the payments methods impacted by
fraud, the various types of fraud and the challenges associated with payments fraud, the
Association for Financial Professionals® (AFP) has conducted surveys each year since
2005. The surveys examine the nature and frequency of fraud attacks on business-to-busi-
ness payments and strategies organizations are adopting to protect themselves against
fraudsters. Continuing these efforts, AFP conducted its 12th Annual Payments Fraud and
Control Survey in January 2016. The survey generated 627 responses from corporate
practitioners from organizations of varying sizes and representing numerous industries.
Results from this survey presented in this report reflect data for 2015.
AFP thanks J.P. Morgan for its continued underwriting support of the AFP Payments
Fraud and Control Survey series. Both questionnaire design and the final report, along
with its content and conclusions, are the sole responsibility of AFP’s Research Depart-
ment. Information on survey methodology and demographics of respondents can be found
at the end of the report.
2 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Payments Fraud Overview From 2009 to 2013 there was a gradual decline in the percentage of organizations
having been victims of attempted/actual payments fraud. But in last year’s 2015 AFP
Payments Fraud and Control Survey Report, we noted that the downward trend of
payments fraud reversed, although by just a few percentage points. The situation has
since deteriorated further.
Seventy-three percent of finance professionals report that their companies experi-
enced attempted or actual payments fraud in 2015. That matches the largest percentage
on record first reported in 2009. It is a significant increase compared to levels reported
in the three previous years and comparable to levels reported between 2006 and 2010.
Such a significant increase in payments fraud in only one year—from 62 percent in
2014 to 73 percent in 2015—highlights the success of fraudsters in attacking organi-
zations’ payments systems.
Percent of Organizations that Experienced Attempted and/or Actual Payments Fraud, 2005-2015
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
68%72% 71% 71% 73% 71%
68%61% 60% 62%
73%
While organization size does not appear to have had an impact on the incidence
of fraud in 2015, those organizations with fewer payment accounts were more likely
to have been subject to fraud than those with more than 100 payment accounts.
Seventy-eight percent of organizations with annual revenue of at least $1 billion and
fewer than 26 payment accounts were victims of payments fraud in 2015 compared to
64 percent of companies with annual revenue of at least $1 billion and more than 100
payment accounts.
73% of companies were targets of payments fraud in 2015
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 3
2016 AFP Payments Fraud and Control Survey
When examining data from the last three AFP Payments Fraud and Control Survey
Reports, it is evident that the gap between fraud attempts/attacks at larger
organizations (annual revenue at least $1 billion) and those at smaller organizations
(annual revenue less than $1 billion) is shrinking. In the 2014 report (reflecting data
for 2013), the incidence of fraud at larger organizations was 16 percentage points
higher than at smaller ones. This gap shrank to nine percentage points in 2015 (2014
data), and this year’s survey results reveal the percentage difference in the incidence of
fraud at larger organizations compared with smaller ones was a mere two percentage
points. We are seeing a clear trend where smaller organizations are being increasingly
targeted by criminals.
Percent of Organizations that Experienced Attempted and/or Actual Payments Fraud in 2015
80%
70%
60%
50%
40%
30%
20%
10%
0% All Annual Revenue Annual Revenue Annual Revenue Annual Revenue Less Than at Least at Least at Least $1 Billion $1 Billion $1 Billion and $1 Billion and Fewer Than 26 More Than 100 Payment Accounts Payment Accounts
73% 71% 73%78%
64%
Checks continue to be the payment method most often targeted by those committing
or attempting to commit payments fraud. Seventy-one percent of companies that
experienced attempted or actual payments fraud in 2015 were victims of check fraud.
This is a decrease from the 77 percent that reported check fraud in 2014. One reason
for the decrease is the steadily declining use of paper checks for business-to-business
(B2B) transactions. However, checks continue to be the payment method most often
exposed to fraud because they are still the most frequently used payment method. In
addition, fraudsters are familiar with checks and so are able to commit check fraud
with relative ease with the help of sophisticated equipment.
4 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Wire transfers were the second most popular vehicle for payments fraud in 2015.
Nearly half (48 percent) of finance professionals whose organizations were exposed
to payments fraud in 2015 report that such attacks were via wire transfers. This is a
significant increase from the 27 percent and 14 percent that reported wire transfer fraud
in 2014 and 2013, respectively. Following check and wire fraud was fraud via corporate,
commercial credit and debit cards with 39 percent of survey respondents reporting
their companies were targets of those types of fraud. Other fraud reported was via ACH
debits (cited by 25 percent of respondents) and ACH credits (11 percent).
The uptick in instances of wire fraud was not as surprising as how widespread
was the increase. Wire transfer fraud was second only to check fraud, and in 2015
surpassed credit/debit card fraud. One reason is that wires are attractive targets be-
cause of the speed of transaction and also the difficulty in retracting a transaction.
But another reason could be the escalation of business email compromise (BEC)
scams. Indeed, it is widely believed that BEC scams are responsible for the in-
crease in overall payments fraud activity. BEC scams are those in which criminals,
after considerable research, create profiles of executives at targeted organizations.
By being able to mimic the style a CEO or a CFO typically uses in email commu-
nications, criminals can succeed in deceiving employees into making payments to
fraudulent accounts.
Payment Method Subject to Attempted or Actual Payments Fraud in 2014(Percent of Organizations that Experienced Attempted or Actual Payments Fraud)
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
37%
25%
18%
27%
11%8% 9%
Checks Wire transfers Corporate/commercial ACH debits ACH credits credit and debit cards
39%39%
49%49%48%
77%
59%
71%
All
Annual Revenue Less Than $1 Billion
Annual Revenue at Least $1 Billion
48% of organizations were exposed to wire fraud in 2015, a significant increase from the 27% and 14% that reported wire transfer fraud in 2014 and 2013, respectively
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 5
2016 AFP Payments Fraud and Control Survey
What is troubling is that BEC is not a new scam. Last year’s survey results also
revealed a considerable increase in wire fraud from the previous year. This, together with
increased third-party fraud and account takeovers, imply an increase in instances of BEC
in recent years. (For more information on BEC activity, see page 6.)
While the incidence of payments fraud in 2015 was unchanged at nearly half of
organizations (47 percent), an almost equal share experienced an increase in payment
fraud attacks. Forty-two percent of survey respondents whose organizations experienced
payments fraud report that the number of incidents of fraud attempts increased in 2015
compared to 2014. Eleven percent of survey respondents indicate that the incidence of
payments fraud at their organizations decreased.
Change in Incidence of Payments Fraud in 2015 Compared to 2014 (Percentage Distribution of Organizations that Experienced Attempted or Actual Payments Fraud)
Increased
About the same
Decreased
11%
42%
47%
Smaller organizations with annual revenue of less than $1 billion were more likely than
larger companies to experience an increase in fraud activity over the past year (46 percent
vs. 41 percent). Thirty-seven percent of corporate practitioners from large organizations
with annual revenue of at least $1 billion and fewer than 26 payment accounts report an
increase in fraud in 2015 compared to that in 2014, while 47 percent of those from large
organizations with more than 100 payment accounts report an increase in fraud.
