Written by Brady Bose - Insurance Advisor - Dickinson Downtown
Payment fraud is something I end up discussing with commercial clients regularly. The methods continue to evolve, especially around wires and ACH payments, and many of the scams look completely routine at first glance. Because these transactions move quickly, having steady, consistent processes can make it easier to recognize when something isn’t lining up.
Establishing clear internal practices
One helpful approach is avoiding email-only instructions for sending funds or changing banking details. Fraudulent emails can be made to resemble legitimate communication, so relying on a second verification method is important.
Limiting who can initiate or approve payments is another common internal safeguard I see many businesses use. Reviewing those permissions as roles change helps keep responsibilities aligned. Separating duties—where one person initiates payments and another approves them—is another practice that supports oversight.
Brief waiting periods for new vendors, updated banking information or unexpected payment requests give teams a chance to confirm details through already-verified contacts.
Verification helps catch irregular requests
When a request feels rushed, unusual or out of pattern, taking a moment to verify it can prevent problems. A quick phone call to a number already saved in your records—rather than a number provided in the message—helps confirm whether the request is legitimate.
For vendor banking changes, many organizations rely on a structured routine: written documentation, phone confirmation to a known contact and a short delay before the first payment.
Using bank tools already available
Most financial institutions offer features that help manage outgoing funds, such as daily limits, callback requirements, beneficiary checks or restrictions on certain types of transfers. These options create additional layers that support payment-related controls.
Awareness across the team matters
Teams that know what to watch for—pressure to act quickly, secrecy, or requests to skip normal steps—are often better positioned to notice inconsistencies. Daily reconciliation is another routine practice that helps surface anything unexpected.
Where cyber insurance fits in
Something I remind clients of often is that cyber insurance doesn’t automatically cover every type of payment-related fraud. Losses involving voluntary transfers—especially when someone inside the organization is tricked into sending funds—may fall outside standard coverage unless specific endorsements are in place. Policies differ widely, so it’s important for businesses to review what types of fraud-related losses are included, which are excluded and where additional endorsements might be needed.