Best practices to reduce payment fraud

Email is a popular target for cyber crimes – learn how you can protect your business against fraud.


2 minute read


  • Review procedures for updating account and payment information. All internal and external requests for payments or changes to account information should be validated through a different method than the original inquiry.
  • Don’t rely on email alone for payment information. Pick up the phone and contact the appropriate person to verify or question changes to payment instructions.
  • Separate duties for accounts and payments, and require dual approvals for any change to account or payment instructions.
  • Contact the appropriate person by phone to verify vendor contacts and account information.
  • Determine your risk tolerance and set up alerts for larger payments.
  • Manage email account access and require multifactor authentication.
  • Disable automatic forwarding and monitor the inbox rules.
  • Ask employees with payment-making responsibilities to limit what they post on social media sites.
  • Employees should also separate personal and professional email accounts and should not use the same password on multiple sites.
  • Routinely train employees to recognize business email compromise threats and identify the various techniques. Provide in-depth training for employees most likely to be targeted such as the CEO, CFO and those in finance, payroll and HR departments.
  • Update security software and operations systems, complete regular backups and use email filtering technologies.