The incidence of
payments fraud
increased at 42% of organizations
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0% 2009 2010 2011 2012 2013 2014 2015 Checks Corporate/commercial credit and debit cards ACH debits Wire transfers ACH credits
3%4% 5%
11% 14%
48%
71%77%82%
27%
87%85%
93%90%
Trends in Payments Fraud Activity (Percent of Organizations that Experienced Attempted and/or Actual Payments Fraud)
6 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Business Email Compromise (BEC)A relatively new challenge for finance professionals in the fight against payments fraud is
business email compromise (BEC) scams. BEC scams target corporate email systems in an
effort to trick employees into making payments to fraudulent accounts. By doing extensive
research, criminals obtain information (often through phishing) and build profiles of senior
executives in an organization. The CFO is often a target and criminals study how the execu-
tive corresponds via email; they even observe nuances in those communications to ensure
their fraudulent emails appear authentic. In one typical BEC scam, an email purportedly
from the company’s CFO is sent to employees. The email provides access to payment sys-
tems requesting an urgent payment for a certain purpose. Often this will happen when the
CFO is out of the office, making it difficult for employees to verify the email is credible.
Finance professionals tasked with protecting their organizations against fraud activity
are well aware of BEC and most likely have been making efforts to mitigate its impact. It is
disconcerting that in spite of safeguards being implemented, criminals are still making head-
way with BEC scams. The significant increase in wire fraud also suggests that BEC scams
may be more difficult to prevent than was previously believed.
The key to BEC scams is acquisition of information and what criminals are doing with it.
It appears from this year’s survey results that organizations have a challenging time protect-
ing their information from criminals who go to great lengths to access it. Scams like these are
now more widespread and are the cause of an increasing number of actual financial losses for
organizations. AFP’s Treasury in Practice Guide—BEC Scams: Treasury’s Number One Fraud
Threat—explains more in detail how these scams work and how to protect against them.
A majority of finance professionals (64 percent) reports that their organizations were
exposed to BEC in 2015. Business email compromise was slightly more prevalent among
organizations with annual revenue of at least $1 billion (69 percent of those survey respon-
dents) than among smaller organizations (60 percent).
Additional information on BEC Scams
www.AFPonline.org/TreasuryInPractice/
BEC Scams: Treasury’s Number One Fraud ThreatTreasury in Practice Series
Issue 9
Percent of Organizations that Experienced Attempted or Actual Business Email Compromise in 2015
70%
68%
66%
64%
62%
60%
58%
56%
54% All Annual Revenue Annual Revenue Annual Revenue Annual Revenue Less Than at Least at Least at Least $1 Billion $1 Billion $1 Billion and $1 Billion and Fewer Than 26 More Than 100 Payment Accounts Payment Accounts
64%
60%
69% 69%
63%
64% of companies were exposed to business email compromise in 2015
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 7
2016 AFP Payments Fraud and Control Survey
Fifty-six percent of those organizations that did experience payments fraud via
BEC did so via wire transfers. Although a large share of organizations were targets of
BEC, less than half incurred any financial loss as a result.
Payment Methods Impacted by Business Email Compromise(Percent of Organizations that Experienced Payments Fraud via BEC)
60%
50%
40%
30%
20%
10%
0% Wire transfers Checks Corporate/Commercial ACH debit ACH credits credit cards
56%
29%
18% 16% 15%
Estimated Total Dollar Amount of the Potential and Actual Financial Loss Resulting from Business Email Compromise (BEC) in 2015(Percentage Distribution of Organizations that Experienced Attempted or Actual Payments Fraud via BEC)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
No Loss 53% 53% 49% 51% 48%
Up to $24,999 8 10 7 7 10
$25,000-49,999 4 4 4 8 –
$50,000-99,999 6 6 5 5 2
$100,000-249,999 9 12 9 9 7
$250,000- 499,999 6 7 5 5 10
$500,000-999,999 4 2 6 5 10
$1,000,000-1,999,999 4 4 5 4 2
$2,000,000 or more 6 2 9 7 12
8 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Financial Loss from Fraud Attempts In most cases, an attempted payments fraud attack on a company in 2015 resulted in a
relatively small financial loss. Seventeen percent of organizations that experienced
payments fraud in 2015 did not have to deal with any potential financial loss. For
25 percent of them, the potential loss from fraud in 2015 is estimated at less than
$25,000; for 29 percent of organizations the potential loss is estimated between $25,000
and $249,000. The potential loss is $250,000 or more at 27 percent of organizations.
Finance professionals from large organizations with more than 100 payment
accounts are more likely than those from other organizations to report potential
financial loss in the highest dollar ranges. Thirty-nine percent of corporate practitio-
ners from these companies report the potential loss from fraud in 2015 was greater
than $250,000.
Potential Financial Loss from Attempted or Actual Payments Fraud in 2015(Percentage Distribution of Organizations that Experienced Payments Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
No Loss 17% 13% 16% 18% 16%
Up to $24,999 25 34 19 23 16
$25,000-49,999 7 9 8 12 2
$50,000-99,999 10 11 9 8 9
$100,000-249,999 12 14 13 11 18
$250,000-499,999 9 10 8 6 11
$500,000-999,999 5 1 8 6 5
$1,000,000-1,999,999 4 3 6 5 5
$2,000,000 or more 9 5 14 10 18
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 9
2016 AFP Payments Fraud and Control Survey
Seventy-two percent of organizations that were exposed to at least one payment
fraud attempt in 2015 did not incur an actual financial loss from that attempt.
Fourteen percent of survey respondents report a loss to their organizations of less
than $25,000 and only four percent of organizations realized a loss greater than
$250,000. Nearly half (47 percent) of larger organizations maintaining more than
100 payment accounts were more likely to have experienced a direct loss than
were other companies; 12 percent of such companies suffered a financial loss
exceeding $250,000.
Actual Direct Financial Loss from Attempted or Actual Payments Fraud in 2015(Percentage Distribution of Organizations that Experienced Payments Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
No Loss 72% 75% 68% 73% 53%
Up to $24,999 14 18 10 12 12
$25,000-49,999 4 3 4 3 7
$50,000-99,999 3 1 4 3 12
$100,000-249,999 4 3 5 4 5
$250,000-499,999 1 – 3 1 5
$500,000-999,999 1 – 2 3 –
$1,000,000-1,999,999 1 – 2 2 2
$2,000,000 or more 1 – 2 – 5
72% of organizations that experienced payment fraud in 2015 did not incur an actual financial loss from those attacks
10 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
While checks were not only the most popular payment method subject to fraud, in 2015
they were once again the payment method accounting for the largest dollar amount of loss
due to fraud. However, the percentage of organizations that suffered loss as a result of check
fraud declined further—from 57 percent in 2013 to 45 percent in 2014 and 43 percent in
2015. Twenty-three percent of companies that experienced payments fraud suffered the larg-
est amount of losses via wire transfers, while 20 percent of them did so via fraudulent use of
corporate/commercial cards. Larger organizations were more likely to have incurred losses as
a result of fraud via wire transfers than were smaller companies.
