Insight & Analysis

How treasury can mitigate payment fraud risk

Published: Jul 2018

Payment fraud is on the rise. What steps can treasury teams take to stop their organisation being caught out?

Payment fraud is impacting corporations more than ever before. Indeed, 78% of organisations were hit by payment fraud in 2017, according to the AFP’s latest payment fraud survey, costing businesses 0.5% of annual turnover on average.

So, what can corporations, and more specifically the treasury department, do to mitigate the risk of payment fraud happening?


For Nadya Hijazi, Global Head of GLCM Digital at HSBC, the first step is building awareness and ensuring that all treasury staff are aware of different types of fraud, how they work and how to defend against them. “This will help them recognise fraudulent activity such as social engineering attacks and to prevent fraud,” she says.

Banking partners, which take fraud prevention and cyber-security extremely seriously, can help considerably, providing information on the latest trends to treasury teams. Banks can also assist treasury teams in putting proper controls in place. “Have a conversation with them to understand the controls they suggest and what controls are available to you on their payment platforms,” advises Nadya.


Prevention is better than cure and treasury should work diligently to ensure that it puts procedures in place to prevent fraud.

“If a banking site supports payment limits, use them,” says Nadya. “Some of our platforms support both payment limits and dual control functions where payment authorisations can be required from multiple people. Having more than one set of eyes looking at outgoing payments can significantly increase the chances of catching fraud.”

Treasury should also look to build a “culture of questioning”. Nadya explains that many fraud attempts are successful because staff making the payments assume that the instructions they received came from people higher up in the organisational hierarchy.

“Fraudsters typically ask for actions to be executed immediately or insinuate that the payments are for a confidential purpose for the organisation,” she says. “These are red flags that must be recognised and staff should be encouraged to question payments that do not follow proper procedures or that seem suspicious.”

Simple treasury best practice like reconciling statements in a timely manner can also be a significant help. Treasury may also wish to have different people within the department conduct daily spot checks on transactions – this can deter and prevent insider fraud.

Finally, anytime a vendor or a third party notifies of a change in banking details, have the information validated using contact information from your records. “Fraud may also involve payments made to a different account after a notification is received, supposedly from the beneficiary that the bank or account information has changed,” says Nadya.


Even with all of these processes and controls conducted perfectly day-to-day, there is always a chance that a fraud will be successful. It is then that treasury needs an effective and timely response plan, as the more time passes the greater the likelihood that funds will not be recovered.

“The moment a payment fraud is identified, treasury should call its bank,” says Nadya. “If the funds have not yet left the bank, it can hold the payment until it is validated.”

If the funds have left the bank it may be possible to fully or partially recover them, depending on where they have been sent. “It is important for key company employees to have bank contact numbers handy – including the Relationship Manager or its fraud team, and to ensure that everyone in the treasury department, or the wider finance department, knows where to find them,” concludes Nadya.

All our content is free, just register below

As we move to a new and improved digital platform all users need to create a new account. This is very simple and should only take a moment.

Already have an account? Sign In

Already a member? Sign In

This website uses cookies and asks for your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).