Fraud is an ever-present and growing risk. More than four out of five companies (81%) said they were the target of payments fraud in 2019, according to a survey by the Association for Financial Professionals. Moreover, 73% of organisations think the threat level of fraud has increased in the past year.
Because of the prevalence and growing threat of fraud, businesses should recognise how it is evolving—and how they can shift their defence to tackle the issue.
Fraud overview
No matter the size or type of organisation, it is increasingly becoming a case of when— not if — your business will be subject to a fraud attack.
And as fraudsters become increasingly sophisticated and organised in their approach, it is important for businesses to review their own approach to the management of fraud risk.
Recent research by PwC indicates businesses with dedicated fraud programs spent 42% less on responding to actual fraud incidents, 17% less on remediation costs, and 16% less on fines and penalties.
A fraud response plan is an example of the defensive or reactive approach businesses have traditionally used to manage fraud risk.
A formal, agreed-upon response plan will reduce the impact of a fraud attack. It may include a step-by-step process for communicating, recovering losses, and returning the business back to a normal state while protecting it from any recurring incidents. Moreover, the recovery plan should consider interaction with all key stakeholders, employees, customers, banking partner(s), legal advisors, and regulatory authorities.
Risk assessment
Risk assessment is also important, as different areas of the business will be susceptible to different levels and types of fraud attacks.
A comprehensive assessment will look at potential fraud risks, their likelihood of occurrence, and their potential ramifications. Any controls to mitigate fraud should also be included. All areas involved in the flow of monetary funds should be included in an assessment at a minimum, if not the entire organisation. These assessments, when completed on a regular basis, will provide businesses with the information needed to design and tailor a fraud program that won’t inhibit growth.
In an ever-evolving business environment, new processes and technology can alter roles and responsibilities, and potentially circumvent previously segregated duties. A regular fraud risk assessment also ensures that segregation is still valid and proactively highlights the need for any change.
Technology
Technology solutions implemented within the organisation can provide support in monitoring for anomalies in business activity that could be indicative of fraud.
Solutions may include machine learning to process and generate a decision from potentially millions of pieces of data in a time frame that would not be feasible for traditional, manual in-house approaches.
Adopting a multilayer strategy where both the organisation and the banking partner deploy monitoring and detection technology maximizes the ability to manage fraud risk and reduce negative impacts on genuine payments. However, it is not just detection where technology can be leveraged.
Technology can also be used to automate certain processes within a business and therefore reduce the scope of human involvement and for process abuse or compromise.
In an era when fraudsters are actively searching for and harvesting access credentials, adding levels of authentication technology or multifactor authentication to processes can be an effective deterrent against the takeover of systems.
Employee training
Though technology plays an increasingly important role in fraud controls and detection, it can be manipulated and overridden. The importance of human involvement in the fraud management process remains critical for the oversight of technology solutions and fraud detection. Thus, it is likely that a blend of technological and human involvement will be considered the optimal solution for managing fraud for the foreseeable future.
But with employees retaining involvement in the fraud management process, the importance of fraud awareness training remains critical for all organisations. Fraud awareness training ensures employees are educated on fraud risks, specific fraud types, and the red flags that can help identify them.
To be effective, the training needs to be continuous from point of hire onward. For employees in areas deemed to be high-risk, advanced fraud training and knowledge testing will ensure that these employees are cognizant of the increased risks.
Compliance training is also critical to communicate internal policies on organisational culture, insider fraud risk, conduct, and prohibited actions.
To further combat the risk of insider fraud, a user-monitoring program can be an effective method of identifying suspicious behaviour. A program can take the form of a software solution providing real-time monitoring and alerting of any suspicious activities, or an offline analytics solution using the audit logs of your business systems.
The role of the banking partner
Products and services offered by your banking partner should be designed with a risk-assessment approach to make them as secure as possible.
Examples of risk-assessed products include those employing multifactor authentication at payment initiation and a maker/checker requirement at payment initiation. Features like ‘positive pay’ introduce an additional layer of review before payments are released.
In the event of a fraud attack, the banking partner should restrict access to banking applications in response to the attack and then attempt to recover lost funds.
Conclusion
The corporate payment fraud landscape is increasingly sophisticated, and organisations need to deploy a dedicated fraud program to proactively assess and implement appropriate fraud controls.
Moreover, employees continue to be an important part of a fraud program, and organisations need to ensure sufficient training is delivered to optimise employees’ capabilities in detecting fraud and limiting losses.