Payment Method Responsible for Largest Dollar Amount Loss from Fraud Loss (Percentage Distribution of Organizations that Experienced Payments Fraud)
Checks
Wire transfers
Corporate/Commercial credit and debit cards
ACH debits
ACH credits
10%
43%20%
5%
23%
Costs to manage/defend and/or clean up from fraud attacks were relatively low for most
organizations. Nearly half (49 percent) did not incur any expenses as a result of a fraud attempt
and 35 percent spent less than $25,000 to defend against or clean up the fraud. A greater share
of larger organizations—and specifically those with more payment accounts—were more likely
to have spent more on cleaning up and defending against fraud than were other companies.
Cost to Manage/Defend/Clean Up from Attempted or Actual Payments Fraud in 2015(Percentage Distribution of Organizations that Experienced Payments Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
No Cost 49% 56% 49% 45% 30%
Up to $24,999 35 34 35 42 28
$25,000-49,999 5 3 7 6 7
$50,000-99,999 4 3 5 2 12
$100,000-249,999 4 4 4 3 7
$250,000-499,999 1 1 2 2 –
$500,000-999,999 1 – 3 – 12
$1,000,000-1,999,999 – – 1 – –
$2,000,000 or more 1 – 2 – 5
Checks continueto account for the largest amount of loss due to fraud
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 11
2016 AFP Payments Fraud and Control Survey
Sources of Attempted/Actual Payments Fraud The majority of payments fraud continues to originate from an external source or indi-
vidual. In 2015, nearly two-thirds of companies (65 percent) that experienced attempted
or actual payments fraud in 2015 did so as a result of actions by an outside individual.
Half of finance professionals reports that for their companies, payments fraud originated
via business email compromise (BEC) and 15 percent of organizations were targets of an
organized crime ring.
Sources of Attempted/Actual Payments Fraud in 2015 (Percent of Organizations that Experienced Attempted or Actual Payments Fraud)
Outside individual
Business Email Compromise (BEC fraud)
Organized crime ring
Third-party or outsourcer
Account takeover
Internal party
Compromised mobile device
Lost or stolen laptop
0% 10% 20% 30% 40% 50% 60% 70%
2%
2%
5%
11%
12%
15%
50%
65%
12 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Check Fraud Checks have been and continue to be the payment method most often exposed to
fraudulent activity. Forty-four percent of organizations that experienced check fraud in
2015 suffered between one and five incidents of check fraud; 22 percent were subject
to between six and ten incidents. A similar share—21 percent—were exposed to
check fraud more than 20 times, an increase from 17 percent in 2014. Larger
organizations with more than 100 payment accounts were far more likely to have been
victims of check fraud than were other organizations; 48 percent of survey respondents
from this group report that their organizations experienced check fraud more than 15
times in 2015. Nearly two-thirds of finance professionals (66 percent) report that the
number of check fraud attempts in 2015 was unchanged from 2014 while 24 percent
report an increase.
The United States differs from most other developed countries in that paper checks
are still used to a large extent for business-to-business (B2B) transactions. Although
the use of paper checks is declining, checks still account for a large portion of the
total number of payment transactions. This is also one of the reasons checks are the
predominant targets of fraudulent transactions. Other reasons checks are subject to
fraud is that they are physical items that can be altered fairly easily. Also, modern
technological equipment facilitates the counterfeiting of checks. However, as checks
continue to decline as a chosen payment method, so does check-related fraud. Those
committing fraud often seek out other methods of payment fraud believing they may
be more lucrative and might shift their focus away from checks. Nevertheless, checks
continue to account for the majority of fraud activity.
Number of Times Organization Experienced Attempted or Actual Check Fraud in 2015(Percentage Distribution of Organizations that Experienced At Least One Attempt of Check Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
1-5 44% 57% 35% 39% 32%
6-10 22 22 19 20 19
11-15 10 7 12 13 5
16-20 3 2 4 6 0
21 or more 21 11 29 22 43
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 13
2016 AFP Payments Fraud and Control Survey
There are a number of protective measures that can effectively secure check payments.
It is critical that organizations implement these safeguards. If fraudsters are successful
in their attacks, they will persist in targeting an organization repeatedly until they are
caught. The figures cited above on the incidence of check fraud clearly validate this. A
majority of survey respondents report that their organizations were targets for check
fraud one to five times in 2015, suggesting that criminals cast a wide net hoping that
the targeted organization does not have sufficient protective measures in place. Twenty-
one percent of respondents report their organizations were attacked by fraudsters more
than 21 times. This suggests that those organizations are not adequately protecting their
check transactions and so are frequently being targeted. Companies that are exposed to
check fraud often should consider performing daily reconciliations and/or investing in
positive pay, etc.
Number of Times Organization Experienced Attempted or Actual Check Fraud in 2015(Percentage Distribution of Organizations that Experienced At Least One Attempt of Check Fraud)
Change in Incidence of Check Fraud in 2015 Compared to 2014 (Percentage Distribution of Organizations that Experienced Attempted or Actual Payments Fraud via Checks)
24%
66%
10%
Increased
About the same
Decreased
Positive pay continues to be the method most often used by organizations to guard
against check fraud. This approach is used by 88 percent of organizations—an increase
from the 79 percent in 2014. Other prevalent methods being used are:
• Daily reconciliations and other internal processes
(cited by 77 percent of respondents)
• Segregation of accounts (69 percent)
• Payee positive pay (56 percent)
88% of organizations use positive pay to guard against check fraud
14 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
While check fraud continued to be the most prevalent type of payments fraud
experienced by organizations in 2015, a vast majority of companies did not suffer
any financial loss as a result of such fraud. Twenty percent of companies that were
exposed to at least one check fraud attempt in 2015 incurred a financial loss as a
consequence. However, this is an increase from 15 percent in 2014. For larger
companies with more than 100 payment accounts the share was 35 percent.
Fraud Control Procedures Organizations Used to Guard Against Check Fraud in 2015(Percent of Organizations that Experienced At Least One Attempt of Check Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Positive pay 88% 85% 90% 93% 89%
Daily reconciliation and other internal processes 77 79 75 77 73
Segregation of accounts 69 69 69 73 62
Payee positive pay 56 53 58 57 59
“Post no checks” restriction on depository accounts 49 46 52 55 51
Reverse positive pay 16 13 18 16 22
Non-bank fraud control services 6 4 7 5 16
Other 2 3 2 2 3
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 15
2016 AFP Payments Fraud and Control Survey
Organizations incurred financial loss due to check fraud for
various reasons:
• No positive pay (cited by 41 percent of survey respondents)
• Clerical errors (29 percent)
• Account reconciliation not timely (25 percent)
• Stolen check stock (20 percent)
• Internal fraud (18 percent)
Suffered Financial Loss as a Result of Check Fraud (Percentage Distribution of Organizations that Experienced At Least One Attempt of Check Fraud)
Yes20%
No80%
Features Most Effective in Preventing Check Fraud (Percentage Distribution of Organizations that Experienced Payments Fraud via Checks)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
VOID Feature (The word “VOID” appears if check is scanned or copied) 57% 58% 58% 57% 63%
Security/Safety Paper (Stains will appear if attempts are made to alter the check) 51 51 49 47 56
Micro Print (A fine line of print can be read when magnified – difficult to photocopy) 32 30 33 34 33
Blank Check Stock 30 30 29 37 25
Dual-tone True Watermark 30 30 29 24 34
Heat-reactive Ink 21 19 21 18 19
Other 16 16 15 12 19
Finance professionals are eager to reduce the number of check fraud incidents and are well
aware that that certain check features are more effective than others in limiting check fraud. The
two features survey respondents consider most effective in preventing check fraud are the VOID
feature—i.e., the word “VOID” appears if check is scanned or copied (cited by 57 percent of survey
respondents) —and the use of security/safety paper (stains will appear if attempts are made to al-
ter the check) (51 percent). Other features considered effective in preventing fraudsters from using
checks to deceive victims are micro print, a fine line of print which is difficult to photocopy and
can be read only when magnified. Blank check stock and dual tone watermark are also considered
to be effective in preventing check fraud (each cited by 30 percent of respondents).
