This issue’s question

“How can treasurers protect against payments fraud?”

The rise of cyber-fraud

There is no doubt – worldwide, and specifically in the Asia Pacific (APAC) region, cyber-fraud is on the rise. In a recent survey conducted from June to August 2019, it was found that fraudulent transactions cost APAC businesses an average of 3.4 times the amount of lost transaction value.

Among the different types of cyber-fraud attempts – and one of the toughest to detect and prevent – is corporate payment fraud.

In a recent AFP report it was noted that 2019 had the highest levels of payments fraud activity in over a decade, with a record-breaking 81% of organisations that were targeted.

The weak link in securing the payment chain

Being able to detect and prevent a payment fraud attempt can be very difficult when the controls in place are exclusively manual and rely on the vigilance of employees.

This is because cyber-fraudsters bring to the table two very powerful weapons. The first is social engineering skills that enable them to effectively dupe employees and manipulate them into diverting payments to their own fraudulent accounts.

The second is a set of advanced technologies that they leverage to carry out their attacks. These include technologies that enable phone number spoofing, hacking into emails and finance and operation systems, and deep-fake voice cloning software – all of which have become widespread for executing social engineering attacks against treasurers, finance executives, and accounts payable and procurement personnel and systems.

For treasurers, the key to mitigating that risk is replacing manual processes with technology-based controls and automation.

Targeting the top vulnerabilities

Through its extensive work with finance executives and teams around the world, the subject matter experts at nsKnox have identified the two most vulnerable areas related to the payment execution process.

Account validation

Whenever a new supplier is onboarded or an existing supplier requests changes to their account details on file, the account validation process that is used is typically manual. Namely, either a captured image of a cheque is requested or an official document is required for verification.

Both of these are highly prone to error and vulnerable to social engineering.

The payment transaction journey

Furthermore, once the payment transaction journey has started, further checks are usually focused on validating invoice amounts, making sure goods were actually delivered or services were rendered and, rarely, validating account data was not manipulated. This renders the payment file extremely vulnerable to cyber-hacking.

A new approach to payment protection

The key to overcoming the challenge to corporate payment protection and to detecting and preventing cyber-fraud attacks before they happen is to replace manual account validation processes with a technology-based validation, together with automated payment checks.

By leveraging technology that is more sophisticated than that which is used by cyber-fraudsters when validating supplier accounts, and by introducing automated real-time payment checks, treasurers and the finance department can bypass the need for manual controls and eliminate the risk of human error, thus preventing unauthorised payments.

Payments fraud has been a constant threat for treasurers for many years. Sadly, the current crisis and economic turmoil have exacerbated this situation. Many of the issues are the same as before the crisis, but others are specific to it – all of them are real cause for concern for treasurers around the globe. So, what are they struggling with and how can they protect against payment fraud?

The challenges

Multinational companies work in decentralised teams in different locations. That often means decentralised payments via multiple, non-integrated banking sites and ERP systems, with non-standardised processes. This in turn can lead to a lack of transparency, visibility and control – all of which present the perfect breeding ground for fraud attempts, both internal and external.

This is even more of a challenge at this time of crisis: with teams working from home, communication patterns are disrupted and some extra checks that are commonplace in the office fall by the wayside. What’s more, fraud attempts and unusual activity have gone up, as fraudsters try to capitalise on the crisis and the vulnerabilities it brings. For example, we’ve seen an increase in fake offers for items such as face masks or disinfectant.

The solutions

The answer to these challenges is a web-based, group-wide payments platform that creates transparency and visibility and introduces vital security checks in order to monitor and verify payments. With a web-based system available wherever you are, working from home does not present a security risk.

Such a group-wide system enables companies to replace their many disconnected solutions and bring everyone together in one system: with complete data accessible and technological checks, they gain transparency, visibility and control. System-integrated technological solutions include two-factor authentication, straight-through processing, mandatory dual approval processes, system-based user permissions management, cloud-based data hosting, black list and white list checks or even AI fraud detection. In addition, direct interfaces with ERP systems prevent unnecessary file storage that risks manipulation. Secure encryption is another important factor.

Through the introduction of one group-wide, secure payments platform, companies are also able to standardise processes. System and processes go hand in hand here: everyone needs to follow the same protocol and technology enables “behind-the-scenes” safeguards across the entire payments workflow. No one is able to circumvent these safeguards and everyone has clear directions to follow when it comes to approving or releasing payments. This significantly lessens the burden on employees during an already difficult time: they can simply trust the system and the process.

Collaboration is key, now more so than ever before: across companies, between treasurers and across the industry. The crisis highlights both the need for strong technological payments solutions and the need to embed these solutions in adequate and secure processes. It is also likely to speed up new technological developments, such as AI payment fraud detection.