No matter the size or sector, Canadian businesses today are faced with the threat of fraud. From sophisticated impersonation scams to stolen payment credentials, businesses are being targeted with increasing frequency—and success.
According to a 2024 study from Payments Canada, one in five Canadian businesses experienced payment fraud within the past six months. As a result, 15% suffered direct financial losses. Larger corporations reported the highest rates of fraud with 26% of large commercial operations affected, compared to 16% of small businesses polled.
The good news is that taking prompt and informed action can significantly reduce the financial and operational impact of fraud. Seven in 10 businesses that experienced fraud were either fully or partially reimbursed by their financial institution, according to Payments Canada.
Here’s what to do if you suspect your business has been targeted:
1. Stay calm
While encountering fraud is undoubtably a stressful experience, the most effective course of action relies on you maintaining a calm, cool head under pressure. Take a moment to collect and prepare yourself before following.
2. Document everything
Accurate and thorough documentation is essential. Preserve any digital or physical evidence related to the interaction. Save emails, text messages and website links. Keep all supporting documents, such as receipts, cancelled cheques, phone records, shipping materials, and written correspondence. Each piece of information could assist in a potential investigation.
3. Contact your financial institution
Time is critical. If you suspect your company has been a victim of fraud, notify your bank right away to help freeze impacted accounts and place flags on your accounts. Your bank will be able to halt further transactions.
If you bank with RBC and suspect your business has been targeted, contact our dedicated reporting line.
You can report the incident to the financial institution where the money was sent, such as the money service business, bank or credit union, credit card company, or internet payment provider.
You should also report the fraud to both credit bureaus: Equifax and TransUnion.
4. Contact the police
Even if you have not lost money in the fraud attempt, report the incident to your local police department, and take note of your file number for future reference. Keep a record of your correspondence with the police, and be sure to keep them updated on any new activity.
5. Secure your systems and credentials
Now it’s time to secure your digital footprint. Start by changing all passwords across affected systems and consider implementing multi-factor authentication, which adds an extra layer of security by requiring users to verify their identity through multiple methods. Some businesses may consider restricting sensitive data access to essential employees only in order to minimize risk exposure.
41% of commercial businesses still store passwords on personal devices, and one in four SMEs use the same password credentials for personal use as they do business use. These practices are potentially risky and should be avoided whenever possible.
6. Report to anti-fraud authorities
Fraud prevention is a shared responsibility. In Canada, there are a number of entities that fraud can be reported to:
-
Canadian Anti-Fraud Centre: Documenting fraud with an official government service can help track trends on a national level and support prevention efforts. The Canadian Anti-Fraud Centre can be reached online here or by phone at 1-888-495-8501.
-
Competition Bureau: Depending on the type of fraud, you can file a report of misleading or deceptive marketing practices with the Competition Bureau.
-
The Canadian Centre for Cyber Security: Reporting a cyber incident to the Cyber Centre helps to inform the government’s response to cyber security events.
7. Communicate with transparency
Once your systems are secure and the appropriate channels have been notified, affected stakeholders—staff, clients, suppliers, insurers—can be communicated with as needed. Clear and proactive conversations can help preserve trust and limit any potential reputational harm.
Consider your next steps: Reinforce your security protocols
For many businesses, a security incident like fraud can serve as a catalyst for improvement. A thorough audit to identify vulnerabilities can be a starting point. Reinforce staff training so employees can spot phishing attempts and other common scams.
Fraud is an operational risk that no business should ignore. It can impact finances as well as brand trust and operations, and while it’s impossible to eliminate fraud risk entirely, the right response can work to reduce its impact.
Visit our hub for more advice on protecting your business from cyber security threats.