16 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
ACH Fraud ACH transactions are typically considered a safer form of payment. Criminals not only
need to obtain a customer’s credentials but must also be able to generate ACH files in
the originator’s name. In order to be successful, criminals most often need help from
someone inside a targeted company to assist them. As a result, ACH transactions are
less impacted by fraud than are other payment methods. Even among the small share of
companies which experience ACH fraud, this type of fraud occurs infrequently. As with
check fraud, criminals will attempt ACH fraud on a wide scale. If they succeed they will
continue to target the same organization over and over again until they are stopped.
In 2015, one-fourth of organizations were subject to ACH Debit fraud and 11 percent
to ACH Credit fraud. Larger companies with more than 100 payment accounts are six
more times likely than similar-sized organizations with fewer payment accounts to have
been targets of ACH fraud more than 20 times. Seventy-three percent of respondents
from companies that experienced ACH fraud report one to five incidents of such fraud in
2015. Only nine percent of finance professionals report their organizations experienced
more than 20 incidents of ACH fraud. This is a good indication that most companies are
protecting themselves fairly well from ACH fraud. These figures have also not changed
much over time; trends in ACH fraud have shifted somewhat from year to year but not to
any large extent.
Number of Times Organizations Experienced Attempted or Actual ACH Fraud in 2015(Percentage Distribution of Organizations that Experienced At Least One Attempt of ACH Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
1-5 72% 79% 68% 71% 63%
6-10 13 10 14 16 7
11-15 5 3 6 7 –
16-20 2 2 2 2 4
21 or more 9 5 10 4 26
Seventy percent of finance professionals report that the instances of ACH fraud
attempts at their organizations in 2015 was unchanged from that reported in 2014.
Twenty-three percent report a rise in ACH fraud occurrences during the same time-
frame, an increase from the 13 percent that reported a rise in 2014 compared to 2013.
Organizations adopt various strategies to mitigate the impact from ACH fraud. Sixty-
nine percent of companies reconcile accounts daily to identify and return unauthorized
ACH Debits while 56 percent block all ACH Debits except those with ACH Debit filter
and/or ACH positive pay. Forty-one percent take the additional step of blocking ACH
Debits on all accounts.
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 17
2016 AFP Payments Fraud and Control Survey
Eleven percent of organizations that were victims of at least one ACH fraud attempt
in 2015 suffered a financial loss as a result. The share increased to 16 percent for larger
organizations with more than 100 payment accounts.
The most plausible reasons for ACH fraud incidents include:
• OrganizationdidnotuseACHDebitblocksorACHDebitfilters
(cited by 40 percent of respondents)
• Account reconciliation not timely (30 percent)
• Organization did not use ACH positive pay (30 percent)
• ACH Return not timely (25 percent)
• Internal fraud (e.g., employee responsible) (15 percent)
Although ACH fraud occurs considerably less often than check fraud, the actual
exposure of ACH transaction information may be more damaging due to its sensitive
nature, including actual bank account numbers, etc. At the same time, criminals need
to make more significant efforts than most may be willing to in order to obtain such in-
formation. Since AFP began tracking payments fraud, we have not seen a major shift in
ACH fraud activity. If criminals do decide to put in the extra effort, as in BEC scams, this
may change. Therefore, it is always wise to implement any protective measures available.
Fraud Control Procedures Used to Prevent ACH(Percent of Organizations that Experienced At Least One Attempt of ACH Fraud)
80%
70%
60%
50%
40%
30%
20%
10%
0%
45%
29%32%
29%
23%
16%
29%
Reconcile accounts Block all ACH debits Block ACH debits Debit block on all Create separate daily to identify and except on a single on all accounts consumer items with account for return unauthorized set up with ACH debit filter on electronic debits ACH debits debit filter/ACH commercial ACH debits initiated by the positive pay third party (e.g., taxing authority)
35%
41%
59%
51%
56%
68%
71%69%
All
Annual Revenue Less Than $1 Billion
Annual Revenue At Least $1 Billion
18 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Corporate/Commercial Card Payments After two years of decline, the use of corporate/commercial cards for business-to-busi-
ness (B2B) transactions seems to be trending slightly upwards. The most widely used
B2B cards in 2015 were purchasing cards (used by 75 percent of organizations, up from
71 percent in 2014) followed by Travel & Entertainment (T&E) cards (45 percent, up
from 39 percent in 2014). The use of ghost or virtual cards has declined slightly from
31 percent to 29 percent in the same timeframe. Larger organizations with more than
100 payment accounts were more likely to use T&E cards than were other companies.
Percentage of Corporate/Commercial Cards that Organizations Use for B2B Payments(Percent of Organizations that Experienced Attempted or Actual Fraud via Corporate/Commercial Cards)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Purchasing cards 75% 68% 80% 79% 81%
T&E cards 45 39 50 49 58
Ghost or virtual cards (valid card account without a physical card issued) 29 22 34 33 29
Fleet cards 16 17 16 16 13
“One card” combining several uses above 15 21 12 8 16
Airline travel cards (UATP) 6 5 6 7 3
Other 2 3 2 2 3
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 19
2016 AFP Payments Fraud and Control Survey
As the use of B2B cards increases, so does the likelihood of fraud via such vehicles.
Forty-two percent of companies that experienced payments fraud in 2015 were impacted
by fraud associated with their own commercial cards, an increase from 32 percent in
2014. Corporate/commercial cards were the third most-often targeted payment method
for those attempting to commit payments fraud in 2015. The recent increase in corpo-
rate/commercial card fraud most likely is the result of the increased use of such cards,
particularly purchasing cards and T&E cards. The previous decline reported in 2014
followed a decline in overall card use for B2B transactions.
As with fraud via other payment methods, corporate/commercial card fraud can often
result in a financial loss to companies. But in addition, fraud via corporate/commercial
cards can also result in financial losses to third parties such as an organization’s bank
or merchant partners. While 38 percent of organizations that were victims of this type
of fraud in 2015 did not incur a financial loss, 36 percent of their card-issuing banks did,
an increase from 31 percent in 2014. A larger share of organizations’ merchants also
experienced an increase in corporate/commercial card fraud—from 15 percent in 2014
to 21 percent in 2015. Other parties that suffered increased financial loss as a result of
corporate/commercial card fraud include card processors—increasing to 8 percent from
4 percent the previous year.
