Feb 23, 2024
3 minutes

A 2024 guide to detecting corporate card card fraud

Business Guide to Card Fraud Detection
Quick summary

Cybercrime can be both costly and inconvenient for businesses. If you have employees spending business funds via corporate cards, using a card solution with robust fraud detection capabilities is non-negotiable. Learn more about card fraud and how Payhawk is well-equipped to keep your sensitive data safe.

Table of Contents

    Digital transactions are transforming the financial landscape, but with prolific use comes an increased threat to data. Threat actors consistently try to access sensitive financial data to sell, exploit, and disrupt the economy — which means you must take steps to safeguard business spending.

    Research shows that the financial industry is only second to healthcare when it comes to cybercrime. Card fraud is one of the most common types of cybercrime, and according to Barclaycard, card-not-present fraud is much more common than card-present fraud. That’s because it’s now more challenging than ever to replicate physical cards. Still, as soon as you use your corporate card online, through digital wallets or telephone purchases, it’s much easier for threat actors to obtain your card information.

    Stay safe with our robust security measures

    Four common types of card fraud

    Learn about the different types of card fraud and how to act quickly to safeguard your data:

    Identity theft

    Identity theft can be physical or virtual. For example, some thieves may steal details to use online, and others steal physical information like their corporate credit card and immediately start spending and imitating the account holder online.

    You can prevent identity theft or at least minimise the repercussions of the theft by using corporate cards with controls, like card autoblocking and fraud detection measures, regardless of whether they’re physical or virtual cards.

    Corporate cards should also not be linked to the main business bank account. Instead, they should act as digital wallets containing a limited amount of money in case a thief does access them.

    Counterfeit card fraud

    Creating counterfeit cards or ‘cloning’ is when scammers create a duplicate card identical to your current one to commit card fraud. You should regularly scan your bank statements to spot any unusual banking activity or transactions you don’t recognise and report them to your card issuers as soon as possible.

    At Payhawk, our corporate cards add an extra layer of security against such fraudulent activities. Our system monitors card usage and flags any transactions made at unusual hours or that deviate from typical spending patterns. Our real-time monitoring helps finance teams identify and address suspicious activities swiftly.

    You can even design automated spend policy rules. Our policy-supporting features allow financial controllers to set predefined spending limits and restrictions. So, if you have any spending discrepancies or unusual transactions, you’ll get an instant alert, ensuring you’re always one step ahead of safeguarding your company’s financial integrity.

    Online card fraud

    When you purchase goods online, this is a card-not-present (CNP) transaction, and you may have already saved your card details on the site you’re buying from. These types of card fraud are more common than those concerning card-present transactions, so always stay mindful when spending corporate funds online.

    Scammers can obtain your card details through phishing, i.e. posing as legitimate organisations or sending deceptive emails to get your card details. They can also use skimming to obtain card information by using ATM card readers or hack into retailer or banking computer systems to steal the needed data.

    To protect yourself against card fraud, use financial software that implements 3D secure protection — an additional layer of security for online transactions. This layer requires the cardholder to type in a PIN or code to confirm their authorisation and complete the transaction safely. Also, consider using a card with built-in rules and limits that can help you cap spend across different teams or specific individuals — this means you have even tighter control over company spending, and online fraudsters can’t spend excessive company funds.

    Lost or stolen cards

    It’s inevitable that some cards will get lost or stolen, particularly if you have travelling employees or a large workforce. Losing your corporate card can be stressful, so you should consider implementing an easy-to-follow corporate credit card policy; that way, all your cardholders will know what to do if they find themselves without their card.

    Acting fast is the secret to minimising any losses. You should a) quickly report it to your card issuer and b) freeze the cards in seconds (providing you’re using a spend management solution that supports this, like ours). And c)? Check through statements to pinpoint unusual transactions and share your findings with your card issuer.

    How card fraud detection works

    You need reliable techniques to quickly identify whether the person purchasing with your corporate card is the right one. And thankfully, there’s plenty of intelligent card fraud detection software to help you:

    Pattern recognition. Pattern recognition technology can identify unusual card activity by consistently analysing card transaction data by matching data patterns.

    Anomaly detection. If your card transactions are declined several times or the billing address doesn’t match the delivery address, these could all be signs of fraudulent activity. When software detects these occurrences, it can automatically flag them, which can start an internal investigation to determine whether card fraud is active.

    Authentication processes. Authenticating the person making the purchase is a technique that needs to be streamlined and reliable. Authentication techniques can include biometric authentication, card auto-blocking and two-factor authentication.

    Risk scoring. Risk scoring is where technology follows rules to determine whether a transaction or card should be blocked. These rules are based on if/then statements. So, if the shipping doesn’t match the delivery address, the risk score might increase by two points. And the card or transaction can be auto-blocked once you reach a specific risk score.

