There’s no doubt that the threat of fraud is a major concern for companies around the world – and with good reason. In July 2018, the FBI reported that Business Email Compromise (BEC) scams had resulted in losses of over USD 12.5 billion globally since 2013. For companies falling victim to fraud, the consequences can be far-reaching, ranging from financial loss to reputational damage. The good news is that companies are increasingly taking action to mitigate these risks. But with the techniques used by cybercriminals continuing to evolve, how should companies protect themselves in 2019?
What are the threats?
Payments fraud can take many forms, and different types of scams vary when it comes to frequency of attack and the scale of a possible loss. To understand this in more detail, Strategic Treasurer’s 2019 Treasury Fraud & Controls Survey took a closer look at the types of threats companies face, and the actions that companies can take to shore up their defences.
The survey’s respondents identified the top three risks as follows:
Business Email Compromise (BEC) fraud. Almost 80% of companies had experienced attempted attacks in the last 12 months. However, the success rate for such attacks was relatively low, with only 10% of the reported attacks leading to a loss.
Cyber fraud/data theft. The theft of sensitive data via phishing attempts or similar was very significant. Over half (56%) of the companies polled had experienced an attack – and while only 7% of those attacks were successful, such attacks do not always lead to immediate financial loss and some companies may be unaware they’ve been targeted.
Check forgery. Fifty-one percent of respondents encountered check forgery in 2018. While fewer attacks were noted than for BEC fraud and cyber fraud, check forgery demonstrated a higher success rate: around 18% of the attacks recorded led to loss.
It’s clear that some types of attack are more likely than others. Likewise, various types of fraud are associated with different levels of financial loss. For example, analysis in 2016 found that BEC fraud was associated with tens or even hundreds of thousands of dollars per loss, compared to less than USD 2,000 per loss for check forgery.
How to bolster your defences in 2019
Understanding the risks is important – but companies need to take definitive action to protect themselves. The 2019 Treasury Fraud & Controls Survey offers encouraging signs that companies are upping their game where security is concerned: half said that they were in a better position to fight fraud compared to last year. But for many companies, there is plenty of room for improvement.
From training staff in security to applying robust controls such as multi-factor authentication, companies should consider whether they are taking all necessary precautions:
Security training. Regular security training is a must. While the research showed that almost two-thirds of organisations train employees on security annually, not all training is alike. For example, less than half of companies tested their employees with fake phishing emails. To equip employees with the tools they need to combat criminals, businesses should give employees annual training on how to prevent fraud, identify suspicious activity, and respond to an attack – and they should test employees with written tests and fake instances of fraud.
Multi-factor authentication. MFA is an essential fraud control which reduces the likelihood of a criminal accessing payment systems or executing a funds transfer. With MFA, users must provide both a username/password as well as another form of identification, such as a randomly generated passcode or biometric scan. The survey found that while 69% of corporates are using MFA on all wire payment platforms, only 41% were doing so for non-wire payment platforms.
Encrypt data. While over half of the survey’s respondents cited data encryption as an area of focus, it was clear that the most effective measures for protecting data were not always used. Forty-one percent said they were encrypting data at rest, while 39% were encrypting data in transit – meaning that for many companies, data remains vulnerable at certain junctures.
Least privilege. The principle of least privilege states that users should only have access to systems or information they need to support operations. This is an important means of reducing fraud exposure in the event of an attack. In practice, however, only 13% of respondents said they had officially adopted this policy in-house.
Next steps
While companies are increasingly taking action, there can be no complacency in the fight against payment fraud. The techniques used by criminals are becoming more sophisticated, so treasury and finance professionals must regularly inspect their controls to spot exposures before a loss occurs.
‘Cyber attackers are sophisticated, persistent, patient, and leverage automation,’ comments Craig Jeffery, Managing Partner of Strategic Treasurer. ‘The same can’t be said for the majority of organisations.’ As such, he says companies must constantly upgrade both the technology and human elements of their controls, and continually examine their payment processes in light of the new threat level.
To learn more about the risks treasurers face and the measures they can take to protect their businesses, download the 2019 Treasury Fraud & Controls Survey Report.
This editorial was first published in the B2B Payments and Fintech Guide 2019 - Innovations in the Way Businesses Transact, which offers insightful editorials and use-case analyses on how to envision a proper regulatory and technological framework for safe and effective cross-border and instant B2B payments.
About Rebecca Brace
Rebecca Brace is the former editor of Treasury Today and has 13 years’ experience in writing about global transaction banking, corporate treasury, trade finance, and risk management.
About Strategic Treasurer
Strategic Treasurer was founded in 2004 by Craig Jeffery, a financial expert and trusted advisor to executive treasury teams since the early 1990s. Partners and associates of Strategic Treasurer span the US, the UK, and continental Europe. For more information visit www.strategictreasurer.com
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now