40%
35%
30%
25%
20%
15%
10%
5%
0% No organization Card Merchant My organization Card processor Other suffered issuing bank financial loss
38%36%
21%
13%
8%
Parties That Suffered Financial Loss from Fraud on Corporate/Commercial Cards(Percent of Organizations that Experienced At Least One Attempt of Corporate/Commercial Card Fraud)
3%
20 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
For the large majority of organizations (77 percent) that experienced fraud via their
own corporate/commercial cards, the fraud was initiated by an unknown external
party. For 17 percent of those companies, this type of fraud was perpetrated by an
employee, a decrease from 25 percent in 2014, suggesting an improvement in internal
controls for card payments. Corporate/commercial card fraud committed by a third-
party or outsourcer (e.g., vendor, professional services provider) declined slightly from
16 percent in 2014 to 14 percent in 2015. The large percentage of card fraud commit-
ted by an unknown external party highlights the vulnerability of cards. Large data
breaches can expose a vast number of card credentials to a wide range of criminals.
These credentials are being sold and then used to create fraudulent cards.
Larger organizations with annual revenue of at least $1 billion were more likely than
other companies to have been exposed to fraud committed by an employee
(23 percent versus 13 percent) or by a third-party (19 percent versus nine percent).
However, smaller organizations with annual revenue less than $1 billion were more
prone to fraud attacks from unknown external parties than were other companies
(85 percent versus 69 percent). Larger organizations face a significant challenge in
that they need to control all the cards they issue. Because there are typically more
cards in circulation from larger companies, especially purchasing cards and T&E
cards, the more cards in circulation the greater the opportunity for fraud.
Party Responsible for Fraud on Corporate/Commercial Cards(Percent of Organizations that Experienced At Least One Attempt of Corporate/Commercial Card Fraud)
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
23%
14%
9%
19%
13%17%
69%
85%
77% All
Annual Revenue Less Than $1 Billion
Annual Revenue at Least $1 Billion
Unknown external party Employee Third-party or outsourcer (e.g., vendor, professional services provider, business trading partner)
Fraud attempts on corporate/commercial cards is often initiated by an unknown external party
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 21
2016 AFP Payments Fraud and Control Survey
Mobile Payments Despite recent technological innovations and the vast number of start-ups specializing
in the mobile payments field, the adoption of mobile payments has failed to achieve
the level anticipated every year. Survey results suggest that finance professionals are
skeptical about the use of mobile payments. Among the issues constraining the
adoption of mobile payments are concerns about the security of mobile payment
applications and the phone networks being used. Indeed, the number-one concern
regarding mobile payments among corporate practitioners is whether they are a secure
method of payment (cited by 76 percent of respondents). Security appears to be a
greater concern for large companies with annual revenue of at least $1 billion with
fewer than 26 payment accounts than organizations of the same size with more than
100 payment accounts (81 percent versus 66 percent).
Other issues preventing companies from adopting mobile payments more extensively
are the potential exposure of personal financial information resulting from a loss of
phones used to make the payments (55 percent) and transmitting financial data over cell
networks (53 percent). The potential compromise of financial data when transmitting
over cell phone networks is a greater concern among survey respondents from larger
organizations with annual revenue of at least $1 billion than those from smaller compa-
nies (annual revenue less than $1 billion) (57 percent versus 45 percent). Additionally,
larger organizations with more than 100 payment accounts are more apprehensive about
consumers using mobile payments than those with fewer payment accounts (66 percent
versus 54 percent).
Security Issues Preventing Consumers from Further Embracing Mobile Payments(Percent of Organizations)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Concerns about whether mobile payments are a secure payment method 76% 75% 78% 81% 66%
Potential exposure of personal financial information resulting from a loss of the phone 55 54 55 57 54
Transmitting financial data over cell phone networks 53 45 57 54 66
The authentication process 29 26 32 34 34
Other 4 4 4 2 9
The security of mobile payments and the phone networks used are of most concern to corporate practitioners
22 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Credit/Debit Card Payments Seventy percent of corporate practitioners report that their companies accept debit/credit
card payments from their customers. A slightly smaller share of companies with annual
revenue less than $1 billion accept credit and/or debit card payments than do larger
organizations (64 percent versus 74 percent).
The uptick in credit card/debit card fraud continued in 2015 with 39 percent of finance
professionals reporting their organizations experienced fraud attacks via these vehicles.
This is an increase from the 34 percent in 2014 but still below the peak of 43 percent in
2013. However, that 2013 figure may have been a result of the media hype surrounding
the large data breaches at high-profile retailers in December 2013.
Results from the 2015 AFP Payments Fraud and Control Survey, conducted prior to the Oc-
tober 2015 deadline for the shift in liability from card issuers to merchants, revealed that over
40 percent of corporate practitioners anticipated somewhat of an impact on their organization’s
investment in card fraud prevention methods and 28 percent anticipated a greater impact.
By the time the current survey was conducted, the deadline for the shift in liability from card
issuers to merchants had passed, and survey results reveal that 32 percent of respondents
report there was some impact on their investments in preventing card fraud. This figure is
less than the 42 percent who held this view in 2014. Nineteen percent of organizations were
significantly impacted by the liability shift in 2015, but that share was a decrease from the 28
percent of survey respondents in 2014 who anticipated a similar impact their companies’ outlay
on fraud prevention systems. The share of finance professionals who believed the impact would
be negligible increased dramatically from 14 percent in 2014 to 35 percent in 2015. The current
survey results also suggest that—just a few months after the liability shift—the investment costs
and complexity of upgrading terminals, as well as the costs of training, may be having less of
an impact than previously anticipated. This mitigated impact of the liability shift suggests that
organizations that haven’t installed EMV-capable terminals have not experienced a significant
increase in fraud attacks; alternatively, the implementation of new terminals, training of staff and
customers has been less challenging than expected.
Impact of Liability Shift in Organization’s Investment in Card Acceptance Fraud Prevention Methods/Solutions(Percentage Distribution of Organizations that Accept Credit/Debit Cards from Customers)
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
(1) No Impact (2) (3) Somewhat of an Impact (4) (5) Significant Impact
All
Annual Revenue Less than $1 Billion
Annual Revenue at Least $1 Billion
Annual Revenues at Least $1 Billion and Fewer than 26 Payment Accounts
Annual Revenues at Least $1 Billion and More than 100 Payment Accounts 30% 13% 33% 15% 10%
32% 18% 34% 10% 7%
39% 11% 32% 9% 11%
35% 15% 32% 10% 9%
33% 22% 29% 9% 7%
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 23
2016 AFP Payments Fraud and Control Survey
While EMV (EuroPay, MasterCard, VISA) cards have been in use for many years in many
parts of the developed world, their use only started gaining traction in the U.S. because of the
shift in liability—from card-issuer to merchant—that went into effect in October 2015. The key to
the EMV chip card is the “smart chip” that is considerably more difficult to counterfeit than the
magnetic strip traditionally used on credit/debit cards. The authentication is usually done with
a PIN. However, the U.S. banking industry has opted for a less secure signature authentication,
claiming that consumers will experience a negative experience because of too many changes in
the purchasing procedures with cards. Some banks have since indicated a PIN authentication
may be planned for the future since it adds a layer of protection. Merchants are typically in favor
of PIN authentication as it is more likely to prevent fraud at card-present (POS) transactions.