    How Payhawk detects corporate card fraud

    Biometric authentication

    Biometric authentication has fast become a quick and reliable way to verify user identity. That’s why we use biometric authentication fingerprint scanning to help users access the Payhawk mobile app safely. So, when submitting expenses on the go or approving expense requests, you can be sure to access your sensitive financial data securely.

    Single sign-on login

    We support Google, Okta and Microsoft SSO (single-sign-on) at Payhawk, which means you only need your single password and authentication through your Google SSO, Okta or Microsoft company set-up to access the Payhawk expense management app, amongst your other applications. Change your PIN, freeze the card, and request funds with ease.

    Two-factor authentication

    Payhawk customers must use two-factor authentication (2FA) when making payments. This helps protect customer data by ensuring complete confidentiality. We ask users for a password and a unique code, usually sent via email. Our mobile users also have a mandatory biometric (or by password) authentication.

    Card auto-blocking

    If employees don’t submit their expenses within an allocated time frame (predetermined by you), you can automatically block their card. Card auto-blocking prevents administrators from chasing down late expense submissions and keeps fraudulent activity at bay. Encouraging prompt expense submissions makes it easier to spot fraudulent transactions, i.e., expenses that aren’t submitted because they’re unauthorised payments.

    Additionally, employees can activate the card auto-blocking feature if they suspect fraudulent activity.

    Payment security certificates

    We adhere to rigorous security standards and are PCI DSS Level 1, SOC1, SOC2 Type 2, and ISO 27001 certified. This means we go to great lengths to protect our customers’ sensitive data. And it’s not just these safeguards that are in place, with in-house security teams, vulnerability scanning, and threat detection; your data really is in the safest hands.


    Tokenisation is a form of encryption that protects card details by replacing the data with ‘tokens’ of no meaning or value. Replacing sensitive data like this minimises the risk of data breaches and reduces the amount of stored data. At Payhawk, we use tokenisation to enhance the security of user transactions — whether you accept customer payments or company spending, you can be confident that your data is well-protected.

    Business card verification troubleshooting: Mercell Nederland

    Having just a single corporate card for multiple employees can cause a whole heap of issues; not only is there a lack of employee accountability, but obtaining identity verification can be tedious.

    Louis Gossieau, Head of Buyer Marketing at Mercell Nederland, recalls:

    The main problem with the old way of working was that we had a company card that either reached its limit at some point or always needed some kind of second verification that I didn't get because I was not the card owner. Then, I had to contact our finance department for a text or code to use the card. It took a lot of time to get payments done because if I couldn't reach out to the Finance department to get the verification code, I had to wait or even do it the next day.

    With our corporate cards, that’s no longer true for Mercell Nederland. Instead, cardholders are accountable for their spending. For example, if your marketing manager needs a new subscription? No problem. Just purchase and submit the receipt; it’s that easy.

    Three best practices for card fraud detection

    A Gov.uk survey found that 47% of businesses had experienced some form of debit or credit card fraud, and 17% had been a victim of online banking fraud. Make sure you reduce the chances of becoming a statistic and enhance card fraud detection by following these best practices:

    Strong authentication protocols

    By implementing strong authentication protocols, you can quickly determine whether the cardholder is making the purchase or is an unauthorised person. By using techniques like two-factor authentication, you can quickly verify their identity and let them continue with the purchase. Or, if authentication isn’t possible, the transaction simply can’t be completed.

    Regular card activity monitoring

    You can spot unusual transactions quickly by monitoring your card activity regularly. As soon as you spot something suspicious, you can freeze the card immediately, conduct an internal investigation and reinstate the card by unfreezing it. Or, if suspicious activity is identified, submit your findings to the card issuer for further examination.

    Secure online payment practices

    Educate all cardholders on safe payment practices. Help them spot scam emails, tell them how to spot card readers at ATMs, talk them through your credit card fraud policies so they know how to act if they suspect card fraud, and show them how to make online payments securely. I.e. don’t save card details and ensure the e-commerce retailer has an SSL encryption — their website address will start with ‘HTTPS’.

    To sum up

    Although the threat of cybercrime is very real, there are plenty of straightforward steps you can take to protect your organisation from fraudulent card activity. One of the most simple ways is to work with a spend management solution with robust security measures.

    Multiple cardholders making regular purchases online? Schedule a quick Payhawk demo to see how we can save you time, boost efficiency — and offer robust security and protection.

    Trish Toovey - Content Director at Payhawk - The financial system of tomorrow
    Trish Toovey
    Senior Content Manager

    Trish Toovey works across the UK and US markets to craft content at Payhawk. Covering anything from ad copy to video scripting, Trish leans on a super varied background in copy and content creation for the finance, fashion, and travel industries.

    See all articles by Trish →
    Jul 18, 2024


    Jul 18, 2024


    Jul 18, 2024