By Glen Foster, Managing Director, UK and Northern Europe, Libeo 

The impact of payment fraud 

Following the COVID-19 pandemic and the transition to digital payments, financial institutions are becoming one of the go-to targets for cyber-attacks, online fraud and scams – with Business Email Compromise (BEC) among one of the highest cited methods of attack according to a 2021 survey from JP Morgan. Over 71% of organisations were victims of payment fraud attacks, and online payment fraud in 2021 amounts to $20 Billion lost globally.

There are two common types of payment fraud. The first type involves direct victims and includes hacks, data theft, and identity fraud, with attacks commonly executed through supplier fraud, invoice fraud, and company director fraud. The second type deals with ‘faceless’ crimes with indirect victims such as banks and states, to the most common system of fraud, money laundering.

Most common victims

Accounting firms and financial institutions are two of the main targets for cybercriminals – as that’s where the money is –  negatively impacting their security, reputation, and revenues due to an attack. Breaches and payment fraud often occur when onboarding new customers, requesting to pay, invoicing, and through the initiation or execution of payments. Meanwhile, these organisations are also at risk of  “multi-vector attacks”.

Financial institutions must be careful during payment processing, with three main areas at risk of fraud. The first step is validating the source of the request, the second step involves validating the request, and the third step is validating transactions. Each of these steps has its own vulnerability when it comes to payment fraud, however, the second and third steps are prone to invoicing fraud since most criminals abuse the Authorised Push Payment (APP) function, prompting customers to pay in good faith.

A dedicated fraud team

As payment fraud continues to rise and criminals constantly evolve their strategies, organisations should consider creating a designated fraud team to tackle the threat. Financial Institutions need to focus on getting the right people in place to stay ahead of new tactics and scams. The fraud team can help the company to act proactively in lowering the risk of payment fraud, and ensure corporate processes and data are properly protected, not only from a technical perspective but also from a reputational one. However, due to resource constraints, SMEs may not be able to fully operate an in-house fraud team. To support payment fraud management, financial services businesses may consider outsourcing additional help, as a growing number of protection-as-a-service companies now exist to help companies obtain affordable protection.

Aside from building a dedicated fraud team, businesses should consider adopting anti-fraud mechanisms responsible for blocking or intercepting fraudulent requests during the process of validating payments. Through the right anti-fraud mechanisms and security solutions, businesses can use data to score transactions and flag payments that are potentially fraudulent.

While there are a growing array of digital and automated tools to provide such fraud detection, it is essential that an element of human intervention is present to properly assess and oversee processes to mitigate risks.

How digital accounting tools can help 

The days of cloud storage systems striving to keep pace with the security capabilities of on-premise storage are largely behind us, and dedicated cloud-based systems are now consistently secure. This is mainly because security and performance are fundamental to the operating models of cloud technology companies, so they don’t suffer from the mixed priorities organisations so often face when determining how much to invest in security.

To address any potential conflicts in terms of prioritisation of security, businesses can use digital accounting tools to better manage all invoices on one platform, allowing businesses to have better control and visibility of their payments, making it easier to track and spot fraud.

Additionally, risks of payment fraud may be significantly reduced within a cloud-based environment, providing high levels of protection. Old archives are more susceptible to leakage leaving customers, suppliers, and other stakeholders data at a greater risk.

Storing sensitive information regarding client and company payments on the cloud is strongly advised as the cloud is externalised, and the embedded security layer serves as protection against breaches. On most occasions, cloud-based systems have internal admin rights, which is beneficial for security of sensitive information, including customer bank details, credentials and invoices.

The future of fraud

With emerging technologies, including the Metaverse and the rise of Deepfake: Synthetic media that can be used to impersonate people, all industries should remain vigilant and ensure they have a robust approval policy in place to protect themselves against scammers, especially when authenticating payments. At the same time, this should be supported with best-in-class digital tools that can easily identify and eradicate the threat of cyber crime to the organisation.