COVID-19 isn’t the only pandemic hitting businesses hard. Simple fraud schemes such as business email compromise (BEC) are wreaking havoc on organizations.
More than 80% of organizations reported being targets of an attempted or actual payment fraud attack in the last year, according to the 2020 AFP Payments Fraud and Control Survey. BEC was the largest cause of these payments fraud attacks.
This trend will only continue to increase as working from home is becoming the new normal for many organizations, and most employees are not trained to spot scams. According to a 2019 data security survey commissioned by GetApp, only 27 percent of companies provide social engineering awareness training for their employees. As organizations navigate this new age in business, here are a few tips to help reduce B2B payments fraud risk.
Educating Employees on Common Payments Fraud Tactics
By and large, the greatest defense is education. The more organizations can communicate with employees and provide guidance to identify and safely flag issues, the better equipped they will be against fraud like BEC and other social engineering tactics.
Ahead of COVID-19, our security team provided additional communication to help alert our employees to creative phishing attacks and other ploys for sensitive data. Likewise, 80% of companies are investing in end-user training for BEC threats, according to AFP data, and 70% are developing company policies for providing appropriate verification of any changes to existing invoices, bank deposit information, and contact information.
Putting Preventive Technology in Play
The acceleration of simple fraud in B2B payments has also forced organizations to take a closer look at the security measures and fraud prevention technology solutions they have in place. For example, many companies are increasingly evaluating and implementing internal multi-factor authentication and endpoint detection to monitor and respond to insider threats quickly – even while working remotely.
Our organization is using the following to prevent payments fraud for our customers:
- Cognitive fraud prevention: We are leveraging artificial intelligence to support frictionless payments and provide high fraud detection rates. This reduces false positives, improves response time, and provides higher flexibility for fraud teams to adapt to ever-changing attacks.
- Improved app security development: Through increased static code scanning, vulnerability scanning, web application firewalls, expanded penetration testing, and standardization around our DevSecOps process, we are improving the security and compliance in our customer-facing web applications, thus reducing the exposure to fraud through more secure applications and business logic.
- Migrating to chip and pin cards: Magnetic stripe cards – many of which tie to fuel and gift cards – are easier to clone and compromise than chip and pin cards. Therefore, all our cards will become chip and pin rather than magnetic stripe.
Phishing for Answers
While we are all navigating these uncertain times, one thing is clear: payments fraud is constantly evolving and isn’t going anywhere. And although there isn’t a silver bullet to protect your organization from falling victim to bad actors, with continuous employee education and putting smart tools in place, you can significantly reduce threats.