Who pays for payments fraud?

We all pay for fraud in some way, but who bears the direct cost? It can depend on the fraud and payment type, but some organizations think insurance will cover everything. This is typically not the case. Following are two examples of what insurance generally does not cover, one of which ties in with the executive card fraud I wrote about in June. Because it is such an important topic, AP Now is exploring the insurance angle within their payment fraud survey going on this month; learn more below. 

Internal Failure

Insurance carriers may back away from organizations who blatantly drop the ball in preventing a fraud. Last month, I shared the fraud case involving Bill Davis, ex-CEO of Community Action of Minneapolis. The board did nothing to prevent or detect the fraud; worse, some board members apparently benefited from it. As Star Tribune columnist Jon Tevlin wrote last week, insurance companies can and do refuse to cover board members when they are grossly negligent in their duties (according to Kate Barr, executive director of the Nonprofits Assistance Fund). Read the complete article to see how this fraud case is evolving

Does your organization have solid controls pertaining to card use by executives and the people responsible for monitoring them?

Business Email Compromise (BEC)

Organizations may or may not have insurance coverage for losses due to BEC scams. As a refresher, in a BEC scam, an email appearing to be from an internal executive is actually sent by a fraudster who requests that AP wire a certain sum of money to a specified account. Some insurance carriers are reclassifying BEC losses from E&O and/or fidelity bonds, which have low to modest deductibles, to cyber crime, which often requires organizations to purchase a separate, specific insurance policy with high deductibles. Has your organization checked into its insurance coverage lately?

Who is Liable?

If an insurance carrier is off the hook, we are left with the question, “Who bears the direct cost of fraud?” It could be your organization. Fortunately, card payments generally include some external protections that other payment methods do not. Ensure you are familiar with the related contract terms between your organization and its card issuer.  

From whose pockets does fraud extract money?

From whose pockets does fraud extract money?

Payments Fraud Survey

Fraud has evolved, taking on new forms, but the old fraud tactics remain as well. To determine what organizations have experienced, AP Now is currently conducting a survey, which addresses all payment types. Even if you have not been a fraud target, please take the survey to share the strategies that have helped protect your organization. Each participant will receive an executive summary of the results and an invitation to attend the related live webinar. 


About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

EMV in the U.S. gets a push from redrawn liability lines.

U.S. payment card security will get a boost in 2015 with broad issuance of EMV chip cards. Yes, this includes Commercial Cards, too. To learn more, I discussed the ins and outs of EMV with Jack Jania, Senior Vice President, Strategic Alliances, Gemalto Inc., a world leader in digital security.

If you haven’t been following this topic, EMV stands for Europay-Mastercard-Visa and refers to security technology that is incorporated into cards with a smart chip. You will be hearing even more about it from your card issuer prior to the rollout of the new cards.  

EMV cards are more secure, reducing cross-border fraud, POS fraud and card cloning.

EMV cards are more secure, reducing cross-border fraud, POS fraud and card cloning.

What EMV Does and Does Not Do

As Jack noted, EMV cards reduce cross-border fraud, point-of-sale (POS) fraud and card cloning. EMV does not shut down all fraud channels, such as online fraud, and it does not encrypt all transaction data. Because POS transactions far outnumber online transactions, the industry has been focusing its security efforts on the POS side first.

EMV Migration in the United States

October 1, 2015, is the target date for converting to EMV in the United States, which has been behind other developed countries in this regard. As an incentive for issuers and merchants, there will be a liability shift at that time. Jack explained that, if a POS terminal accepts EMV cards, but the card used for a purchase only has a magnetic stripe (“mag stripe”), then the card issuer is liable for any fraud. Conversely, if an EMV card, which will still have a mag stripe as well, is used at a non-EMV POS terminal, then the merchant is liable. 

What Your Cardholders Will Experience

Because of the added chip, the card will look a bit different, but some cardholders might not even notice. For online transactions, which comprise the majority of P-Card transactions, the process will be the same. A cardholder would enter their card number, expiration, CVV, etc. For in-person transactions, an EMV card could have a PIN assigned to it, which a cardholder would need to provide at the POS. The alternative to chip-and-PIN is chip-and-signature.

Learn More

For more EMV information, read the complete article based on my interview with Jack, including who incurs the cost of moving to EMV and the learning curve that might occur with your cardholders. See also a Q1 2015 blog post on EMV options.

Another payment security development to watch is tokenization, which is what Apple Pay utilizes. It is a form of encryption that prevents account information from being stolen by replacing it with a random token during the purchase process. Clearly, this will be the future of online commerce.


About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog