Cybercriminals and fraudsters are taking advantage of the COVID-19 pandemic to attempt increasingly sophisticated phishing attacks, payment frauds and scams. In late March, IT security company Barracuda Networks reported a 667 percent increase in phishing emails in less than a month.
Sadly, cybercriminals and fraudsters are preying on the general environment of fear and uncertainty to distribute malware, steal credentials, and trick people and organizations into parting with their money. With a large proportion of the workforce now based at home, people are vulnerable to distractions, especially if they are trying to juggle work with home-schooling their children. Criminals also see opportunities to exploit disruptions in workflow and processes as people switch to remote working.
This surge in cyberattacks, combined with the other operational pressures posed by COVID-19, underlines the critical importance of payment security for organizations. In a recent webinar, Kyriba examined the key issues at stake and explored best practices for making secure and efficient payments – during the pandemic and further down the line.
Fraud presents itself in a number of different forms. Particularly common are phishing activities – where cybercriminals use emails and text messages to try to pass themselves off as trusted individuals or entities with the aim of stealing sensitive information such as usernames, passwords and financial data. For example, they may pose as the CEO or CFO of an organization to convince the recipient of their communications to remit or redirect funds. “Typically, they use urgency or fear in their messaging,” said Sarah Vidmar, director in risk advisory with Clearsulting, a management consultancy specializing in finance effectiveness.
Cybercriminals are also targeting employees who are working on their own laptops or cell phones to perform their work, or who are accessing personal or unsecured networks while working remotely. Where devices and networks are out of an organization’s control, it is impossible for IT teams to ensure that they meet baseline security standards.
Payment fraud has historically been a focus area for criminals. According to the 2020 AFP Payments Fraud and Control Survey, 81 percent of organizations were targeted for an attempted or actual payment fraud attack in 2019. For example, a global financial services firm lost $18 million in payment fraud in less than a week last year – after it fell victim to a phishing scheme. In another case, a tech firm released a $1.2 million wire payment after it was fooled by a ‘deepfake’ impersonation of its CFO. Payment fraud will undoubtedly accelerate further as a result of COVID-19, which is why organizations should be alert and willing to share information and best practices.
You need to be aware of where the exposures are, and where the risk is. If you don’t have that awareness, you can get blindsided pretty quickly.
To defend their organization against payment fraud, finance and treasury teams should pursue three main strategies:
Finance and treasury teams can apply three fundamental information security best practices when countering payment fraud. These are:
Alongside information security best practices, three particular workflow controls are crucial to enforcing payment security. These are:
Even where strong workflow controls are in place, payment screening plays an important role as a final line of defense against fraud. It also helps to ensure that the organization is complying with its own internal policies. The three main areas where it is useful to apply payment screening are:
Today, many organizations are experiencing considerable pressure on their cashflow and liquidity due to the COVID-19 crisis. At the same time, their perceived resources make them very attractive targets to cybercriminals looking to commit payment fraud and COVID-19 potentially presents fraudsters with a “significant, seven-figure payday”.
Organizations do not want to lose large sums of money right now. So, it is more important than ever that they invest in improving their payment security. Not only will this help them to withstand the current pandemic, it will bolster their resilience so that they can successfully navigate further crises in the future.
To learn how the payments landscape is changing, why payment and statement hubs add value, and the different types of benefits that can be realized watch the recording of our recent webinar, “Driving Payments Security and Efficiency during COVID-19.”
Transform how you use liquidity as a dynamic vehicle for growth and value creationFind out how