Ten Best Practices
for Combatting
Payments Fraud
1. Understand your vulnerabil-
ities.
With so many types of
payments fraud, it’s impossible
to do a good job of combatting
them without understanding
what they are. Examples include
external threats such as hacking
of treasury systems by third par-
ties, as well as a raft of internal
threats. The latter include fraud-
ulent payments sent by employ-
ees to a company’s bank, either
willfully or as an unknowing
consequence of a spear-phishing
attack; and fraudulent purchase
orders and invoices created by
employees that are then paid
out to related third parties.
2. Erect roadblocks to unautho-
rized access to corporate infor-
mation systems.
Deploy robust
login and user authentication
procedures, including dual-fac-
tor and in some cases multi-
factor authentication.
3. Move finance data to the
cloud.
While data security has
long been cited as a reason for
not moving data to the cloud,
the growing consensus today is
that cloud providers, for whom
security is a core competency,
offer greater, not weaker, secu-
rity systems and protocols than
most companies can deliver on
their own. Because a significant
percentage of payments fraud
originates internally, moving cor-
porate finance data to the cloud
can reduce the opportunity for it
to occur.
4. Boost control over global
bank accounts.
Maintaining
a handle on bank accounts
becomes more difficult as
companies grow and expand
globally, but it’s a task that can’t
be ignored. Companies need to
make sure they have systems
that can provide transparency
into accounts, authorized sign-
ers and account documentation;
track all bank activity; and effi-
ciently reconcile accounts with
banking partners.
5. Make use of digital
signatures.
All commerce and
banking today is electronic at
some point in the payments
cycle. Digital signatures,
which can help authenticate
transmitted payment files, can
minimize opportunities for
payments fraud.
6. Centralize payments activity
in a single system.
Coupled
with multiple, standardized
and electronic approvals, an
integrated payments system
allows for a complete and
detailed electronic paper trail
for all payments, minimizing
opportunities for fraud.
7. Standardize settlement
instructions for financial trades.
For any kind of investment
transaction, including foreign
exchange and derivatives trans-
actions, embedding standard-
ized settlement instructions
in corporate financial systems
can not only improve efficiency
but also help block any redirec-
tion of funds to unauthorized
accounts.
8. Educate employees.
Even the
best anti-fraud program will spot
fraud only after it’s occurred.
That’s still extraordinarily
valuable, especially when the
system is able to spot the fraud
quickly. But one of the best ways
to prevent payments fraud is
to educate employees about
the various types of fraudulent
schemes they may encounter, so
that they can avoid being duped
by them and prevent fraud from
occurring in the first place.
9. Update and test your
fraud-detection capabilities.
Corporations should review their
payments-fraud detection/mon-
itoring systems and protocols
to make sure they’re working.
Some companies may have the
resources to do this internally,
but many will find it makes sense
to engage a third-party expert
to both create defense systems
and to test them regularly.
10. Regularly participate in
opportunities to share with
and learn from other orga-
nizations.
Few “industries”
adapt and evolve faster than
the payments-fraud industry. A
company can no more allow its
fraud detection and prevention
program to remain static than
it could allow its products or
services to remain unchanged.
Companies should make sure the
finance function, and any others
that touch on the payments pro-
cess, participate in conferences
and workshops where they can
share with and learn from other
organizations combatting the
same challenges.
5
I
FIVE KEY CFO CHALLENGES FOR ADDRESSING PAYMENTS FRAUD