One of the great things about what I do is that I get to meet with top-notch finance professionals from many different industries, all around the world.
While they do have varying priorities and concerns – I have found that there are a few common threads.
And one of them is – the need (and responsibility) to make sure that the organization’s outgoing payments are protected against the criminal attempts of cyberfraudsters.
For they all know that it can be too easy for hackers to use all sorts of business email compromises (BEC) techniques to dupe employees into changing an account number for an intended transfer, enabling the payment to be routed to fraudulent accounts – and resulting in great financial loss.
It’s time to shift gears
What I also hear, unfortunately, is that even with all the stories about such fraud making the headlines over the past few years, some finance teams still haven’t shifted gears on their payments protection. They are still using outdated means for verifying that the bank account details they have on record are indeed the right ones.
Sometimes they don’t do any checks at all, or simply trust in the (dubious) authenticity of the emails they receive, or just look at the invoice letterhead. But, as we know, doing this is a very risky proposition.
Cybercriminals are targeting payments and we need to do everything we can to stop them before they cause notable financial and reputational damage.
That’s why I’d like to dedicate this article to providing practical tips on how you can shift gears on payments protection and make it very difficult for fraudsters to do their criminal deed.
Manual account ownership verifications
The prevalent approach to making sure that the account details you have on hand for payees (whether vendors or other entities) are the right ones is to manually verify.
This is typically done through two primary means:
Requesting supporting documents
The first entails asking the payee to provide official company documents that confirm that the information you have in your records is indeed valid, and that they do own the account.
Such documents can be a canceled check, an account ownership certificate, bank wiring instructions, or an official bank statement, among others.
Calling the payee
In addition to requesting supporting documents, organizations often reach out to an official contact person at the receiving end for a direct verification.
This contact person is part of the payee organization’s master-data team, purchasing department, or a finance team member.
The risk of relying on tradition
While such manual verifications may deliver results – ultimately these results are far from being wholly reliable. For example, the letterhead on an invoice which comes in as a supporting document does not represent an infallibly trustworthy confirmation of authenticity.
Nor can calling into the payee organization to verify account ownership and information be relied upon. This is because it is difficult to know for sure whether you’re actually calling into a valid number.
Moreover, it is hard to really know if the person you’re speaking with is indeed an authorized representative.
The challenges to relying on tradition
Furthermore, the manual approach comes with multiple challenges.
Communication challenges
Often payees are distributed geographically, which means that they can be at different time zones. And sometimes they don’t even speak the same language as you do – making communication a great challenge.
Work-from-home challenges
Moreover, with many people still working at least part of the time from home due to the pandemic – reaching the contact person by phone and being confident that they have access to the requisite company records is not always possible.
To err is human
And to complicate matters even more – the hard truth is that in manual processes that are driven by humans, error is all too frequent. And such errors undermine the validation process and leave the organization exposed to fraud.
Going beyond manual
So, what can finance professionals do to overcome the challenge? The key to avoiding the limitations and pitfalls of manual processes is – of course – technology!
Technology and automation are the key to preventing errors and to protecting the organization against the damage that results from error.
By implementing a technology-based approach to validating payee account information, you can completely remove the need (and reliance on) manual methods that are extremely vulnerable to social engineering attempts and are often error-prone.
Furthermore, by executing such validation against a third-party trusted data source that is independent of the payee organization, the validation itself becomes profoundly more reliable.
How PaymentKnox can help
This is exactly what PaymentKnox is all about, delivering a technology-driven process that is backed by trusted third-party data sources to validate domestic and international bank accounts.
Through a powerful combination of advanced technologies, rigorous validation techniques, and public and private database searches, it eliminates reliance on emails, document exchanges, and phone calls for manual bank account ownership validation.
This way, finance professionals can minimize the risk of human error and prevent unauthorized payments by detecting and preventing social engineering attempts, insider fraud, and multiple other types of cyberfraud attacks.
