PAYMENT FRAUD US$10.5trn
The expected cost of global cybercrime by 2025
Source: Cybersecurity Ventures
HR and the CEO’s office – involved in the transfer of funds have a dedicated organisational risk assessment, with a clear segregation of duties. This can then be taken one step further and used to create a comprehensive risk matrix that incorporates every part of the business. This should also be reviewed and refreshed regularly.
and then to look into any gaps that might be left. Corporates should highlight any geographical or divisional differences and any issues these might cause.” The audit can then help to inform the
overarching fraud prevention strategy. For example, this can include implementing measures such as the six- or eight- eye principle, where – in addition to an established two-approver standard – a third or even fourth individual has to approve a payment instruction (depending on the underlying amount and fraud risk). Another measure is the call-back principle, where changes to the account are verified with an alternative contact person at the supplier via a phone call.
At Xylem – a large American water technology provider – the treasury team has implemented a robust set of processes to prevent fraud. “We see a range of different types of payment fraud attempts – from basic phishing emails to more sophisticated attempts, such as man-in-the-middle,” says Aaron Johnston, Senior Manager, Treasury, Xylem. “We have incorporated a number of steps to prevent fraud, including a standard protocol for when any bank account change request comes through via email. The first step is to call the number that is logged in our system. If a phone number is not available through the system, then we will ask for confirmation of the last two payments made, the bank account number and details of their internal contact. We then check these details against our system to confirm that it is a legitimate change.”
Implement a robust structure Apart from robust processes it is also important that the organisational structures are fit for purpose. All departments – from the account payables team, finance and treasury, to the account receivables team,
Visit us at
flow.db.com
Leverage technology Real-time pre-validation measures, such as the SWIFT Beneficiary Account Validation (BAV) service, which was launched by a group of banks including Deutsche Bank in late 2021, can provide yet another line of defence. This preventative solution ensures payments are being sent to the intended beneficiary using the correct account details, by validating the information via SWIFT. “The benefits of SWIFT BAV will be significant,” said Marc Recker, Global Head of Product, Institutional Cash Management, at Deutsche Bank. “It will play an important role in the new age of fraud prevention, as it automatically verifies that payments are going to the right people and the right accounts in real time.” For instance, when a treasury operative receives an invoice, they can first run the payee details through the SWIFT BAV service. The system will then recognise whether the beneficiary details match those of the intended recipient or not – alerting the company to a likely fraud attempt. Moreover, the service could ease the onboarding on suppliers, adds Jose-M Buey, Global Head of Core Platforms and Accounts Solutions, Deutsche Bank: “The old process had our clients manually calling and checking each payment detail with each supplier. With SWIFT BAV, this process could be automated, and all supplier account names and numbers could be verified in real time.” However, in order for the service to deliver its true benefit, more banks need to join the network. To spot fraud attempts before it is too late, corporates can also carry out comprehensive risk assessments to look for outliers in payment flows. This is difficult because this contextual information often lies within several different data sets and systems across corporates and their providers. What’s more, corporates often have several different banking partners – each involved with a set of payments. Without having access to the complete
We have
incorporated a number of steps to prevent fraud
Aaron Johnston, Senior Manager, Treasury, Xylem
picture of payments, it is difficult to detect any fraudulent behaviour and easier for fraudsters to exploit the gaps. One of the keys to solving this challenge is close collaboration between banks, corporates and technology vendors. By working together, these partners can look further upstream into the internal infrastructures of corporates, and share the payment information necessary to spot, and react to, fraudulent activity. For instance, fraud prevention specialist TIS, together with Deutsche Bank, offers a solution that screens outgoing payments in real time by cross-checking them against a pool of historical payment data from a broad community of corporate participants, before assigning the beneficiary an overall trust score. This score is based on factors such as the number of times the payee has been paid, how much it has been paid and when it was last paid. Depending on the score, an alert management system is triggered to review the suspicious payment prior to execution. It is important for corporates to foster
awareness, audit their processes and organisational structure, and implement the necessary technologies to prevent fraud. And this is something that should be assessed regularly to ensure best practice. The fraud landscape is certainly evolving – but so too is the response. “By working together,” concludes Deutsche Bank’s Hauser, “the industry will be far better prepared to combat payment fraud in a holistic way, helping stay one step ahead of the fraudsters.”
Deutsche Bank flow app For more insights on digital payments
and fraud, download the flow app. Available on iOS and Android.
27
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82 |
Page 83 |
Page 84 |
Page 85 |
Page 86 |
Page 87 |
Page 88 |
Page 89 |
Page 90 |
Page 91 |
Page 92
