In business life we tend to look at a major payments fraud incident as bypassing a fender-bender: a bit of rubber-necking, wondering how it happened; sighing at the stupidity of those involved, and then confidently reassuring ourselves “that a payment security breach would never happen to me”.
But it does happen, and it happens to a lot of us, many times every year. So much so, in fact, that it is almost impossible to quantify the volume of fraudulent payments activity that occurs each year. PrivacyRights.org estimates that nearly 900 million records containing sensitive information were breached worldwide between January 2005 and June 2014. Even more worrying they state that – “in reality, the number should be much larger.”
Time to adopt appropriate payment security measures
The Bangladesh Central Bank hack that targeted the SWIFT system severely damaged confidence in the international banking system earlier this year. The Bangladesh Central Bank hack showed that fraud can occur at the highest level – nobody is safe.
We all need to adopt what SWIFT terms “appropriate security measures” to prevent payment fraud. But what are “appropriate security measures”?
Here’s our top five:
1. Know Your Supplier
This seems like common sense, but it’s surprising how many corporates are buying from overseas suppliers who they know little of. How many of your suppliers do you know in person? Do you know where the supplier is based, and have you ever spoken to them? If you were to receive an email from a supplier advising that their bank details had changed, how would you verify whether that email is genuine? Make sure that you have a standardised process for gathering information on your suppliers – this can be as simple as making sure that the supplier business address, phone number and contact names are recorded when you start working together.
2. Look for secure encryption
If the services you use are easy for someone else to log-in to, you have a problem. Make sure that the services you use are actually secure. Do a payment security audit of your finance and procurement functions and look for common problems:
- Staff who have left but whose online banking privileges have not been revoked.
- Shared access (where several staff use the same password, PC or security fob to access a service).
- Third party services that do not have adequate security (system passwords never change, there is no two factor authentication, mandates are never reviewed).
It is important to educate your staff around the risk of fraud. If your staff is not fraud aware they will take risks. Simple mistakes like leaving security fobs on display, accessing banking services through public networks or opening unusual attachments can compromise the security of your payment data and open the door to a major fraud.
3. Phishing alerts
Phishing schemes can also severely compromise your payment security. These schemes attempt to gain personal or banking information (e.g. username, PIN) via fraudulent means such as through a pop-up, web page, call or email. Make your staff aware of these schemes and their potential risks, ensure they know they should never reply to a request for usernames, passwords or PINs. If you come across a phishing attempt, report it to your bank or financial service provider.
4. Suspicious email detection/avoidance
The biggest threat to banking systems and customer data is malware infection via email. IBM detected the GozNym malware which is currently wreaking havoc among financial institutions, and they make the following recommendation:
“Users looking to prevent malware infections on their endpoints must keep operating systems up to date at all times, update frequently used programs and delete applications they no longer use. Preventing Trojan infection includes disabling ads and avoiding susceptible sites typically used as infection hubs. Never clicking on links or attachments in unsolicited emails is also critically important.”
It is very difficult to detect and tackle malware once it hits your systems, so prevention is better than cure.
5. If it’s too good to be true . . .
Then it usually is. This age-old maxim to protect against con artists is as true and relevant today as it ever was. ‘Why is the product far cheaper than the market price?’, ‘Why is this offer so appealing?’, take your time when accepting unsolicited email invitations to view what seems to be interesting content. Trust your instincts, be cautious, and don’t be afraid to contact your bank or financial service provider if you feel suspicious about something.
Mounting cost of payment fraud
According to a recent Financial Fraud Action (FFA) report financial fraud losses across payment cards, remote banking and cheques totalled £755 million in 2015, an increase of 26% compared to 2014. Prevented fraud, however, totalled £1.76 billion in 2015.
Prevented fraud represents incidents that were detected and prevented by the banks and card companies and is equivalent to £7 in every £10 of attempted fraud being stopped. The information included in this report marks the first time that full year prevented fraud figures have been collected by the UK’s FFA.
Total attempted fraud in the UK payments industry in 2015? Over £2.5 billion, £755 million of which was successfully siphoned or defrauded meaning that almost one in every three fraud attempts is successful – those odds are not bad! In bookmaker terms the hackers are placing a stake at 10/3 – or the equivalent of the favourite in many races.
Growth in sophisticated deception scams
The FFA report also states that the increase across all payment fraud types (payment card, remote banking, and cheque) during 2015 “owes much to the growth of impersonation and deception scams, as well as sophisticated online attacks such as malware and data security breaches.”
Payment fraud is a serious, and growing, problem. Corporates need to redouble their efforts to improve customer and staff awareness of fraud types and threats. Controlling their exposure at the customer-engagement level will significantly reduce payment fraud losses.
Repeat ad nauseum: when it comes to dealing with payments fraud, prevention is better than cure.
Fexco Corporate Payments uses major partner banks to distribute global payments safely and securely. Our online solution uses secure encryption and system users have authorisation restrictions that keep their information and funds protected. For a more secure & efficient payments experience for your business, call us today (Ireland: 1800 246 800 UK: 0800 840 2887) or register online without an obligation to trade.