It is still too soon to determine the real impact of this liability shift. Implementation of the
new cards has been slow, often due to a short supply of EMV-capable terminals making them
expensive. For merchants with high-volume, low-value transactions, the investment cost for
new terminals and training of personnel may exceed the potential loss from fraud.
As the use of EMV chip cards becomes more extensive, fraudsters are likely to shift their
focus to other, less-secure payment methods. Ninety percent of finance professionals believe
that if EMV chip cards do cut back on the instances of fraud, perpetrators will shift their focus
to other payment methods. This is a 10-percentage-point increase in the share of finance
professionals who held the same view last year and a 20 percent increase from 2014. The
majority of survey respondents (55 percent) foresee those transactions in which cards are not
present, such as online purchases, will be exposed to greater fraud activity. Smaller shares of
finance professionals anticipate greater fraud activity via checks (17 percent), ACH Debit
(7 percent) and wire transfers (7 percent).
The share of finance professionals who believes checks will be exposed to greater fraud
activity if EMV chip cards are successful in mitigating fraud continues to decline—from
58 percent in 2013 to 38 percent in 2014 and a mere 17 percent in 2015. However, a greater
share of respondents from larger organizations with more than 100 payment accounts
(28 percent) than other companies believes checks will continue to be impacted.
Forms of Payments Subject to Greater Fraud Activity if EMV Cards are Successful in Reducing Fraud(Percentage Distribution of Respondents)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Card-Not-Present transactions 55% 58% 54% 62% 32%
Checks 17 17 16 14 28
Fraud will not migrate to other payment forms 10 10 11 11 15
ACH debit 7 7 6 5 9
Wire transfers 7 4 10 6 13
ACH credit 1 2 – – –
90% of corporate practitioners believe that criminals will shift their focus to other payment methods if EMV chip cards are successful in mitigating fraud
24 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Similar to last year’s survey results, a vast majority (92 percent) of finance
professionals strongly believe that EMV chip cards will be successful in alleviating
point-of-sale (POS) fraud. Sixty-six percent consider Chip-and-PIN an effective method
in reducing POS fraud. In addition to using a stolen credit card, fraudsters would need a
card’s associated PIN, making it more difficult to authenticate a transaction.
Other methods survey respondents consider effective are Chip-and-Choice, which
allows merchants to choose the option of PIN or signature (12 percent), EMV regardless of
authentication method used (10 percent) and Chip-and-Signature (5 percent). A far smaller
share of finance professionals from larger organizations with more than 100 payment
accounts are more likely than those from organizations with fewer payment accounts to
consider Chip-and-PIN as effective (50 percent versus 78 percent).
Authentication Method for EMV Cards Most Effective in Preventing Fraud and Providing a Better Customer Experience(Percentage Distribution of Respondents)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Chip-and-PIN 66% 62% 69% 78% 50%
Chip-and-Choice (merchant can chose PIN or signature) 12 13 11 6 15
EMV is effective in reducing POS card fraud regardless of authentication method used 10 10 9 7 15
EMV will not be effective in reducing POS fraud 8 9 6 5 15
Chip-and-Signature 5 6 5 6 6
Securing CredentialsOver the past couple of years, data security breaches have been rampant. These mali-
cious attacks have compromised the personal data of thousands of consumers and even
U.S. government employees have not been spared, leaving many vulnerable and insecure.
Organizations, too, are on guard and making all efforts to protect themselves from being
victims of such attacks or taking steps to lessen the impact if they are victims. Strategies
being implemented at companies to protect their reputation and their consumers’ information
include the following:
Seventy-fivepercent perform daily reconciliations on transaction activity.
Fifty-three percent have adopted a stronger form of authentication or added layers of
security for access to bank services.
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 25
2016 AFP Payments Fraud and Control Survey
Forty-one percent ensure their disaster recovery plans include the ability to continue
with strong controls.
Thirty-nine percent have upgraded the authentication procedure/devices used to access
the company network.
Other tactics organizations are adopting to safeguard themselves from any potential attacks
include restricting company network access for payments to only company-issued laptops
(27 percent) and restricting network access for payments via mobile devices to emergency
situations only (18 percent).
Daily reconciliations are an effective way to expose fraudulent transactions with minimum
delay. By performing daily reconciliations, organizations can minimize any harm caused by a
data breach. Additionally, this is an exercise that is done internally and independent of exter-
nal parties. Stronger authentication procedures are also effective as they add layers of security
to the access of the vital payment systems. The more layers of security the more difficult it
is for criminals to gain access to sensitive information. If faced with a difficult-to-break-into
system, criminals will most likely move on to a less-secure target where their efforts may pay
off in a much shorter time.
Actions Taken to Defend Against Attacks that Would Compromise Security (Percent of Organizations that Experienced Attempted or Actual Payments Fraud)
Perform daily reconciliations
Adopt a stronger form of authentication or added layers of security for access
to bank services
Ensure disaster recovery plans include the ability to continue with strong controls
Upgrade the authentication procedure/devices used to access our
company network
Restrict network access for payments to only company-issued laptop
Restrict company network access for payments via mobile devices (laptop,
tablets, phones) to emergency situations only
Dedicate a PC for payment origination (with no links to e-mail/web
browsing/social networks)
Replace proprietary bank connections with secure access through the SWIFT network
Other
0% 10% 20% 30% 40% 50% 60% 70% 80%
13%
11%
18%
27%
39%
41%
53%
75%
5%
26 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Conclusion In the past few years, organizations have been targets of severe fraud attacks which
have had far-reaching consequences for their business operations, bottom lines,
consumers and overall reputation. Even if malicious fraudsters are not successful in
accessing funds, they are often able to access highly secure data which puts organizations
and their customers’ at risk. In such situations, clean-up efforts for companies may be
significant; beyond just incurring costs, fraud can also result in staff resources being
shifted from other key priorities to focus on dealing with the assault and its aftermath,
including remediating an organization’s reputation.
Finance professionals are fully cognizant that fraud attacks are the “new normal”
and they are on high alert, making efforts to minimize the impacts of these attacks.
However, it appears that the perpetrators of these acts are managing to stay ahead
of their targets. Over the last two years, we have seen a significant increase in fraud
activity. Indeed, in 2013, 60 percent of organizations experienced payments fraud; the
share increased slightly to 62 percent in 2014, but jumped to 73 percent in 2015.
In addition to the increased incidence of fraud, fraudsters are also focusing their
efforts on targeting other payments methods beyond traditional targets such as
checks, moving towards wire transfers and adopting new strategies like business
email compromise to prey on their victims.
Results from the 2016 AFP Payments Fraud and Control Survey reveal key trends in
the payments fraud area. Notable among these are the following:
Therehasbeenasignificantincreaseinfraudattacksoncompanies with
73 percent of organizations experiencing actual/attempted payments fraud in
2015, an increase from 62 percent in 2014.
Forty-two percent of survey respondents whose organizations experienced
payments fraud report that the number of incidents of fraud attempts
increased in 2015 compared to 2014 and 47 percent report no change.
Checks continue to be the payment method most often targeted by those
committing or attempting to commit payments fraud and once again account
for the greatest amount of financial loss due to fraud. Seventy-one percent of
companies that experienced attempted or actual payments fraud in 2015 were
victims of check fraud. Wire transfers were the second most popular vehicle
for payments fraud, with nearly half (48 percent) of finance professionals whose
organizations were exposed to payments fraud in 2015 reporting that such
attacks were via wire transfers.
