Payment Risk Management: How to Stay Proactive
When we think about payments fraud, it’s easy to dwell on thoughts of individuals from outside an organisation pulling off the perfect crime. Yet there are equally as many threats of payment fraud that originate from within an organisation’s own four walls. Loosely defined invoice approval rules or inefficiencies in accounts payable processes, for example, can be easy prey for individuals looking to take advantage of opportunities to steal. This type of payments fraud by employees and others most often takes the form of duplicate payments, miscalculations, unsupported payment claims and ineligible beneficiaries.
As criminals become increasingly savvy about ways to circumnavigate processes and safeguards, organisations face a never-ending test of payments risk management. Many improper payments continue to go unidentified due to inadequate internal controls or siloed information systems. Without the ability to proactively create payment thresholds, monitor irregular payment volumes or quickly identify and flag duplicate payments, mitigating payments risk becomes a near impossible task.
Today, this reality is amplified across a growing number of enterprises and government programmes that disburse high volumes of payments, make expedited payments or manage complex criteria for computing them. By being more proactive and adopting an aggressive approach to payments security, one that leverages advanced payment risk management technologies and centralises payments monitoring and control, organisations can more readily protect themselves against duplicate payments and other prevalent types of fraud from within.
In the new age of Sarbanes-Oxley and OFAC compliance, web-based payment risk management solutions are providing organisations with the ability to protect against duplicate payments and other prevalent types of fraud by centralising payments monitoring and control across siloed or legacy systems. In deploying such solutions, organisations can combat payment fraud proactively through:
Individuals and businesses can easily use variations of names to avoid detection, rendering simple direct name matching practices insufficient. Offering powerful matching capabilities, via a name variation algorithm, solutions can generate scores of name variations for a single individual on a list. Common lists of ineligible payees include OFAC SDN, FBI, Financial Crimes Enforcement Network (FinCEN), Temporary Assistance for Needy Families (TANF) Violators, Store Owner Trafficking, Prisoner and other internal and external lists.
In addition to helping enterprises monitor and prevent payments to ineligible recipients, payment risk management solutions can also help insure against improper payments by verifying issuances against key eligibility databases, including valid employees, approved vendors and eligible benefit participants.
Introducing panel approval schemes, which provide the ability to establish approval hierarchies for payments exceeding a pre-determined amount, can help organisations guard against would-be criminals seeking to pass high-dollar payments under the radar. Through the use of electronic workflow capabilities, information relevant to the payment can be quickly routed from one individual to the next, ensuring that payment information is reviewed and approved by authorised individuals prior to release for payment.
More devious criminals, vendors and employees may try to figure out simple accounts payable approval rules and submit invalid requests for payment (invoices, programme requests or enrollment) that they know would get paid without review. Web-based payment risk management solutions provide the ability to catch suspect payments by monitoring irregular payment volume under certain thresholds.
In many cases due to inefficient practices, by the time a payment is processed or mailed, a payee has already complained about late payment and, in some cases, may have requested a cheque to be written on demand. Gaining the ability to flag duplicate payments, such as checks written to the same person with the same amount within a defined time window, can help reduce unnecessary or duplicate issuances.
Some criminals know that companies cross-check their payments with a list of names to identify fraud. Therefore, you need to stay one step ahead by checking for the same payee address as well. By identifying cheques and electronic payments written or originated to different payee names, yet mailed to the same address, your chosen solution can help to extend the effectiveness of your fraud prevention tactics.
Fraud prevention shouldn’t be limited to monitoring paper cheques. Leverage solutions designed to quickly identify electronic payments made to different payee names with the same bank account number. Rogue employees or vendors could make or request fictitious payments to a friend or relative with whom they share a bank account. Tracking trends for frequent or multiple low-dollar amount items paid to the same account is also particularly helpful in identifying fraudulent activity.
In today’s fast changing world of payment security, staying one step ahead of those seeking to defraud your organisation has never been more difficult. The danger of payment fraud and the need to be vigilant in protecting the security of corporate payment processes will be a top treasury priority well into the foreseeable future. Tackling this challenge head-on requires the right mix of technology and determination. With the proliferation of web-based payment risk management solutions, corporate treasurers are increasingly finding themselves in a position of strength when it comes to dealing with payment fraud. Through the various capabilities offered by these web-based enterprise payments solutions, corporate treasurers can adopt a more proactive – rather than reactive – approach to payment security.