When it comes to fighting payments fraud, the corporate instinct tends to be to focus on employee training. Findings from the 2023 Treasury & Risk Payments Fraud Survey, co-sponsored by Trustpair and GIACT, reveal that the top approach by treasury teams to minimize fraud is to rely on more training for teams involved in initiating and approving payments (60%).
It remains a going concern. Respondents reported that over half (56%) had experienced one or more fraud attempts the previous year, with the most common attempts being perpetuated through changes in to supplier credentials and information (55%), followed by scams such as business email compromises (BEC), at 33%.
Taking a high-touch, human-centric approach might not be the best way to prevent these categories of fraud. In fact, treasury teams may get the most impact from a technology-driven approach in addressing the two most common obstacles to reducing risk: suppliers' continued use of paper checks (37%) and the increasing sophistication of business email compromise (BEC) and social engineering attacks (43%).
Moving From Paper to Digital Payments
By far the most common type of payment fraud occurs when using paper checks, with 50% of survey respondents experiencing this type of incident, whereas methods like wire transfers and ACH transfers are less often associated with fraud (33% and 10%, respectively).
Part of the problem could be misconceptions about security. "When you pay by check, you don't have to identify things like bank numbers, you just have put the name of the payee on it, so it might seem more secure," says Baptiste Collot, CEO of Trustpair.
Yet when using paper checks, companies tend to open themselves up more to the top type of fraud perpetration in the survey — changes to supplier credentials or other information on otherwise legitimate payments.
But even if a company wants to transition to digital payments, suppliers might be reluctant to change. "It's a problem of inertia," says Ramesh Menon, group director, product management, for digital identity and fraud at GIACT. "But we can do a better job as an industry of raising awareness of the risks."
Automating and Digitizing Verification
Companies also need to better address fraud risk, whether that's from paper checks or other payment methods. For example, treasury teams reported that human callback (70%) is the most common validation procedure for verifying supplier information changes.
"It's a huge paradox to see that companies are aware that fraud is getting more and more sophisticated and see this complexity as a major blocker in their fight against fraud, but still think they'll be able to stop fraud with manual methods like human callbacks," says Collot. "You can't fight cyber-attacks with a 'human only' policy"
While some might think training is a good solution here, "that means you're only as good as your newest, least-trained frontline employee," says Menon. "But automation can be constructed to be as good as your best employee. So that raises the standard and equips organizations to deal with fraud more rapidly."
Digital systems can automatically verify areas like whether names match account numbers and if phone numbers match the person purported to be on the call. That helps create a streamlined process, which can support strong supplier relationships.
Saving Time and Money
Ultimately, with manual-only controls "the cost is double, in terms of losing time and money" when fraud is missed, says Collot.
That's not to say that companies should solely rely on automated, digital controls, but these can help speed up verification and identify otherwise unseen risks.
"Technology should be used to enhance humans, not replace them," says Collot. "Software is one line of defense. Humans are one line of defense. You're always more secure having two lines of defense"
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.