Vocalink – UK businesses worry that fraudsters are winning

Share this post


  • Latest Business Fraud Report from Vocalink reveals many UK businesses think scammers committing payments fraud are now one step ahead
  • Many businesses don’t have processes in place to deal with fraud, and remain unaware of fraudsters’ tactics
  • However, help is on the horizon with the use of anti-fraud technology to help combat business payments fraud

20 March 2019 – Three quarters (73%) of UK businesses believe that fraudsters who carry out payments fraud are now ‘ahead of the industry’, according to the third annual Business Fraud Report from Vocalink, a Mastercard company.

Despite one in five (22%) reporting someone has previously attempted payments fraud on their business, and a further one in ten (12%) falling victim to this type of scam, many still don’t have a system set up to deal with it. Only 32% of UK businesses have tightened their processes to deal with payments fraud and nearly one in five (17%) say their accounts team don’t have any processes in place.

This lack of action may be in part due to continued low awareness of the types of scams fraudsters use. Payments fraud can come in many guises such as invoice and mandate fraud, as well as CEO fraud when a fraudster poses as a senior decision-maker within the business and emails employees to transfer money to a particular account. Unfortunately, a quarter (26%) of UK businesses are still unaware of these types of scam, with half (53%) saying the biggest barrier to protecting their business against fraud is not knowing enough about how fraudsters are able to attack.

Fraud can have a devastating impact on companies large and small. Almost four in ten (37%) business owners or MDs who have either been a victim of payment fraud, or know a business who has been, report that thousands of pounds were lost as a result. One in ten (10%) even contemplated closing their business.

With fraud costing the UK hundreds of millions of pounds each year1, businesses are calling for more support. 82% want the banks and government to do more to protect the business community.

In the UK, the industry is already working hard to support businesses and combat payments fraud with new technology solutions being developed to tackle it. For example, the Vocalink Services Corporate Fraud Insights solution flags suspected fraudulent transactions for businesses early on by applying advanced analytics and behavioural rules to payments data. Live with NatWest, it helped to prevent £7 million in losses in just the first 12 months.

However, the next step is better enable the financial institutions to repatriate stolen funds to the victims of fraud and scams. Unfortunately, under current law once funds have been moved to an alleged scammer, the customer no longer has legal title to them. This generally means a court order is needed to return the funds, so the finance industry is calling on the government and regulators to work with them to resolve this.

David Rich, Executive Vice President, Vocalink Services, commented:

“Payments fraud costs the UK hundreds of millions of pounds each year, and our report shows a widespread fear among UK businesses that fraudsters are now one step ahead of them. Yet, at the same time, there seems to be a worrying lack of understanding of the importance of protecting the business against payments fraud.

“Fraudsters use highly sophisticated methods to trick their victims into sending money in good faith to an illicit account. Our Corporate Fraud Insights solution can help banks work with their business customers to investigate risky transactions early on, but we’d also like to see the government and regulators make it much easier for victims to get their stolen money back. We also encourage businesses to better protect themselves, for example by double-checking invoices, educating their teams, or putting in place additional checks and processes before payments are submitted.”

Katy Worobec, Managing Director of Economic Crime at UK Finance, commented:

“This report shows the devastating effect that fraud is having on UK businesses. With criminals becoming ever more inventive when it comes to scamming money from companies, it’s imperative the financial services sector continues to work together to prevent existing and emerging types of fraud. The industry is constantly investing in advanced security systems to protect customers, and successfully prevents £2 in every £3 of attempted unauthorised fraud. The development and deployment of innovative technological solutions are a key part of this fight.

“As the industry continually improves its response to fraud, it is important that other sectors play their part by securing customers’ data. Businesses need to take additional steps to better protect themselves from falling victim to scammers. At the same time we are supporting law enforcement in disrupting criminals and assisting the government in improving intelligence sharing, both of which are crucial in tackling fraud.”

Vocalink has also produced some advice on steps businesses can take to help protect themselves:

  1. Be vigilant – make business fraud the business of everyone, not just the accounting teams.  Train client-handling or account-facing teams about the risks & implications of business fraud, and how to identify the signs.
  2. Authenticate – verify any requests from the MD, CEO or board through a tiered system where emails and telephone conversations requesting movement of monies are verified by a second contact.
  3. Introduce checks – instigate checking of communications amongst finance and account-handling teams such as email addresses, use of English, and written mistakes in the email.  Encourage a system whereby suspect emails are checked by a second team member.
  4. Protect – anti-virus software should be kept up to date, and computer systems must be secure. This is not an additional cost but an essential part of day-to-day business practice.
  5. Be alert – pay special attention to any request from suppliers or clients for payment details to be changed, especially via email or fax. Fraudsters will often use social engineering to trick staff into updating details. Employ a secondary validation process by calling a known number/contact at the supplier to verify the request is legitimate.



Emma Harvey / Robyn Margetts                                                             Ellie Fixter

Seven Consultancy                                                                                      Director, External Communications

emma@seven-consultancy.com                                                              ellie.fixter@mastercard.com

/ robyn@seven-consultancy.com

Notes to Editors

  1. According to UK Finance, in the first half of 2018, a total of £145.4 million was lost due to authorised push payment scams.

Methodology: Populus surveyed 514 owners, managing directors and board directors of UK businesses online between 25th September and 3rd October 2018. Businesses ranged in size from micro (0-9 employees) to large (250+ employees).

Vocalink Services Corporate Fraud Insights– Payments fraud occurs when companies are duped into paying money to a fraudster rather than a legitimate supplier; whether that is a one-off bill or a regular payment. This includes Invoice Redirection, CEO (also known as Business Email Compromise or BEC) and Mandate fraud. Once processed, the funds are quickly laundered through the banking system, making it difficult to trace. Stolen funds are rarely recovered, leaving financial institutions and their customers to bear the cost. Our Corporate Fraud Insights solution identifies and flags suspected fraudulent transactions early in the transactional cycle by applying advanced analytics and behavioural rules to payments data.

About Vocalink

A Mastercard company, Vocalink designs, builds and operates industry-leading bank account-based payment systems. Our technologies power the UK’s real-time payments, settlements and direct debit systems, as well as the UK’s network of nearly 70,000 ATMs. In 2017, we processed over 90 percent of salaries, more than 70 percent of household bills and almost all state benefits in the UK. In addition, our proven real-time bank account-based payment solutions provide more payment choice to customers in Peru, Singapore, Thailand and the United States. For payment news and insight from Vocalink visit CONNECT – http://connect.Vocalink.com/

About Mastercard

Mastercard (NYSE: MA), www.mastercard.com, is a technology company in the global payments industry. Our global payments processing network connects consumers, financial institutions, merchants, governments and businesses in more than 210 countries and territories. Mastercard products and solutions make everyday commerce activities – such as shopping, traveling, running a business and managing finances – easier, more secure and more efficient for everyone. Follow us on Twitter @MastercardNews, join the discussion on the Beyond the Transaction Blog and subscribe for the latest news on the Engagement Bureau.

More To Explore


Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?