Payment Solutions News | Quick Tips


Fraudsters are getting more sophisticated and continue to develop multiple methods for scamming businesses. But being aware of what is out there—and keeping your employees informed of the different  scams—can go a long way in helping to ensure your business is not affected by fraud.


Business Email Compromise

Account Takeover (ATO)


Business Process Compromise (BPC)

Distributed Denial of Service (DDoS)

New Account


Use of electronic techniques to compromise legitimate business email accounts

Theft of online banking credentials to initiate fraudulent payments

Use of malware to deny availability to data and systems, followed by demand of a ransom payment to release data

Infiltrating and manipulating aspects of internal business processes[1]

Use of illegitimate Internet traffic to prevent legitimate access to a website

Opening of new accounts in consumers’ names without their knowledge

Types or

Display name deception

Domain spoofing

Look-alike domains









Financial manipulation

Combo SYN Flood

DNS Amplification

NTP Amplification

Utility fraud

Loan fraud

Credit card fraud

Fraud Impacts

BEC-EAC U.S. losses of $676 million in 2017[2]

40,000 BEC attempts in 2016[3]

77% of organizations experienced BEC scams in 2017[4]

$5.1 billion in losses in 2017 (+120% from 2016)[5]

44% of businesses were victims of an ATO-based attack [6]

Average amount paid in ransom is $1,400 [7]

$5 billion in global losses in 2017, expected to rise to $11.5 billion in 2019 [8]

BPC was responsible for an $81 million Bangladesh Bank heist in 2016[9]

92% rise in DDoS attacks between 1Q17 and 3Q17[10]

Individual DDoS attacks can cost $50,000[11]

$3.6 billion in losses in 2016 (+24% from 2015) [12]

30% of victims had a credit card opened in their name [13]




Discover how PNC can deliver ideas, insights and solutions to help you achieve your objectives. Contact your PNC Treasury Management Officer or Account Manager, or visit


Economic Reports

The National Economic provides insight into national and regional trends.

Read now »

Important Legal Disclosures & Information

    [1] Trend Micro

    [2] 2017 Internet Crime Report, Internet Crime Complaint Center (IC3),

    [3] FBI, reported in “Small and Mid-Sized Companies Are the New Targets of Business Email Compromise,” Mondaq Business Briefing, March 6, 2018

    [4] 2018 AFP Payments Fraud and Control Survey

    [5] “Identity Fraud Hits All Time High With 16.7 Million U.S. Victims in 2017, According to New Javelin Strategy & Research Study,” Business Wire, February 6, 2018

    [6]“Account Takeover Based Attacks More Than Double with 44% of Businesses Falling Victim,” Business Wire, April 12, 2018

    [7] “As Ransomware Attacks Grow in Sophistication, Both Employees and Employers are Paying Ransoms in Record Number,” PR Newswire, October 31, 2017

    [8] “Global ransomware damage costs predicted to exceed $11.5 billion annually by 2019,” PR Newswire, November 15, 2017

    [9] “The 2017 Cyberrisk Landscape,” Risk Management, January 1, 2017

    [10] “Number of DDoS Attacks Have Doubled in Six Months as Criminals Leverage Unsecured IoT Devices,” Business Wire, November 20, 2017

    [11] “Individual DDoS Attacks Can Cost Enterprises US$ 50,000 (£35,000), Corero Research Finds,” Business Wire, April 17, 2018

    [12] “Credit-Card Fraud Keeps Rising, Despite New Security Chips—Study,” The Wall Street Journal, February 1, 2017

    [13] “Credit-Card Fraud Keeps Rising, Despite New Security Chips—Study,” The Wall Street Journal, February 1, 2017

    This Payments Solution News was prepared for general information purposes and is not intended as legal, tax or accounting advice or as recommendations to engage in any specific transaction, and does not purport to be comprehensive. Under no circumstances should any information contained in this newsletter be used or considered as an offer or commitment, or a solicitation of an offer or commitment, to participate in any particular transaction or strategy. Any reliance upon any such information is solely and exclusively at your own risk. Please consult your own counsel, accountant or other advisor regarding your specific situation. Neither PNC Bank nor any other subsidiary of The PNC Financial Services Group, Inc. (“PNC”) will be responsible for any consequences of reliance upon any opinion or statement contained here, or any omission.

    PNC and PINACLE® are registered marks of The PNC Financial Services Group, Inc. All other trademarks are the property of their respective owners.

    EMV is a registered trademark in the U.S. and other countries, and is an unregistered trademark in other countries, owned by EMVCo.

    RTP® is a registered trademark of The Clearing House Payments Company LLC.

    Visa and Visa IntelliLink® are registered trademarks of Visa International Service Association and used under license.

    Mastercard is a registered trademark of Mastercard International Incorporated.

    Android, Android Pay, and the Android Logo are trademarks of Google Inc.

    Apple Pay® is a registered trademark of Apple Inc.

    Samsung, Samsung Pay, Galaxy S (and other device names) and Samsung Knox are trademarks or registered trademarks of Samsung Electronics Co., Ltd. Other company and product names mentioned may be trademarks of their respective owners. Samsung Pay is available on select Samsung devices.

    Zelle® is a registered trademark of Early Warning Services, LLC.

    BillerIQ is a trademark of Transactis, Inc.

    HighRadius is a trademark and brand of High Radius Corporation.

    PNC does not charge a fee for the Mobile Banking service. However, a supported mobile device is needed to use Mobile Banking. Also, your wireless carrier may charge you for data usage. Check with your wireless carrier for details regarding your specific wireless plan and any data usage or text messaging charges that may apply.

    Bank deposit, treasury management and lending products and services are provided by PNC Bank, National Association, a wholly owned subsidiary of PNC and Member FDIC.

    Lending and leasing products and services, including card services and merchant services, as well as certain other banking products and services, require credit approval.

    Read a summary of privacy rights for California residents which outlines the types of information we collect, and how and why we use that information.