PwC’s Global Economic Crime and Fraud Survey 2022 reveals that 46% of organisations have experienced fraud, corruption, or other economic crimes in the last 24 months. Ryan Mer, CEO of Know Your Payee (KYP) platform provider eftsure Africa, gives a rundown of what to look out for.
Fraud protection is no longer optional
It’s hard to believe today, but just a few years ago, even large organisations didn’t have payment fraud protection in place. One of our clients (a listed company) had an ongoing issue with payment fraud totalling over R3 million in losses in the year prior to adopting eftsure. They haven’t lost a cent to payment fraud since.
It’s easier to hack people than to hack machines
Business email compromise (BEC) is a massive problem, even with protection in place. As threat protection becomes more sophisticated, fraudsters are targeting people to circumvent these digital security measures. There are numerous examples of bad actors manipulating various levels of staff. It may be tempting to believe only gullible individuals fall for scams, but criminals are often professional, persuasive, and well-trained in using human weakness – as well as individual and company information – to their advantage.
Here’s a likely scenario: a client writes an online review of your company. A fraudster sees this and now knows this person or company is your client and that you would expect emails from them. They create a similar-looking fake email address, paste the client’s logo in their email, attach a malicious document, and send it to your company asking for clarification on the “attached invoice”. It only takes one person on your team to open that attachment without double checking the sender’s details, and your company is compromised. This happens so easily when financial teams are under tremendous time pressure.
Manual processes are dangerous
The surprising result of increased digital fraud and BEC is that many companies opt to solve this problem by introducing more manual processes. They’re adding another person as a point of contact or another manager to oversee crucial checks. The problem is that this is still a manual process, reliant on a person who can be manipulated, whether unwittingly or not. It’s a case of rearranging the deck chairs on the Titanic. Digital threats must instead be fought with digital solutions.
Another common mistake is to automate some processes but keep certain steps in those processes manual. And “manual” doesn’t necessarily mean physical documents – it can involve adding extra steps to a process that could easily be automated. Onboarding new suppliers or clients is a great example: many businesses have a platform for this, but then request certain documents via email. That’s an invitation for an interception, impersonation, or malicious attachment. Alternatively, they’ll take data from the platform and manually perform processes and procedures on it, adding in a human element and the potential for mistakes. That’s not only counter-productive from a security perspective, but also from a business perspective.
Don’t just upgrade; integrate!
The next step is to not only automate, but to integrate. Though our solution can be used as a standalone system, we’re seeing more clients integrating it into their existing systems.
A Software as a Service (SaaS) provider like eftsure can help enhance processes and limit payment fraud risks by providing an integrated onboarding, verified master data management, and payment screening solution that cross-references the payments an organisation is about to release with a database of verified bank account details. This can be integrated into anything from ERP and accounting systems to sales and customer relationship management systems. The platform alerts you to any potentially compromised payment details at point of payment, allowing you to deal with the problem before the flow of funds has occurred.