Main Menu


A Culture of Preventing Payment Fraud: It’s Everyone’s Responsibility

By Steven Otwell
Director of Payments

It seems like every day there is a new fraud headline.  As a result, companies are learning that preventing payment fraud needs to be a responsibility of all employees in the organization.  To keep fraudsters at bay, an organization needs to focus on educating its staff through training, standardized controls and IT policies on top of a strong payment fraud prevention solution.

The Prevalence of Payment Fraud

According to the 2021 AFP Fraud and Control Study, overall, 74% of companies have experienced fraud or an attempted fraud.  Your organization needs to be prepared and Treasury activities need to support identifying and preventing fraud.   Recently, I had a conversation with a Treasurer who said, “if it’s (fraud) not on your mind in Treasury, you’ve already lost”.  He went on to talk about how much more difficult it is to manage fraud when you have a decentralized Treasury team.

Best in class fraud prevention is about having a strong overall ecosystem, culture and technology – the fabric of an organization.  Fraud prevention must be top of mind for everyone in the company.  Specific training should be included in introductory orientation as well as ongoing training and annual awareness campaigns.  Individuals need to be able to identify potential phishing and Business Email Compromise (BEC) campaigns to ensure they don’t become victims.  It only takes one person to make a poor judgement call to allow access into a company’s system.  It’s also important to consider cultural differences for offices in other parts of the world.  Fraudsters are taking advantage of the cultural norms.  In some Asian countries it’s natural to defer to individuals with seniority. For example, receiving a message from the CFO to make a payment wouldn’t normally be questioned.  Make sure that all individuals have a way to share, escalate and/or stop a transaction when there could be potential problems.

The Importance of Procedures and Controls

With BEC, fraudsters assume that using the name and email of senior members of the management team, such as the CEO or CFO, will cause employees lower in the organizational hierarchy to do as instructed without question.  To combat this, it is imperative that the procedures set up require strict adherence, and that senior management provides an environment where less senior members of the team are comfortable asking whether a payment is legitimate. If multiple ERP systems exist, ensure that consistent approval processes are in place across all systems. For smaller regional offices, set up procedures and approvals to ensure that separation of duties is in place and that you have visibility to the activities in remote offices.  Some fraudsters like to target attacks on regional offices in hopes of bypassing some of the more stringent processes that are in place at headquarters.

Having an IT focus on fraud prevention and policies that support these efforts is also essential.  IT should ensure that employees are password protected and that their passwords aren’t easily guessed.  They should maintain strong firewalls and keep current on technology to identify potential hacker activity.  In addition, it is helpful to randomly test employees with phishing emails to assist employees in recognizing fraudulent emails.

The Role of Technology in Preventing Payment Fraud

Technology solutions to identify fraud are a critical component of fraud prevention. Solutions should include rules-based fraud detection that identify multiple scenarios, for example situations where a vendor bank account number has changed. These transactions should be flagged and sent for validation. An individual should call the company using a phone number that is listed in the system of record. Or, the transaction should be sent for account verification allowing for confirmation that the bank account is owned by the organization that is to be paid, and not some fraudulent entity. Account verification is a new tool that is being added to rules engines. It allows you to increase your confidence that the account is owned by the entity with which you have a relationship without having the time consuming process of having to reach out to the entity directly to verify. The verification is quick and doesn’t slow down legitimate payments. Your fraud technology solution should also identify other fraud situations that you and a community of your peers have experienced or considered.

Machine learning to identify payment anomalies based on transaction history is also critical. It allows for patterns to be identified in the immense amounts of transactional data that your organization has accumulated and then to match that in real-time to your specific transactions to identify potential fraud. This added layer of protection looks for behaviors that may not be identified by the human eye – timing of invoice receipt or change in the frequency of payment requests. The system continually adapts based on the information that it is tracking and provides suggestions when it identifies potentially fraudulent behavior.

Payment Fraud Prevention Needs Everybody’s Commitment

Fraudsters continue to attack since they only need to find that one weak link on one day with a single person in your organization.  It’s up to you to make sure that the individuals in your company are prepared for the attack.  Ensure that you have a training program that helps your employees identify potential fraud attempts.  Define, monitor and enforce policies that support segregation of duties and consistent processes throughout the organization.  Confirm that your IT department is staying on top of technology that identifies and prevents hackers and supports best practices when establishing policies across the organization. Last, but certainly not least, make sure that you are utilizing best in class technology to identify potentially fraudulent payments to stop those payments from going out your door. Some treasury solution providers use the terminology fraud detection tools to refer to having sanction screening or workflow tools in place while others notify you of a fraudulent item after the transaction is sent to the bank.  A best in class technology solution combines workflow tools and approvals in addition to a robust rules engine and machine learning to identify potentially fraudulent transactions in real-time. Giving you an opportunity to stop any transaction before it leaves your organization.

Preventing payment fraud is something that everyone in your organization needs to commit to in order to prevent fraudsters from being successful. Kyriba is here to support your organization with its cloud-based payments and fraud prevention solutions. Contact us today to learn more.

Some other questions you might find useful about preventing payment fraud: 

Q: What is payment fraud prevention?
A: Payment fraud prevention involves measures taken to protect financial transactions from fraudulent activities. This includes real-time fraud detection, AI-based fraud detection, and secure payment workflows.

Q: How does real-time fraud detection work?
A: Real-time fraud detection involves monitoring transactions as they occur to identify and stop suspicious activities immediately. This proactive approach helps in preventing fraudulent transactions from being processed.

Q: What is the role of AI in payment fraud prevention and detection?
A: AI and machine learning can analyze large volumes of transaction data to identify patterns and anomalies that may indicate fraudulent activity. This allows for more accurate and efficient detection of potential fraud.

Q: How can payment workflows be secured against fraud?
A: Payment workflows can be secured through measures such as automated fraud alerts, sanctions list screening, and bank account ownership verification. These measures ensure that transactions are legitimate and comply with established policies.

Q: How do APIs enhance fraud prevention?
A: APIs can provide real-time access to third-party banking data, which can be used to verify transactions and prevent fraud. They also allow for faster delivery of instructions and improved performance of bank payments status reports.

Q: What are automated fraud alerts, sanctions list screening, and bank account ownership verification?
A: These are features that enhance the security of payment workflows. Automated fraud alerts notify the appropriate management of potential fraud, sanctions list screening checks transactions against known fraudulent entities, and bank account ownership verification ensures that payments are being made to legitimate accounts.

Q: How can I implement these payment fraud prevention strategies?
A: Implementing these strategies typically involves integrating the appropriate technologies into your payment workflows and ensuring that your team is trained to respond to potential fraud alerts. It’s also important to regularly review and update your payment fraud prevention measures as new threats emerge.