The continued digitization of the financial services industry has led to a boon in electronic payments technology. Even as the transition to electronic receivables and payables improves efficiencies and reduces costs across financial institutions and corporates, the switch to automation and digitization increases the speed of funds movement and may increase the risk of payments fraud and cyberattacks if financial professionals don’t remain vigilant.
In fact, financial professionals and corporate treasurers identified this threat as the no. 1 challenge to their organization in 2017, according to a recent TD Bank survey of more than 350 financial professionals at the 2016 Association of Financial Professionals conference. Despite their warranted concern, not all corporate treasurers are making proactive steps to combat it, with just 31 percent of those respondents planning to invest in cyber and fraud security protections this year. This complacency is troublesome as the intensity and frequency of cyberattacks is rising as more companies bring their payment systems online.
Cyber criminals are growing increasingly clever and have a widening toolbox of tricks, from Phishing scams and electronic payments fraud, to “smart” device and computer hacking. Another rising threat is “social engineering”– a practice of posing as a trusted source to deceive people to give out sensitive information. For example, this could involve a perpetrator posing as a known vendor and saying they updated their banking systems and need the company to update their records to remit all future payments to a new bank/account controlled by the cyber criminal. Other times, this may involve someone posing as a CFO or corporate treasurer who sends an email to a member of the finance team directing them to either redirect an existing wire payment to a new account or to execute a one-time wire transfer related to a purported confidential transaction. Because these types of requests are commonplace for a large organization, it might not raise an immediate red flag and allows a perpetrator to steer funds into an illegitimate account without much alarm.
The costs of these attacks add up, and can range from hundreds to hundreds of thousands of dollars in losses. Check fraud losses, for instance, average $1,000-$2,000, according to American Banking Association numbers, while wire fraud losses average over $130,000, reports the FBI. Those amounts don’t even cover indirect costs to a company for investing in technology security, reimbursing affected parties or reputational costs in the event of a high-profile event.
Companies need to step up their defenses, and while there is no one, guaranteed solution, every player– financial institutions, payment/wire service firms and other companies – must do its part to help prevent and minimize cyberattacks.
Here are steps companies can take now to combat the threat of payments fraud and cyberattacks: