Skip Navigation
Documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view, download Adobe® Acrobat Reader.
FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Business Payments Fraud


Cybersecurity | 4 min read | Updated: Jul 2024

Business Payments

Payments fraud is a widespread problem that can lead to significant financial losses for businesses. According to the 2024 AFP® Payments Fraud and Control Survey Report, 80% of organizations were victims of payments fraud attacks or attempted attacks in 2023. This is an increase of 15% from 2022.

Checks continue to be one of the payment methods most susceptible to fraud, however, ACH payments also pose an area of risk for businesses.



As technology advances and criminals become more sophisticated, companies need to take steps to protect themselves from fraudulent activity. By understanding the risks and implementing safeguards, businesses can help ensure that they remain safe from scammers who are looking to exploit their vulnerabilities for financial gain.


Common Types of Payments Fraud

Payments fraud can take many forms, including:

Check Fraud:

Counterfeit Checks

Created using computer software to look like legitimate checks.

Altered Checks

Unauthorized changes to the amount or payee on an authentic check.

Forged Endorsements

When a person signs someone else’s name on the back of a check.

Stolen Checks

When a person steals or obtains unauthorized access to an existing check.

ACH Fraud:

Similar to check fraud, ACH fraud can happen when scammers try to initiate payments with your business's account and routing number.

Invoice Fraud:

Vendor Impersonation

Scammers may impersonate one of your vendors, reaching out to let you know that payment details have changed or simply submitting an invoice with a slight change to the payment information. — Hoping to divert money from your business to their own accounts.

Fake Vendors

Scammers will submit an invoice from a fake vendor for a lower dollar amount, in hopes that the payment will be approved without being questioned by the business.


Strategies & Best Practices for Preventing Fraud

In order to reduce the risk of becoming a victim of fraud, it's important for businesses to take steps to protect themselves.

Implement Positive Pay:

Positive Pay is an automated fraud detection service that helps businesses detect fraud. It works by verifying each check or ACH entry presented for payment against a predetermined list of checks or ACH entry details submitted by the business.

The list includes information such as the check number, issue date, and dollar amount to ensure accuracy and accountability. If a discrepancy arises between the records and what is being presented, the service can alert the company so that fraudulent activity can be identified and prevented.

For more information about Positive Pay for Checks or ACH, visit our Meet Our Team page to connect with your local Treasury Management Officer.


Segregate Duties

Manage user’s access by assigning activity permissions within Civista Digital Banking and other software systems.


Establish Dual Controls

Dual control refers to having two separate individuals required to approve the release of funds and sign off on any transactions, such as ACH or Wire activities. This helps to ensure that only authorized personnel are allowed access to the accounts and that all financial activity is properly monitored and documented.


Utilize Multi-Factor Authentication (MFA)

Civista’s Digital Banking MFA protocol requires a secure access code be delivered to a user based on the secure delivery option on file with the bank – phone call, text, or by using a digital token. This can help ensure that only authorized personnel have access to funds.


Actively Monitor Accounts

It’s important for businesses to monitor their accounts regularly. Companies should review their transactions online and their bank statements for any suspicious activity or discrepancies. This can help detect and prevent potential fraud.


Activate Account Alerts in Civista Digital Banking

In addition to pre-set security alerts within Civista Digital Banking, companies should establish account activity alerts that may help detect suspicious activity on the account. This can help them quickly identify and address any potential threats.


Designate a Primary Contact

Create a central point of contact for cyber and fraud escalation within your business. This allows businesses to quickly and effectively respond to any potential threats.


Review and Enhance Internal Controls and Systems

Review safe keeping procedures for the storage and handling of checks internally.


Educate Employees:

It’s essential for businesses to continually educate employees on how to spot and prevent fraud. This includes training employees on the signs of suspicious emails and vendor payment requests, how to handle checks properly, and the importance of safeguarding sensitive financial data.


Companies must stay vigilant against potential security threats and take steps to ensure their funds are not exposed to fraudulent activity. With proper awareness, management, and protection, businesses can reduce the risk of becoming victims of fraud.






























Cybersecurity Tips for Small Businesses
Blue color clock
Treasury Management Team
Business woman looking at computer.
Digital Banking