The rise of cyber-fraud
There is no doubt – worldwide, and specifically in the Asia Pacific (APAC) region, cyber-fraud is on the rise. In a recent survey conducted from June to August 2019, it was found that fraudulent transactions cost APAC businesses an average of 3.4 times the amount of lost transaction value.
Among the different types of cyber-fraud attempts – and one of the toughest to detect and prevent – is corporate payment fraud.
In a recent AFP report it was noted that 2019 had the highest levels of payments fraud activity in over a decade, with a record-breaking 81% of organisations that were targeted.
The weak link in securing the payment chain
Being able to detect and prevent a payment fraud attempt can be very difficult when the controls in place are exclusively manual and rely on the vigilance of employees.
This is because cyber-fraudsters bring to the table two very powerful weapons. The first is social engineering skills that enable them to effectively dupe employees and manipulate them into diverting payments to their own fraudulent accounts.
The second is a set of advanced technologies that they leverage to carry out their attacks. These include technologies that enable phone number spoofing, hacking into emails and finance and operation systems, and deep-fake voice cloning software – all of which have become widespread for executing social engineering attacks against treasurers, finance executives, and accounts payable and procurement personnel and systems.
For treasurers, the key to mitigating that risk is replacing manual processes with technology-based controls and automation.
Targeting the top vulnerabilities
Through its extensive work with finance executives and teams around the world, the subject matter experts at nsKnox have identified the two most vulnerable areas related to the payment execution process.
Whenever a new supplier is onboarded or an existing supplier requests changes to their account details on file, the account validation process that is used is typically manual. Namely, either a captured image of a cheque is requested or an official document is required for verification.
Both of these are highly prone to error and vulnerable to social engineering.
The payment transaction journey
Furthermore, once the payment transaction journey has started, further checks are usually focused on validating invoice amounts, making sure goods were actually delivered or services were rendered and, rarely, validating account data was not manipulated. This renders the payment file extremely vulnerable to cyber-hacking.
A new approach to payment protection
The key to overcoming the challenge to corporate payment protection and to detecting and preventing cyber-fraud attacks before they happen is to replace manual account validation processes with a technology-based validation, together with automated payment checks.
By leveraging technology that is more sophisticated than that which is used by cyber-fraudsters when validating supplier accounts, and by introducing automated real-time payment checks, treasurers and the finance department can bypass the need for manual controls and eliminate the risk of human error, thus preventing unauthorised payments.