Main Menu


Payments Resilience: Top Three Strategies to Eliminate Payments Fraud Risks

By Kyriba

Payments fraud continues to plague treasury and finance departments, as criminals’ methods are continuously evolving. From new threats like deepfake technology to old standbys like business email compromise (BEC), financial professionals cannot afford to be complacent when it comes to payments fraud risks.

Being proactive is imperative when it comes to fraud protection. Organizations need to deploy the most up-to-date payments fraud detection and prevention solutions to thwart fraudsters’ attempts. At KyribaLive 2023, Steven Otwell, Director of Payments, and several of Kyriba’s clients, discussed modern payments fraud and methods to stop these attacks before they happen.

The Complexities of Payments Fraud

In an era dominated by digital transactions, payment fraud has become an ever-growing concern for businesses. The increased reliance on electronic payment systems and the sophistication of cybercriminals has created the perfect storm for fraud.

Lee-Ann Perkins, Assistant Treasurer of Specialized Bicycle Components, highlighted the elevated complexity of fraud attempts in today’s landscapes. “Fraud has become so elevated in complexity,” she said. “The only thing we can do is elevate our vigilance, our solutions and our processes and policies,” she noted.

Checks and Wire Are Both at Risk

In today’s landscape, checks are considered an old payment method. But, Perkins noted that they’re still being used to commit payments fraud.

“[Checks] are an incredibly good way to commit fraud because, who’s really thinking about checks as much as we’re concerning ourselves with deepfakes and the new electronic fraud that’s coming our way?” she said. Checks have become an unexpected gateway into cyber and cryptocurrency accounts with fraudsters stealing checks from post boxes and using the information to create fraudulent accounts.

Checks aren’t the only method used to commit payments fraud. Stephanie Osipov, Treasury Manager at Tetra Tech, highlighted that Business Email Compromise (BEC) remains a prevalent threat, specifically with regard to her organization’s vendors. Both she and Otwell also mentioned that wire fraud attempts are escalating. “According to a recent AFP survey, it is the number one fraud in the marketplace.”

According to Osipov, her organization sends out about 100 international wires daily to 50 to 100 countries. The high volume increases the likelihood of wire fraud attempts.

Anil Surujbali, Treasury Team Manager for Clarion Partners, stressed the inherent difficulty that the volume of transactions presents, especially in the real estate industry. With numerous bank accounts and transactions, the sector becomes a prime target for payment fraud attempts. “We do a ton of transactions in checks and ACH, so we’ve seen it all in terms of fraud attempts,” he commented. “Checks tend to be high volume, low value while your wires are more on the high side,” he said.

Critical Steps in Combating Payments Fraud

When an organization falls victim to payments fraud, it is imperative to take timely action. “Time is always the most valuable asset you have in any fraud attempt,” Perkins stated. But, time isn’t always on your side.

As the panelists mentioned, recourse options are dependent upon the payment type. “Wires are final,” Surujbali said. According to Surujbali, wires are the focus for many organized fraudsters, who use BEC and malware or ransomware. In terms of ACH and checks, there is a callback time that grants you more time to fight the fraudulent activity. However, it depends entirely on your relationships with the banks and how promptly you contact their fraud department to begin the process, Surujbali said.

Additional critical steps in combating payments fraud include implementing effective policies, procedures and training. Otwell emphasized the importance of having the right processes in place to mitigate fraud. Perkins concurred, indicating elevating vigilance, solutions and processes and policies is imperative for organizations’ abilities to combat fraud attempts.

Osipov also indicated that, because of the volume of BEC fraud attempts in her organization, having the right policies and procedures in place is vital, as is training and holding teams accountable. “We have added a section specifically on fraud,” she said. “The reason why we did this is not only to mitigate risk, but it is also to hold the teams accountable. When they’re responsible, they’re more cautious of what they approve,” she said.

Surujbali agreed, indicating that his organization has numerous fraud policies in place. In fact, they have a wire, vendor setup and call back policies to address potential gaps in their fraud prevention and detection.

The Role of IC3 and Fraud Reporting

Fraud is inevitable, but it doesn’t have to have devastating impacts on organizations. One key element to fighting fraudulent activity is, according to the panelists, using resources such as the Internet Crime Complaint Center (IC3) and reporting fraudulent activity promptly.

“You have to know the website,” Perkins said. After you’ve spoken to your banks, “you need to report [fraud],” she said. Through prompt reporting, IC3 can help stop fraudulent international wires.

Osipov recalled numerous fraud attempts and her own dealings with IC3 and the FBI. “One [fraud attempt] has been successful,” she said. “But we have been working with IC3 and the FBI, as well as our bank and our insurance companies to try to retrieve as much of that money as we can,” she said.

Compliance and Sanction Screening

Compliance and sanction screening is also a vital part of preventing and fighting fraud. Perkins mentioned that her organization delegates sanction screening to the legal department, ensuring compliance with global regulations.

Osipov, on the other hand, said that they rely on the banks to handle sanction screening. “Our bank is very, very helpful with [sanction screening],” she said. While Surujbali uses a combination of working with the legal department, as well as working with their banking partners. “Our legal team does a sanction screening like a full watch list,” he said, indicating that this is solely on the investor side of the organization. In terms of vendors, “the banks are responsible for checking that,” he said.

Embracing Technological Advances

Osipov believes that, as technology changes and advances, fraudsters will become more tech savvy. This makes it essential for treasury professionals to stay informed and remain prepared in their efforts to fight fraud. Surujbali also agreed that treasury and finance teams should know the technology and acquire a greater understanding of what is coming next.

One of the best ways to fight fraud, according to the panelists, is embracing advancements in technological fraud detection and prevention solutions, especially for fighting more advanced threats, like deepfake scams. “The more complex the vulnerabilities, the more we need automation,” Perkins said.

Watch the on-demand session to learn more about effective strategies against payments fraud.