As the number of connected devices continues to rise, cybersecurity threats are becoming more sophisticated and have turned payment fraud into a global issue. From phishing emails to keylogging viruses to ZeuS malware, the threat of cybersecurity attacks has spanned across all industries and companies of all sizes, including retail, healthcare, manufacturing, financial institutions, and more.
The Association for Financial Professionals (AFP) publishes a Payments Fraud and Control Survey each year. In 2015, the AFP reported that 73% of companies were targets of payment fraud, an increase of 11 percent from the prior year. According to the AFP survey, 71% of companies who were targets of payment fraud stated that checks were the main source.
As we move more toward electronic payments, checks still remain the most common targeted method of fraud followed by wire transfer payments (48%). The AFP also reported that 64% of companies stated that they were exposed to business email compromise, which resulted in an increase of payment fraud.
It’s clear that now, more than ever, companies need to have a plan of action in place to mitigate their risk of fraud. Education and training programs are key in mitigating that risk.
The loss of monetary funds can be detrimental; however, 51% of financial professionals from companies who have been victims of breaches stated that reputational damage is of greater impact. It’s important to have financial institution-provided fraud protection solutions in place as well as a sound cybersecurity plan. The cybersecurity plan should include staff education, access controls, authentication procedures, system approvals, and detection practices.
The Association of Fraud Examiners (ACFE) and The Federal Communications Commission (FCC) offer training resources including videos, tutorials and fraud prevention checklists to educate the public on cybersecurity. Resources such as www.onguardonline.gov are available on First Business Bank's website as well (www.firstbusiness.bank).
Over the years, financial institutions have seen an increase in companies who have fallen victim to actual or attempted fraud, which has created much scrutiny in the industry on how to effectively combat this increasing problem.
We emphasize the importance of dual authorization for all payment files, segregation of duties, as well as setting up the appropriate alerts. Dual authorization and segregation of duties require multiple people involved to complete a task. This mitigates the risk of fraud as well as minimizes errors.
It’s unfortunate that fraud is becoming a common occurrence not only locally but globally.
It’s not a matter of if anymore, but a matter of when.
It’s important to review your fraud health to determine where you have gaps and what you can do to improve your controls. Fraud doesn’t need to happen to your company. You must be proactive about cybersecurity and talk to your trusted treasury management professional about the steps you should take to protect your company.
Questions to Consider:
- Does your company have adequate controls in place to prevent fraud?
- Are employees regularly educated on the latest trends in cybersecurity threats?
- Does your company test its fraud health? How often?
- Does your company have the appropriate financial institution-provided fraud protection solutions in place?
- Does your company have a cybersecurity policy in place? When was the last time you reviewed your insurance coverage?