“Payments fraud is still your company’s most powerful threat.” (Wells Fargo)
We live in a hyper-digital age that, on the one hand, is driving innovation in services and experiences. On the other hand, it is also inadvertently nurturing a breeding ground for ever-more sophisticated cybercrime. The more connected people are, the more data security vulnerabilities are created by the devices and systems that connect them.
Indeed, with faster payments, open banking, and the accelerated release of new payments products and services, payments fraud has become a formidable threat to enterprises worldwide.
Moreover, perpetrators of this fraud are continually casting a wider and wider net. This can be seen in the increasing shift in focus from primarily targeting banks, to aiming directly at businesses and enterprises.
Fraudsters are also becoming increasingly effective in their methods, achieving unprecedented success at circumventing corporate controls and probing deeper into systems to orchestrate and execute coordinated attacks.
As such, it is incumbent upon every organization seeking to protect its financial assets, to take heed of the following five facts about payments fraud.
80% of Organizations Get Hit
Simply put, corporate payments fraud involves falsely creating or diverting payments. There are multiple types of payments fraud, including creating bank accounts for the sole purpose of enabling the fraudulent payments to be made, social engineering (psychological manipulation of people), identity theft, impersonation of company officers by hackers, and access abuse by corporate employees.
According to the 2019 Payments Fraud and Control Survey Report from the Association for Financial Professionals (AFP) and underwritten by JPMorgan, the most prevalent type of digital payments fraud is Business Email Compromise (BEC). Where, 80% of organizations are reported to have been the victims of an attack , including – most notoriously – Facebook and Google, two of the most well-protected technology organizations in the world.
Existing Controls Are Not Enough to Prevent Payments Fraud
It is clearly evident from the frequency, breadth, and depth of such fraud attempts, that existing controls do not suffice.
Organizations must do more than merely depend on the expertise and vigilance of their treasury staff and finance departments. Moreover, enforcing updated employee training, increased education, and policy updates can only go so far.
In fact, 95% of all security incidents involve human error. Cybercriminals are particularly adept at not only manipulating technology for executing attacks, but also at manipulating human vulnerabilities. They have proven to be very effective in duping company employees into unwittingly providing them access to sensitive information.
That’s why focusing on the weakest link in the cybersecurity chain will never live up to the demands of keeping corporate payments safe.
Importantly, it is insufficient to only attend to the issues that the organization faces today. Rather, it is vital to get at the root cause of issues and apply preventative measures at the deepest levels of technology, infrastructure, and process in order to be ready for the risks that the future holds.
Payments Fraud Results in Billions of Dollars in Annual Losses
While there are great variances in the estimates of payments fraud’s impact on consumers and financial institutions, no matter how you look at it – the numbers are staggering. For example, losses to banks alone are conservatively estimated to exceed $31 billion globally by 2018. (McKinsey).
According to the FBI, Business Email Compromise attacks alone cause nearly $1.5 billion in annual losses, with known worldwide losses topping $12.5 billion over the period of 2013–2018. This makes BEC the cause of the highest estimated out-of-pocket losses from any class of cyber-facilitated crime during this period, according to a recent SEC report. Making matters worse, cash lost to cyber-fraud is rarely recovered.
The CISO Plays a Strategic Role in Protecting the Organization
The Chief Security Officer (CISO) plays a critical role in preventing cyberfraud attacks. It is true that making prudent decisions about how to protect the company’s finances rests typically in the hands of the CFO. However, ensuring that an optimal technology solution is in place to protect the organization’s financial assets i.e. payments, just as there is for protecting the company’s data – rests on the shoulders of the CISO.
Real-Time, Independent Controls Are Powerful Means for Preventing Attacks
The key to ensuring a robust cybersecurity posture is real-time, independent controls. This means that potential risks are alerted in real time, enabling the organization to prevent the bulk – if not all – of the damage. Moreover, ‘independent’ means that a cybersecurity mechanism and system for securing payments which lies outside the security perimeter of the organization will be much more effective – since it will not be the direct (nor indirect) target of the acting cybercriminals.
nsKnox can assist companies seeking to implement preventative measures for mitigating the risk of corporate payments fraud with our real-time, independent offering.
We offer a real-time, completely autonomous solution that ensures payments integrity. It secures transactions with the approved supplier and account, enabling the detection, alerting, and blocking of fraudulent payment attempts in real time.