A 2024 guide to detecting corporate card card fraud

Digital transactions are transforming the financial landscape, but with prolific use comes an increased threat to data. Threat actors consistently try to access sensitive financial data to sell, exploit, and disrupt the economy — which means you must take steps to safeguard business spending.

Research shows that the financial industry is only second to healthcare when it comes to cybercrime. Card fraud is one of the most common types of cybercrime, and according to Barclaycard, card-not-present fraud is much more common than card-present fraud. That’s because replicating physical cards is now more challenging than ever. Still, as soon as you use your corporate card online, through digital wallets or telephone purchases, it’s much easier for threat actors to obtain your card information.

Four common types of card fraud

Learn about the different types of card fraud and how to act quickly to safeguard your data:

Identity theft

Identity theft can be physical or virtual. For example, some thieves may steal details to use online, and others steal physical information like their corporate credit card and immediately start spending and imitating the account holder online.

You can prevent identity theft or at least minimize the repercussions of the theft by using corporate cards with controls like card autoblocking and fraud detection measures, regardless of whether they’re physical or virtual cards.

Corporate cards should also not be linked to the main business bank account. Instead, they should act as digital wallets containing a limited amount of money in case a thief does access them.

Counterfeit card fraud

Creating counterfeit cards or ‘cloning’ is when scammers create a duplicate card identical to your current one to commit card fraud. You should regularly scan your bank statements to spot any unusual banking activity or transactions you don’t recognize and report them to your card issuers as soon as possible.

At Payhawk, our corporate cards add an extra layer of security against such fraudulent activities. Our system monitors card usage and flags any transactions made at unusual hours or that deviate from typical spending patterns. Our real-time monitoring helps finance teams identify and address suspicious activities swiftly.

You can even design automated spend policy rules. Our policy-supporting features allow financial controllers to set predefined spending limits and restrictions. So, if you have any spending discrepancies or unusual transactions, you’ll get an instant alert, ensuring you’re always one step ahead of safeguarding your company’s financial integrity.

Online card fraud

When you purchase goods online, this is a card-not-present (CNP) transaction, and you may have already saved your card details on the site you’re buying from. These types of card fraud are more common than those concerning card-present transactions, so always stay mindful when spending corporate funds online.

Scammers can obtain your card details through phishing, i.e. posing as legitimate organizations or sending deceptive emails to get your card details. They can also use skimming to obtain card information by using ATM card readers or hack into retailer or banking computer systems to steal the needed data.

To protect yourself against card fraud, use financial software that implements 3D secure protection — an additional layer of security for online transactions. This layer requires the cardholder to type in a PIN or code to confirm their authorization and complete the transaction safely. Also, consider using a card with built-in rules and limits that can help you cap spend across different teams or specific individuals — this means you have even tighter control over company spending, and online fraudsters can’t spend excessive company funds.

Lost or stolen cards

It’s inevitable that some cards will get lost or stolen, particularly if you have traveling employees or a large workforce. Losing your corporate card can be stressful, so you should consider implementing an easy-to-follow corporate credit card policy; that way, all your cardholders will know what to do if they find themselves without their card.

Acting fast is the secret to minimizing any losses. You should a) quickly report it to your card issuer and b) freeze the cards in seconds (providing you’re using a spend management solution that supports this, like ours). And c)? Check through statements to pinpoint unusual transactions and share your findings with your card issuer.

How card fraud detection works

You need reliable techniques to quickly identify whether the person purchasing with your corporate card is the right one. And thankfully, there’s plenty of intelligent card fraud detection software to help you:

Pattern recognition. Pattern recognition technology can identify unusual card activity by consistently analyzing card transaction data and matching patterns.

Anomaly detection. If your card transactions are declined several times or the billing address doesn’t match the delivery address, these could be signs of fraudulent activity. When software detects these occurrences, it can automatically flag them, which can start an internal investigation to determine whether card fraud is active.

Authentication processes. Authenticating the person making the purchase is a technique that needs to be streamlined and reliable. Authentication techniques can include biometric authentication, card auto-blocking and two-factor authentication.

Risk scoring. Risk scoring is where technology follows rules to determine whether a transaction or card should be blocked. These rules are based on if/then statements. So, if the shipping doesn’t match the delivery address, the risk score might increase by two points. And the card or transaction can be auto-blocked once you reach a specific risk score.