Sixty-fourpercentoffinanceprofessionalsreportthattheirorganizations
were exposed to business email compromise (BEC) in 2015. Wire transfers
are the payment method most impacted by BEC.
The majority of payments fraud continues to originate from an external source
or individual.
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 27
2016 AFP Payments Fraud and Control Survey
The security of mobile payments is a chief concern for three-fourths of
corporate practitioners.
A vast majority of finance professionals believes that if EMV chip cards do cut
back on the instances of fraud, perpetrators of fraud will shift their focus to
other payment methods. Over half of survey respondents foresee transactions
in which cards are not present will be exposed to greater fraud activity even
with the introduction of EMV chip cards.
Nine out of ten finance professionals strongly believe that EMV cards will be
successful in alleviating point-of-sale (POS) fraud. Most believe Chip-and-PIN
an effective method in reducing POS fraud.
Three-fourths of organizations perform daily reconciliations on transaction
activity and a majority have adopted a stronger form of authentication or added
layers of security for access to bank services to safeguard against fraud attacks.
28 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
About the SurveyIn January 2016, the Research Department of the Association for Financial Professionals® (AFP)
surveyed nearly 14,000 of its corporate practitioner members and prospects. The survey
was sent to corporate practitioner members with the following job titles: cash manager,
analyst and director. After eliminating surveys sent to invalid and/or blocked email
addresses, the 399 responses yielded a response rate of nine percent. Additional surveys
were sent to non-member corporate practitioners holding similar job titles, which generated
an additional 230 responses for a total of 629 responses.
AFP thanks J.P. Morgan for underwriting the 2016 AFP Payments Fraud and Control Survey.
Both questionnaire design and the final report, along with its content and conclusions, are
the sole responsibilities of the AFP Research Department. The following tables provide a
profile of the survey respondents, including payment types used and accepted.
Types of Organization’s Payment Transactions(Percentage Distribution of Organization’s Payment Transactions)
When Making When Receiving Payments Payments
Primarily consumers 6% 22%
Split between consumers and businesses 20 24
Primarily businesses 74 54
Number of Payment Accounts Maintained(Percentage Distribution of Organizations that Experienced Payments Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Fewer than 5 28% 38% 20% 36% –
5-9 16 17 16 28 –
10-25 20 22 20 36 –
26-50 9 5 12 – –
51-100 6 4 8 – –
More than 100 21 13 25 – 100%
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 29
2016 AFP Payments Fraud and Control Survey
Annual Revenues (USD)(Percentage Distribution of Organizations)
Industry Classification(Percentage Distribution of Organizations)
Banking/Financial services 7%
Business services/Consulting 6
Construction 2
Energy (including utilities) 9
Government 7
Health services 8
Hospitality/Travel 2
Insurance 6
Manufacturing 20
Non-profit (including education) 7
Real estate 5
Retail (including wholesale/distribution) 8
Software/Technology 5
Telecommunications/Media 4
Transportation 2
Other 4
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Under $10 Million 5% 12% – – –
$10-99.9 Million 8 19 – – –
$100-249.9 Million 9 19 – – –
$250-499.9 Million 8 18 – – –
$500-999.9 Million 15 33 – – –
$1-4.9 Billion 30 – 55 67 25
$5-9.9 Billion 10 – 18 17 15
$10-20 Billion 7 – 13 9 28
Over $20 Billion 8 – 14 7 31
30 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Appendix: Survey Data Tables
Payment Methods Subject to Attempted or Actual Payments Fraud in 2015(Percent of Organizations that Experienced Attempted or Actual Payments Fraud)
Change in Incidence of Payments Fraud in 2015 Compared to 2014(Percentage Distribution of Organizations that Experienced Attempted or Actual Payments Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Increased 42% 46% 41% 37% 47%
About the same 47 43 48 52 40
Decreased 11 11 11 10 14
Percentage Distribution of Organizations that Experienced Attempted and/or Actual Payments Fraud via Business Email Compromise (BEC) in 2015
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Yes 64% 60% 69% 69% 63%
No 36 40 31 31 37
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Checks 71% 59% 77% 75% 86%
Wire transfers 48 49 49 43 49
Corporate/Commercial credit and debit cards 39 39 37 39 28
ACH debits 25 18 27 25 33
ACH credits 11 8 9 5 19
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 31
2016 AFP Payments Fraud and Control Survey
Payment Method Responsible for Largest Dollar Amount Loss as a Result of Business Email Compromise (BEC)(Percentage Distribution of Organizations that Experienced Payments Fraud via BEC)
Payment Method Responsible for Largest Dollar Amount Loss from Payments Fraud (Percentage Distribution of Organizations that Experienced Payments Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Wire transfers 56% 63% 56% 60% 40%
Checks 29 26 40 10 70
Corporate/Commercial credit cards 18 5 20 10 10
ACH debits 16 5 24 10 30
ACH credits 15 11 20 20 10
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Checks 43% 36% 46% 38% 66%
Wire transfers 23 15 29 21 30
Corporate/Commercial credit cards 20 28 13 21 –
ACH debits 10 13 8 10 5
ACH credits 5 8 5 10 –
32 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Sources of Attempted/Actual Payments Fraud in 2015(Percentage Distribution of Organizations that Experienced Payments Fraud)
Number of Times Organizations Experienced Attempted or Actual Check Fraud in 2015(Percentage Distribution of Organizations that Experienced At Least One Attempt of Check Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Outside individual (e.g., check forged, stolen card) 65% 63% 65% 65% 73%
Business Email Compromise (BEC Fraud) 50 48 54 52 50
Organized crime ring (e.g., crime spree that targets other organizations in addition to your own, either in a single city or across the country) 15 9 22 21 25
Third-party or outsourcer (e.g., vendor, professional services provider, business trading partner) 12 12 13 9 18
Account takeover (e.g., hacked system, malicious code – spyware or malware from social network) 11 12 11 9 11
Internal party (e.g., malicious insider) 5 3 7 7 9
Lost or stolen laptop 2 3 3 3 2
Compromised mobile device 2 2 2 2 2
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
1-5 44% 57% 35% 39% 32%
6-10 22 22 19 20 19
11-15 10 7 12 13 5
16-20 3 2 4 6 0
21 or more 21 11 29 22 43
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 33
2016 AFP Payments Fraud and Control Survey
Change in Incidence of Check Fraud Attempts in 2015 Compared to 2014 (Percentage Distribution of Organizations that Experienced Attempted or Actual Payments Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Increased 24% 21% 27% 21% 41%
About the same 66 66 66 73 54
Decreased 10 13 7 6 5
Suffered Financial Loss as a Result of Check Fraud(Percentage Distribution of Organizations that Experienced At Least One Attempt of Check Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Yes 20% 16% 21% 15% 35%
No 80 84 79 85 65
Reasons for Financial Loss Due to Check Fraud(Percent of Organizations that Experienced At Least One Attempt of Check Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
No Positive Pay 41% 57% 33% – 54%
Clerical errors 29 21 23 31 15
Account reconciliation not timely 25 36 23 15 31
Stolen check stock 20 29 17 8 15
