6 Measures to Protect Against Payment Fraud

Home > Blog  > 6 Measures to Protect Against Payment Fraud

21 Jun 6 Measures to Protect Against Payment Fraud

Posted at 15:40h in Blog by
0 Likes

Payment fraud increased by 71% from 2022 to 2023, with 96% of companies being targeted by at least one payment fraud attempt in 2023. Regularly reviewing your infrastructure and verifying that your business security measures are robust is crucial, especially to ensure protection against payment fraud. The message is clear: if you have solid, consistently executed processes that protect your payment from initiation to receipt, you significantly reduce the chances of a successful payment fraud attack.

The Threat of Impersonation

At the heart of many Business Email Compromises (BEC) and more recent developments like deepfake fraud lies the threat of impersonation. Cybercriminals use social engineering tactics to build profiles of company employees or regular vendors, which they then mimic to deceive unsuspecting individuals and cause them to make critical mistakes.

How can you identify an impersonator and improve protection against payment fraud?

It will most likely be an urgent payment request and attempt to exploit unique circumstances, such as a specific time when employees are out of the office. Additionally, if your organization is making many payments to vendors for a project, scammers might try to take advantage of that opportunity.

Although BEC scams may seem a bit dull compared to deepfake fraud, they still deserve attention, as these examples show:

  • A real estate developer in Paris, Sefri-Cime, lost 38 million euros in a CFO email compromise scam. The CFO received an email from individuals claiming to be lawyers from a well-known French accounting firm. Within days, the BEC scammer established trust with the CFO and initiated successful requests for substantial and urgent transfers totaling millions of euros.

 

  • Eagle Mountain City in Utah fell victim to a $1.13 million vendor impersonation scam. During an email exchange regarding a major construction project, cybercriminals posing as the construction vendor joined the email thread using a fake email address similar to that of the actual vendor. The scammers convinced a staff member to transfer an electronic payment to them instead of the legitimate supplier. Amid rapid growth and an influx of payment requests from multiple suppliers, they may have been less vigilant about potential scams.

Common Myths About Fraud

When it comes to payment fraud protection, many treasury and finance departments are lulled into thinking they are more protected than they actually are. Organizations may assume that their procedures are foolproof or that any lost funds will be reimbursed, but they quickly get a wake-up call when a successful attack occurs. The following myths are common:

  • “We have an approval process in place” Even companies with the strictest policies can have gaps in their processes. Employee ID/password combinations can be stolen. Regional treasury centers/shared services may require fewer approvals due to limited in-country staff. And companies with multiple ERP systems may have different approval processes, a scenario ripe for fraud.

 

  • “My bank will cover me” A bank is under no obligation to cover any customer for payment fraud unless the bank itself has been compromised. The bank may reimburse corporate customers on a case-by-case basis, but don’t take it for granted.

 

  • “We have cyber insurance” Many companies assume that if they purchase cyber insurance, they are covered in the event of a loss. However, if an organization cannot prove that it took all the necessary steps to protect itself, the insurance policy may or may not cover the loss.

What can you do to increase your protection against payment fraud?

  1. Work in the cloud. Organizations should adopt cloud technology to secure payments and systems. IT teams know that payment data and connectivity are more secure when hosted externally.
  2. Align all departments. Your internal IT department, as well as any key areas involved in payment processing, such as treasury, accounts payable, shared services, etc., must be aligned with your corporate security policies. With more and more teams working remotely, companies must ensure that all employees are using effective protections such as strong passwords, policy controls, multi-factor authentication, IP filtering, single sign-on, and data encryption.
  3. Automate payment processes and standardize controls. Automation allows organizations to standardize the payment journey from the initial request to the receipt of payment. The risk lies in exceptions to a standardized process; that is, payments made outside a typical format (urgent payment requests, which may arise from things like mergers and acquisitions, legal settlements, emergency payroll, etc.) provide opportunities for fraudsters.
  4. Enable real-time detection, alerts, and notifications. The rise of same-day and real-time payment systems has increased the need for real-time responses to fraud attempts. Modern fraud detection software uses AI and machine learning to evaluate payments based on historical data, detecting any anomalies.
  5. Implement fraud prevention workflows. Modern payment fraud protection modules support automated, end-to-end workflows for resolving pending suspicious payments. Users can determine how each flagged payment is handled, applying separation of duties between the initiator, approver, and reviewer of a flagged payment.
  6. Know your vendors. Vendors can pose a significant risk to your company. In some cases, vendors are granted access to their clients’ network credentials. If that vendor’s security protocols are inadequate, they can become an unnoticed backdoor into that client’s systems. Having a detailed information security questionnaire is crucial and provides confidence in the governance and risk programs a vendor has in place. Additionally, organizations should verify requests for changes to payment instructions directly with the vendor before completing any transaction.

Protect your payments with a secure solution and a trusted implementer

At All CMS, as experts in treasury management system implementation, we partner with Kyriba for its payment fraud prevention capabilities. We are committed to offering our clients a sophisticated real-time fraud detection and prevention module, specifically designed to enhance standard payment controls.

In a recent incident, Kyriba demonstrated the effectiveness of its payment fraud protection. The tool thwarted a fraud attempt involving a request for an $8 million bank transfer through CEO impersonation. The fraud was stopped thanks to a diligent treasury team and the fraud prevention measures in place, which require multiple employees to process payments and enforce authority limits on payment amounts.

If you want to help prevent fraud in your organization, our specialized consultants will help you determine the internal protocols. Additionally, a robust treasury management solution ensures that treasury, payment, and risk data comply with internal security policies and international security requirements, while providing 24/7 global support. The payment fraud prevention features of the solution we implement include:

  • Evaluation of suspicious payment activities through a set of predefined detection rules, such as transfers to blacklisted countries, payments to new vendors, or amounts exceeding established limits.
  • AI and machine learning algorithms to compare outgoing payments against historical payment patterns, identifying and quarantining suspicious transactions for further review.
  • Comprehensive resolution workflow, allowing for the customization of alerts and the management of detected payments in accordance with the organization’s policies, including segregation of duties and scenario-based payment holds until issues are resolved.
  • Real-time validation of bank account ownership and ensuring compliance with corporate payment policies through API-driven connection platforms, offering an additional layer of protection against BEC scams and other sophisticated fraud attempts.

To reduce risk and protect payments, organizations need an integrated solution that connects ERPs, internal frameworks, and external systems, ensuring a secure payment journey from start to finish. When exceptions occur, protocols must not be abandoned, no matter how urgent the request. Any department handling payments needs to understand that a single misstep can be catastrophic, leading to the loss of funds, jobs, and reputation for the entire organization. With All CMS, a certified Kyriba partner, you can be confident that you are choosing a solution that is secure against payment fraud.

We want to show you how to apply these treasury management automation actions to improve financial management and support your company’s success.

Our services are:

  • Cash Management Solutions
  • Payment Portal
  • Accounting
  • Risk and Financial Transaction Management
  • Bank Connectivity
  • Business Intelligence

Some of the companies that have already automated their treasury management with us

Are you looking for a trusted partner to improve your protection against payment fraud?

Assess your options with our certified consultants.

     



    All Cash Management Solutions
    Powered by  GDPR Cookie Compliance
    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.