How Payhawk detects corporate card fraud

Biometric authentication

Biometric authentication has fast become a quick and reliable way to verify user identity. That’s why we use biometric authentication fingerprint scanning to help users access the Payhawk mobile app safely. So, when submitting expenses on the go or approving expense requests, you can be sure to access your sensitive financial data securely.

Single sign-on login

We support Google, Okta and Microsoft SSO (single-sign-on) at Payhawk, which means you only need your single password and authentication through your Google SSO, Okta or Microsoft company set-up to access the Payhawk expense management app, amongst your other applications. Change your PIN, freeze the card, and request funds with ease.

Two-factor authentication

Payhawk customers must use two-factor authentication (2FA) when making payments. This helps protect customer data by ensuring complete confidentiality. We ask users for a password and a unique code, usually sent via email. Our mobile users also have a mandatory biometric (or by password) authentication.

Card auto-blocking

If employees don’t submit their expenses within an allocated time frame (predetermined by you), you can automatically block their card. Card auto-blocking prevents administrators from chasing down late expense submissions and keeps fraudulent activity at bay. Encouraging prompt expense submissions makes it easier to spot fraudulent transactions, i.e., expenses that aren’t submitted because they’re unauthorized payments.

Additionally, employees can activate the card auto-blocking feature if they suspect fraudulent activity.

Payment security certificates

We adhere to rigorous security standards and are PCI DSS Level 1, SOC1, SOC2 Type 2, and ISO 27001 certified. This means we go to great lengths to protect our customers’ sensitive data. And it’s not just these safeguards that are in place, with in-house security teams, vulnerability scanning, and threat detection; your data really is in the safest hands.

Tokenisation

Tokenization is a form of encryption that protects card details by replacing the data with ‘tokens’ of no meaning or value. Replacing sensitive data like this minimizes the risk of data breaches and reduces the amount of stored data. At Payhawk, we use tokenization to enhance the security of user transactions — whether you accept customer payments or company spending, you can be confident that your data is well-protected.

Business card verification troubleshooting: Mercell Nederland

Having just a single corporate card for multiple employees can cause many issues; not only is there a lack of employee accountability, but obtaining identity verification can be tedious.

Louis Gossieau, Head of Buyer Marketing at Mercell Nederland, recalls:

The main problem with the old way of working was that we had a company card that either reached its limit at some point or always needed some kind of second verification that I didn't get because I was not the card owner. Then, I had to contact our finance department for a text or code to use the card. It took a lot of time to get payments done because if I couldn't reach out to the Finance department to get the verification code, I had to wait or do it the next day.

With our corporate cards, that’s no longer true for Mercell Nederland. Instead, cardholders are accountable for their spending. For example, if your marketing manager needs a new subscription? No problem. Just purchase and submit the receipt; it’s that easy.

Three best practices for card fraud detection

A Gov.uk survey found that 47% of businesses had experienced some form of debit or credit card fraud, and 17% had been a victim of online banking fraud. Make sure you reduce the chances of becoming a statistic and enhance card fraud detection by following these best practices:

Strong authentication protocols

By implementing strong authentication protocols, you can quickly determine whether the cardholder is making the purchase or is an unauthorized person. By using techniques like two-factor authentication, you can quickly verify their identity and let them continue with the purchase. Or, if authentication isn’t possible, the transaction simply can’t be completed.

Regular card activity monitoring

You can spot unusual transactions quickly by monitoring your card activity regularly. As soon as you spot something suspicious, you can freeze the card immediately, conduct an internal investigation, and reinstate the card by unfreezing it. Or, if suspicious activity is identified, submit your findings to the card issuer for further examination.

Secure online payment practices

Educate all cardholders on safe payment practices. Help them spot scam emails, tell them how to spot card readers at ATMs, talk them through your credit card fraud policies so they know how to act if they suspect card fraud, and show them how to make online payments securely. I.e. don’t save card details and ensure the e-commerce retailer has an SSL encryption — their website address will start with ‘HTTPS’.

To sum up

Although the threat of cybercrime is very real, there are plenty of straightforward steps you can take to protect your organization from fraudulent card activity. One of the most simple ways is to work with a spend management solution with robust security measures.

Multiple cardholders making regular purchases online? Schedule a quick Payhawk demo to see how we can save you time, boost efficiency — and offer robust security and protection.