BankingThe evolving landscape of corporate payment fraud

The evolving landscape of corporate payment fraud

Organisations need to utilise both dedicated fraud programs and employee training to proactively assess and implement appropriate fraud controls

Fraud is an ever-present and growing risk. More than four out of five companies (81%) said they were the target of pay­ments fraud in 2019, according to a survey by the As­sociation for Financial Professionals.  Moreover, 73% of organisations think the threat level of fraud has increased in the past year.

Because of the prevalence and growing threat of fraud, businesses should recognise how it is evolving—and how they can shift their defence to tackle the issue.

Fraud overview

 No matter the size or type of organisation, it is increasingly becoming a case of when— not if — your business will be subject to a fraud attack.

And as fraudsters become increasingly sophis­ticated and organised in their approach, it is import­ant for businesses to review their own approach to the management of fraud risk.

Recent research by PwC indicates busi­nesses with dedicated fraud programs spent 42% less on responding to actual fraud incidents, 17% less on remediation costs, and 16% less on fines and penalties.

A fraud response plan is an example of the defen­sive or reactive approach businesses have traditionally used to manage fraud risk.

A formal, agreed-upon response plan will reduce the impact of a fraud attack. It may include a step-by-step process for communicating, recovering losses, and returning the business back to a normal state while protecting it from any recurring incidents. Moreover, the recov­ery plan should consider interaction with all key stakeholders, employees, customers, banking part­ner(s), legal advisors, and regulatory authorities.

Risk assessment

 Risk assessment is also important, as different areas of the business will be susceptible to differ­ent levels and types of fraud attacks.

A comprehensive assessment will look at potential fraud risks, their likelihood of occurrence, and their potential ramifications. Any controls to mitigate fraud should also be included. All areas involved in the flow of monetary funds should be included in an assess­ment at a minimum, if not the entire organisation. These assessments, when completed on a regular basis, will provide businesses with the information needed to design and tailor a fraud program that won’t inhibit growth.

In an ever-evolving business environment, new processes and technology can alter roles and responsibilities, and potentially circumvent previously segregated duties. A regular fraud risk assessment also ensures that segregation is still valid and proactively high­lights the need for any change.

Technology

 Technology solutions implemented within the organisation can provide support in moni­toring for anomalies in business activity that could be indicative of fraud.

Solutions may include machine learning to process and generate a decision from potentially millions of pieces of data in a time frame that would not be feasible for traditional, manual in-house approaches.

Adopting a multilayer strategy where both the orga­nisation and the banking partner deploy monitoring and detection technology maximizes the ability to manage fraud risk and reduce negative impacts on genuine payments. However, it is not just detection where technology can be leveraged.

Technology can also be used to automate certain processes within a business and therefore reduce the scope of human involvement and for process abuse or compromise.

In an era when fraudsters are actively searching for and harvesting access credentials, adding levels of authentication technology or multifactor authentication to processes can be an effective de­terrent against the takeover of systems.

Employee training

Though technology plays an increasingly important role in fraud controls and detection, it can be manipulated and overridden. The importance of human involvement in the fraud management process remains critical for the oversight of technology solutions and fraud detection. Thus, it is likely that a blend of technological and human involvement will be con­sidered the optimal solution for managing fraud for the foreseeable future.

But with employees retaining involve­ment in the fraud management process, the im­portance of fraud awareness training remains crit­ical for all organisations. Fraud awareness training ensures employees are educated on fraud risks, specific fraud types, and the red flags that can help identify them.

To be effective, the training needs to be continu­ous from point of hire onward. For employees in ar­eas deemed to be high-risk, advanced fraud training and knowledge testing will ensure that these employees are cognizant of the increased risks.

Com­pliance training is also critical to communicate internal policies on organisational culture, insider fraud risk, conduct, and prohibited actions.

To further combat the risk of insider fraud, a us­er-monitoring program can be an effective method of identifying suspicious behaviour. A program can take the form of a software solution pro­viding real-time monitoring and alerting of any suspi­cious activities, or an offline analytics solution us­ing the audit logs of your business systems.

The role of the banking partner

 Products and services offered by your banking partner should be designed with a risk-assessment approach to make them as secure as possible.

Examples of risk-assessed products include those employing multifactor authentication at payment ini­tiation and a maker/checker requirement at payment initiation. Features like ‘positive pay’ introduce an additional layer of review before payments are released.

In the event of a fraud attack, the banking partner should restrict access to banking applications in response to the attack and then attempt to recover lost funds.

Conclusion

The corporate payment fraud landscape is increas­ingly sophisticated, and organisations need to de­ploy a dedicated fraud program to proactively assess and implement appropriate fraud controls.

Moreover, employ­ees continue to be an important part of a fraud pro­gram, and organisations need to ensure sufficient training is delivered to optimise em­ployees’ capabilities in detecting fraud and limiting losses.

 

 

Whitepapers & Resources

Transaction Banking Survey 2019

Transaction Banking Survey 2019

3y
TIS Sanction Screening Survey Report

Payments TIS Sanction Screening Survey Report

3y
Enhancing your strategic position: Digitalization in Treasury

Payments Enhancing your strategic position: Digitalization in Treasury

3y
Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation

3y