A Multidisciplinary Approach to Preventing Payment Fraud

The current crisis has destabilised the entire economy through the simultaneous occurrence of risks that were previously considered independent. It has made companies more vulnerable, particularly to the risk of payment fraud. An escalation in fraud and cybercrime activities has been observed in recent months, as cyber attackers have been able to make use of the weaknesses caused by the current health crisis.The current crisis has destabilised the entire economy through the simultaneous occurrence of risks that were previously considered independent. It has made companies more vulnerable, particularly to the risk of payment fraud. An escalation in fraud and cybercrime activities has been observed in recent months, as cyber attackers have been able to make use of the weaknesses caused by the current health crisis.

TYPOLOGY OF FRAUD

Social engineering fraud takes advantage of emergency situations and non-compliance with control processes. The success of a fraudulent urgent payment request by someone pretending to be an executive is often facilitated by stress and workload. At the same time, fraud linked to cyber technological attacks on the tools and systems put in place for remote work that may have a lower security level has also been on the rise. Finally, fraud related to internal threats is based on the lack of control over existing processes, giving fraudsters the opportunity to detect new flaws and overcome the controls in place (modification of files, etc.).

A COMMON APPROACH

Treasurers, along with heads of IT security and internal audit, are the guarantors of the security of the payment process. The proper implementation and updating of control systems is their only defence against fraudsters. The response strategy is a four-step approach.

  1. PREVENT
    Defining an appropriate leading entity is the first preventative action. Its role is to map the risks and define the control strategy. Priority should be given to a group composed of primary stakeholders (Treasury, Information Systems, Internal Audit and Accounting) to promote a better understanding of functional risks as well as those related to IT architecture and their interdependencies. Both definition of crosschecks and employees risk awareness are therefore facilitated. In addition, regular interactions with external partners (banks, IT solutions providers, Swift, etc.) provide up-to-date knowledge regarding risks and available solutions.

  2. PROTECT
    The combination of functional and IT controls constitutes the second step of the fraud response strategy. Indeed, 62% of frauds are identified thanks to companies’ internal control system. What are the key controls to cover risks across the end-to-end payment process?

    - Implementing operational controls and maintaining their efficiency are the main challenges for functional teams. Therefore, aligning roles with delegation of powers and access profiles, formalising the signature and authorisation process for sending payment files, or identifying backup solutions in case of attacks are priority actions

    - For IT teams, the challenge is to strengthen the control of payment processes by securing the network access, conducting regular audits of malware protection, and controlling the security of passwords.

  3. DETECT
    The monitoring of anomalies that may reveal a fraud must also be built in a cross-disciplinary way in order to maximise chances of identifying fraud and mitigating risks. The key indicators to watch out for are to be identified jointly by treasury, IT and internal audit. Teams must consider the nature of the quantitative and qualitative elements to be monitored: location of payments, review of internal rules, data modifications and, in general, elements related to the various fraud attempt scenarios identified.

  4. REACT
    Finally, in order to best manage proven fraud, companies must draw up a crisis management plan by identifying, for each fraud scenario, both the procedures to put in place and the key players to mobilise. This crisis management system will facilitate a smooth cooperation between treasury, IT, legal and communications departments.The resilience of companies relies on the good capacity for anticipating situations and the quality of communication between all departments involved in the payment process. These approaches have to be tested on a regular basis to be able to adapt to permanently changing environment.

Christelle Lecouturier, Partner, PwC

Articles


Photo from To be or Not to be in? That’s the Question for Cross-Border Payments with the UK

To be or Not to be in? That’s the Question for Cross-Border Payments with the UK

Since the UK has remained part of the Single Euro Payments Area (SEPA) scheme, some banks and corporates were not too worried about Brexit from a payments’ perspective - as the cheap and efficient handling of payments seemed guaranteed. However, some banks have seized the opportunity to increase fees for payments to and from the UK.

Read
Photo from EACT Award 2021: And the Winner is...

EACT Award 2021: And the Winner is...

We are delighted to announce Deutsche Bahn as the winner of the 2021 EACT Award for the company's impressive Digital Treasury project. We'd like thank all participants for their entries.

Read
Photo from Schuldschein: Helping SITA Rebuild the Airline Sector

Schuldschein: Helping SITA Rebuild the Airline Sector

When global air transport infrastructure provider SITA was seeking to extend its cash buffers, Germany’s Schuldschein market caught the eye of its Group Treasurer and Finance Director, Andrea Sottoriva. TMI talks to him about how issuing debt mid-pandemic has been a positive experience for all.

Read
Photo from Beat Deadline Drama by Tackling the LIBOR Transition Today

Beat Deadline Drama by Tackling the LIBOR Transition Today

The end date for LIBOR is just months away. For those treasurers who haven’t acted already, now is the time to identify LIBOR exposures, have a contingency plan for accidental oversights, and understand the different challenges presented by the new market risk-free rates.

Read
Photo from Crisis Coping Strategies

Crisis Coping Strategies

Treasurers are dealing with stress like never before, perhaps, but then they were always used to being put under pressure, surely, and should be able to cope fine with a bit of lockdown, right?

Read