FinTechCyber Security & Fraud“Cohesive collaboration” key to defeating payments fraud

"Cohesive collaboration" key to defeating payments fraud

Shared responsibilities are the way forward in payment fraud prevention

As payments fraud becomes more sophisticated and harder to detect, corporate treasurers desperately need help to beat the cheats.

“Fraud prevention is a major global challenge [that is] still insufficiently addressed for corporate CFOs and treasurers,” Deutsche Bank’s global head of cash management, Ole Matthiessen, tells The Global Treasurer. “They are demanding effective solutions that are easy to use and can be rapidly deployed.”

Due to their ever-evolving processes, supplier payments are especially attractive to criminals, with Matthiessen stating that any solution must take a holistic approach that covers all potential scenarios. Second, it must be constantly reviewed and updated. And third, the data must be shared.

“Ever-changing forms of payment fraud have been on the rise for years,” he adds. “A solid future-proof prevention mechanism is required.”

Deutsche Bank finds that fraudsters around the world are targeting corporations across all industries, with rising losses. Insurance group Hiscox estimates that some of the most common scams typically cost $200,000 per incident. These include fake-invoices, man-in-the-middle attacks, and business email compromise.

Payment fraud on the rise

As the European Payments Council (EPC) explained in its 2021 Payment Threats and Fraud Trends Report, high-level fraud is on the rise.

In fact, the EPC is so concerned about the exploitation of the payments system by bad actors that it has established a new group to dig deeper into the vulnerability of SEPA payment instruments.

The surge in e-commerce is partly to blame for the rise in payments fraud. As the settlement of transactions speeds up, the window for detection narrows. Before the Payments Service Directive (PSD1) was introduced in Europe, for example, payments took six to seven days to reach the receiver, which gave banks plenty of time to redeem funds if a transaction was judged fraudulent. Currently, it’s been shaved down to about ten seconds.

The variety and scale of frauds is also widening, according to the EPC.

“[They] include social engineering and phishing, malware [including ransomware], advanced persistent threats (APTs), distributed denial of service, botnets and monetisation channels,” the report explains.

Fraudsters are attacking new and more lucrative targets such as company executives, payment service providers, and entire payment infrastructures. The purpose is to trick corporates into making approved disbursements known as authorised push payments.

“These techniques have greatly evolved over the last years as the targets are users rather than technology,” the EPC said.

Banks to the rescue

The good news is that banks are coming to the rescue. Last year, Deutsche Bank teamed up with Treasury Intelligence Solutions (TIS) to develop a standalone platform called Holistic Payment Fraud Prevention Solution. On top of foundation components, the package includes the collaborative element that many consider essential for the future.

As Matthiessen explains, there is a community component whereby all participating customers provide their own data and experience. In turn, this is developed into “a sound roadmap for enhancements around AI-based rule management and pattern recognition”.

In this way a picture is built up that all clients can see.

“The solution caters for all the different fraud scenarios a corporate customer has to consider,” he adds. “These range from internal to external threats, from fake invoice scenarios to man-in-the middle attacks.”

The solution addresses the main red flags confronted by treasurers and banks, among them the pernicious “social engineering”. This is designed to trick users of enterprise resource planning (ERP) systems to change internal master data such as beneficiary bank account details.

The result is that corporates, many of which pay thousands of suppliers invoices a month, cannot be sure that the account information stored in their ERP systems is the supplier’s authentic bank account.

And because treasury teams are usually small, they are vulnerable to social engineering, warns Royston Da Costa, assistant group treasurer at Ferguson, an Anglo-American distributor of plumbing and heating products. Speaking at a EuroFinance webinar late last year, he said this made it easier for fraudsters to identify and target individuals with authority to make payments.

To combat payment fraud, teamwork is required. As Deutsche Bank’s Stefan Fruschki, cash management head of transaction surveillance, said at the same webinar, cohesive collaboration is essential.

“Banks need to work hand-in-hand with their clients to determine what exactly their threat models are what they want to be alerted to,” he said.

But, as he also pointed out, that isn’t happening as much as it should.

 

Subscribe to get your daily business insights

Whitepapers & Resources

2021 Transaction Banking Services Survey

Banking 2021 Transaction Banking Services Survey

2y
CGI Transaction Banking Survey 2020

CGI Transaction Banking Survey 2020

3y
TIS Sanction Screening Survey Report

Payments TIS Sanction Screening Survey Report

5y
Enhancing your strategic position: Digitalization in Treasury

Payments Enhancing your strategic position: Digitalization in Treasury

5y
Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation

5y