In the 2016 AFP Payments Fraud and Control Survey, 48 percent of surveyed Corporations declared to have had Wire transfer fraud or fraud attempts in 2015, skyrocketing from only 27 percent in 2014.
Additional reading: The Business Case for a Payment Hub: Centralizing Corporate Payments to Improve Efficiency and Reduce Fraud
It is also amazing to see that 49 percent say that these successful fraud attempts or reported fraud attempts could be above 50 thousand dollars (USD) and up to two million dollars. In fact, the Kyriba / ACT 2016 Annual Survey found the “[r]isk of fraud is growing (along with potential financial & reputational loss), with 2016 revealing a 20% increase from the previous year in the number of companies having been the target of attempted fraud. The largest actual loss reported was $2.5m from a single incidence.”
Beyond these financial risks, the reputational risk became concrete with a few articles in the press regarding famous public companies. The frauds which were revealed in 2015 ranged from one million dollars (USD) to more than 17 million dollars.
Despite these very high numbers, many corporations today report that they have more than 10 payment initiation systems and no central visibility on payment processes, payment initiators and signatories. The lack of centralization and transparency significantly increases the opportunity for fraud and cybercrime.
In order to help you evaluate your risk, we have put in place these five questions:
1) How many payment initiation systems do you have at a corporate level?
The ideal scenario is to have one centrally controlled initiation system or to cover at least 98 percent of your payments with one initiation system or payment hub.
2) Are payment workflows consistent in every department for domestic and international payments?
In a large corporation, regardless of payment bank, entity initiating payment, or country of initiation or receipt, the workflows and matrix of approvals must be standardized to minimize fraud.
3) Are payment workflows centrally managed and controlled?
Disaggregated systems or payment procedures create opportunities for fraud due to lack of visibility. Even if people are decentralized, visibility and control of payments should be centralized through a global set of payment initiators, approvers, and signatories.
4) Can you report and certify your reports about approvers?
Implementing standardized and centralized payment procedures is important, but so is documenting payment controls. Audit trails, dashboard ‘control centers’, and defined reconciliation procedures are critical to prove that fraud prevention techniques are employed but also that fraud detection features are utilized.
5) Is treasury linked to your payments systems?
Treasury requires visibility into outgoing payments to optimize deployment of cash and liquidity. Further, without transparency on all outgoing payments, treasury is unable to reconcile authorized payments with payment confirmations – a key fraud detection best practice.
Payment fraud is unfortunately becoming more of a probability than a possibility. Spear phishing and impostor fraud schemes are increasing in sophistication, targeting exposure points such as disparate systems and lack of centralization. Integrating payment policy with payment technology will reduce the risk of fraud, which is starting to translate to quantifiable financial value.