Please enable JavaScript to view the comments powered by Disqus.

We use cookies on our website to give you the best online experience. Please know that if you continue to browse on our site, you agree to this use. You can always block or disable cookies using your browser settings. To find out more, please review our privacy policy.

COVID-19 RESOURCES AND INFORMATION: See the Atlanta Fed's list of publications, information, and resources; listen to our Pandemic Response webinar series.


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

May 3, 2021

You Can Deploy 19th-Century Technology against a 21st-Century Scourge

Just like last year, and in 2019 before that, the Association for Financial Professionals (AFP) is reporting that business email compromise (BEC) is at the heart of fraud attempts against businesses: an AFP surveyOff-site link found that 6 in 10 attempted or perpetrated frauds are built on BEC.

Many of us are familiar with the seemingly urgent—and fraudulent—email from a faux CEO or other executive demanding that we immediately purchase gift cards for a pressing need or instantly transfer funds to an impatient vendor demanding payment. The language of these requests plays on our insecurities and fears. Adrenaline surges, muscles tense, heart rate speeds up. We are ready—and want to—spring into action. And when payments are frictionless, that’s easy to do. The click of a mouse, and the problem goes away.

Then, the second thoughts. Uh-oh. Our lizard brains have betrayed us again.

But the 520 corporate treasury professionals who responded to the survey hold out hope. These treasury pros reported using processes to remove from the fraud equation an email from a perpetrator to an accounts payable clerk, CEO, or other employee. They include implementing a payment request database and then prohibiting the email receipt of payment requests or creating a secure supplier web portal so that payees—not the payor—control updates to bank account information.

Another effective solution, not so new: the voice call. This 19th-century invention, variously credited to Antonio Meucci, Elisha Gray, and Alexander Graham Bell, can add friction at just the right point in the fraud-prevention process, what my colleague Jessica Washington calls "fast access to live humans." Some respondents to the AFP survey, for example, reported that they required a voice call-back to confirm changes requested by email or to ascertain the bona fides of parties applying for credit, friction that creates a necessary opportunity for a double-check.

At the Telephone MuseumOff-site link in Waltham, Massachusetts, you can admire 19th-century contraptions of wood and cloth and even teach your kids to use a rotary dial. The Mickey Mouse phone, the hamburger phone, and the "princess" phone of my childhood are all there. While the younger set investigates some antediluvian communications device, be sure to take a moment to remind yourself of its efficacy in the present day.