Internal fraud (e.g., employee responsible) 18 7 27 23 23
Gaps in online security controls/criminal account takeover 10 21 17 15 8
34 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Number of Times Organizations Experienced Attempted or Actual ACH Fraud in 2015(Percentage Distribution of Organizations that Experienced At Least One Attempt of ACH Fraud)
Change in Incidence of ACH Fraud in 2015 Compared to 2014(Percentage Distribution of Organizations that Experienced At Least One Attempt of ACH Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Increased 23% 27% 20% 24% 14%
About the same 70 67 73 69 75
Decreased 7 6 8 7 11
Suffered Financial Loss as a Result of ACH Fraud(Percentage Distribution of Organizations that Experienced At Least One Attempt of ACH Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Yes 11% 11% 11% 10% 16%
No 89 89 89 90 84
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
1-5 72% 79% 68% 71% 63%
6-10 13 10 14 16 7
11-15 5 3 6 7 0
16-20 2 2 2 2 4
21 or more 9 5 10 4 26
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 35
2016 AFP Payments Fraud and Control Survey
Reasons for Financial Loss from ACH Fraud(Percent of Organizations that Experienced At Least One Attempt of ACH Fraud)
Fraud Control Procedures Used to Prevent ACH Fraud(Percent of Organizations that Experienced At Least One Attempt of ACH Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Reconcile accounts daily to identify and return unauthorized ACH debits 69% 71% 68% 69% 77%
Block all ACH debits except on a single account set up with ACH debit filter/ACH positive pay 56 51 59 66 48
Block ACH debits on all accounts 41 35 45 48 32
Debit block on all consumer items with debit filter on commercial ACH debits 29 32 29 31 32
Create separate account for electronic debits initiated by the third party (e.g., taxing authority) 23 16 29 33 23
Other 5 6 4 3 3
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Did not use ACH debit blocks or ACH debit filters 40% 71% 25% 17% 40%
Account reconciliation not timely 30 29 25 17 40
Did not use ACH positive pay 30 29 33 17 60
ACH return not timely 25 29 25 33 20
Internal fraud (e.g., employee responsible) 15 – 25 17 40
Gaps in online security controls/criminal account takeover 10 – 17 17 –
36 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Acceptance of Credit and/or Debit Card Payments from Customers(Percentage Distribution of Organizations)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Yes 70% 64% 74% 74% 73%
No 30 36 26 26 27
Organization’s Own Corporate/Commercial Cards Used in Attempt to Commit Fraud(Percentage Distribution of Organizations that Experienced At Least One Attempt of Corporate/Commercial Card Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Yes 42% 52% 34% 34% 34%
No 58 48 66 66 66
Party Responsible for Fraud on Corporate/Commercial Cards(Percentage of Organizations that experienced At Least One Attempt of Corporate/Commercial Card Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Unknown external party 77% 85% 69% 69% 73%
Employee 17 13 23 24 18
Third-party or outsourcer (e.g., vendor, professional services provider, business trading partner) 14 9 19 14 18
Other 0 0 0 0 0
©2016 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org 37
2016 AFP Payments Fraud and Control Survey
Parties that Suffered Financial Loss from Fraud on Corporate/Commercial Cards(Percent of Organizations that Experienced At Least One Attempt of Corporate/Commercial Card Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
No organization suffered financial loss 38% 30% 43% 40% 53%
Card issuing bank 36 41 33 28 38
Merchant 21 23 20 22 9
My organization 13 12 14 15 13
Card processor 8 8 7 7 13
Other 3 2 3 3 3
Reasons for Financial Loss Associated with Corporate/Commercial Cards(Percent of Organizations that Experienced At Least One Attempt of Corporate/Commercial Card Fraud)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Employee theft 44% 42% 45% 46% 50%
Fraudulent credit card charges made by a TP company 44 42 45 38 25
Lack of internal controls 22 33 15 15 25
No segregation of duties 6 8 5 8 —
38 www.AFPonline.org ©2016 Association for Financial Professionals, Inc. All Rights Reserved
2016 AFP Payments Fraud and Control Survey
Impact of Liability Shift in Organization’s Investment in Card Acceptance Fraud Prevention Methods/Solutions(Percentage Distribution of Organizations that Accept Credit/Debit Cards from Customers)
Actions Taken to Defend Against Attacks that Would Compromise Security(Percent of Organizations)
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Significant Impact (5) 9% 11% 7% 7% 10%
(4) 10 9 10 9 15
Somewhat of an Impact (3) 32 32 34 29 33
(2) 15 11 18 22 13
No Impact (1) 35 39 32 33 30
Annual Annual Annual Revenue Annual Revenue Revenue Revenue At Least $1 Billion At Least $1 Billion Less Than At Least and Fewer Than and More Than All $1 Billion $1 Billion 26 Payment Accounts 100 Payment Accounts
Perform daily reconciliations 75% 75% 75% 77% 67%
Adopt a stronger form of authentication or added layers of security for access to bank services 53 54 52 54 48
Ensure disaster recovery plans include the ability to continue with strong controls 41 37 43 42 45
Upgrade the authentication procedure/devices used to access our company network 39 38 40 37 45
Restrict company network access for payments to only company-issued laptop 27 22 31 29 33
Restrict network access for payments via mobile devices (laptop, tablets, phones) to emergency situations only 18 19 18 14 31
Dedicate a PC for payment origination (with no links to email/web browsing/social networks) 13 15 11 12 10
Replace proprietary bank connections with secure access through the SWIFT network 11 7 13 7 28
Other 5 5 6 4 7
AFP ResearchAFP Research provides financial professionals with proprietary and timely research
that drives business performance. AFP Research draws on the knowledge of the
Association’s members and its subject matter experts in areas that include bank
relationship management, risk management, payments, and financial accounting and
reporting. Study reports on a variety of topics, including AFP’s annual compensation
survey, are available online at www.AFPonline.org/research.
About the Association for Financial ProfessionalsHeadquartered outside Washington, D.C., the Association for Financial
Professionals (AFP) is the professional society that represents finance executives
globally. AFP established and administers the Certified Treasury ProfessionalTM and
Certified Corporate FP&A ProfessionalTM credentials, which set standards of excellence
in finance. The quarterly AFP Corporate Cash IndicatorsTM serve as a bellwether of
economic growth. The AFP Annual Conference is the largest networking event for
corporate finance professionals in the world.
AFP, Association for Financial Professionals, Certified Treasury Professional,
and Certified Corporate Financial Planning & Analysis Professional are
registered trademarks of the Association for Financial Professionals.© 2016 Association for Financial Professionals, Inc. All Rights Reserved.
General Inquiries [email protected]
Web Site www.AFPonline.org
Phone 301.907.2862
Put Cyberfraud on Lockdown
In 2015 alone, 73 percent of companies were impacted by payments fraud. But that doesn’t have to happen to your company. Get proactive about cybersecurity, and learn how our fraud protection services can help your business.
jpmorgan.com/cb/fraudprotection
© 2016 JPMorgan Chase Bank, N.A. Member FDIC. “Chase” is a marketing name for certain businesses of JPMorgan Chase & Co. and its subsidiaries (collectively, “JPMC”). 188545
Commercial Banking Treasury Services