Despite confidence, 1 in 5 Canadian businesses falling victim to payment fraud

Over 6 in 10 feel confident in protecting business against scams, says report

Despite confidence, 1 in 5 Canadian businesses falling victim to payment fraud

One in five Canadian businesses have fallen prey to payment fraudsters this year, according to a report.

That is higher compared to the 13% of consumers who have been victims of the scheme, reports Payments Canada.

The rate of payment fraud among employers remained consistent from 2023 at 19%, despite 63% of businesses who report that they feel confident in knowing how to protect themselves against payment fraud and cybercrime, and 61% who said they are more aware of how to recognize potential threats. 

Larger-scale commercial businesses experienced the highest rate of fraud at 26%, compared to large (23%) and small (16%) businesses.

"Businesses face the challenge of ever-evolving and increasingly sophisticated payment fraud and cybercrime threats", said Jon Purther, director of research at Payments Canada. "Our study reinforces there is no room for complacency around measures to protect against and detect fraud risks for Canadian businesses regardless of size and industry, and that businesses are willing to take extra steps to make an online transaction if it meant they were better protected."

The number of cases of employee fraud among city workers in Toronto skyrocketed. In 2023, Toronto’s Fraud and Waste Hotline received 1,054 complaints made up of roughly 1,450 allegations.

What are the most common types of payment fraud?

Payments Canada reports that the most common types of payment fraud are:

  • An impersonator making contact by either email, phone, call, text or social media to request money (25%).
  • Someone intercepted a business' e-Transfer (sending or receiving) to deposit the money into a different bank account (22%).
  • Fraudulent charges on their bank or credit cards (20%).
  • Purchase made from stolen credit card information (19%).
  • Purchase made from stolen debit card information (18%).
  • Payment made by a fraudulent cheque (15%).
  • Purchase made from a fraudulent website (15%).

Nearly half (45%) of businesses have noticed an increase in fraudulent, cybercrime or suspicious activity directed at them through email over the last 12 months, according to the survey of 500 Canadian businesses from March 25 to April 5, 2024.

Businesses also noticed an increase in activity directed at them via their smartphone (42%), social media platforms (39%) and retail merchant sites, including e-commerce sites or apps (34%).

Previously, Nova Scotia’s economic development agency fell victim to a cyber fraud worth more than half a million dollars following a hacking of the email of one of its workers.

How to stop payment fraud?

Canadian businesses are taking some steps to protect themselves from payment fraud, finds Payments Canada’s survey.

Close to 7 in 10 businesses (69%) indicate that they usually limit the amount of sensitive information about the business they share online and only provide it when required. Over two-thirds of businesses (67%) make the effort to check the safety of an e-commerce site and go with trusted sites only when buying online. Sixty-five percent of businesses enable two-step authentication for accessing their accounts whenever it is available.

However, 39% of small and medium enterprises (SMEs) and 41% of commercial businesses store their passwords on a smartphone, personal computer or laptop. One in three (33%) commercial businesses and one in four (25%) SMEs tend to use the same password for all their business-related accounts.

Almost 2 in 3 businesses (65%) would be willing to take extra steps to make an online transaction if it meant they were better protected. When transferring money online, 3 in 5 businesses (61%) would be willing to better protect themselves from scams, even if the process called for more time-consuming steps.

According to Alyssa Abrams, senior content manager at The Sumsuber, there are steps businesses should follow to effectively prevent payment fraud, including:

  • Taking a risk-based approach towards customers, partners, and vendors
  • Cyber-security measures and policies, like secure VPNs, etc.
  • Using AI-based behavioral fraud detection
  • Conducting regular employee training
  • Using a reliable KYC solution to onboard only trustworthy users
  • Requesting face authentication in case of unusual activity
  • Using a reliable business verification solution to know and trust the partners and corporate customers you work with
  • Using a transaction monitoring tool to quickly detect unusual transactions
  • Encrypting transactions
  • Using up-to-date software.

Many Canadian employers are also victims of ESG fraud, according to a previous report.