Is there an effective solution for businesses to protect themselves from digital payment frauds?

Background

Digital frauds and cyber-attacks have become a serious concern for businesses of all sizes across regions. As much as pandemic has propelled the journey towards digitisation, it also has witnessed a manifold increase in number and variety of digital frauds. It seems that efforts to combat fraud are met with an equal and opposite response in the creativity and adaptation of the attackers. Digital payment solutions are constantly evolving and aligning with business’ demands. However, the shift to digital and mobile payment platforms has accelerated vulnerability of businesses to frauds and their data security. It is reported that 75% of organizations were targets of either attempted or successful fraud attacks (Payments Fraud and Control Survey, 2021), with frauds from business email compromise (BEC) being the primary reason. BEC fraud includes requesting changes to bank account details of customers and suppliers, changes to payment instructions with fraudsters impersonating as suppliers or customers, particularly attaching Account Payables units of businesses.

Recent experience of a small business on the end of a fraud:

A classic case of identity theft was experienced by a small business specialised in building and construction in the Midlands, UK. An anonymous person had fraudulently obtained the name, address, and bank account details of CEO of the company without his knowledge and started purchasing various items on the internet. This not only caused financial loss but enormous stress to the managers of the business. What ensued was a prolonged process of back-and-forth with their bank in Scotland leading to creation of a new bank account This resulted in hundreds of lost payment details of suppliers and repeat customers, communicating new details with all of them, and decline in trust on the business by all the stakeholders.

Identity theft is just one type of fraud, but businesses are commonly susceptible to mandate frauds in which criminals claim to be a supplier or a customer, and request changes to their details with the businesses. This is part of BEC fraud either perpetrated by insiders or fraudsters not related to company business. One may think that businesses are naïve to fall for this type of fraud, but the modus operandi of these criminals, their expertise in impersonation results in creating fake e-mails and invoices. This results in businesses changing the payment account and personal details of suppliers and customers stored by them.

A growing concern.

Digital frauds from manipulating, stealing the data from the businesses has become a frequent issue. The outcomes of these frauds are not trivial for businesses of all sizes: NHS loses £1.2 billion a year to various type of frauds involving payments, such as mandate fraud (NHS Foundation Trust, 2022). These losses persist despite putting in place various counter fraud and security measures by organisations.

These type of frauds not only affect large corporations and public services but SMEs are also particularly vulnerable. They lack the resources to invest in proper data protection and internal controls. Many businesses are simply unaware of the payment related risks with their standard processes they have been following for years on the back of their traditional banking arrangements and are also unaware of the options they have to reduce the risks in processing payments.

Businesses have emerging options to protect their payments to help them on data compliance, to reduce frauds, and to confirm their payment beneficiaries.

Businesses need to reduce the amount of data being captured from their suppliers and customers to avoid issues with data protection measures, and to reduce the complexity in data compliance. Businesses can still be able to make payments with minimal details and significantly save on operational effort and reduce operational risks. This not only helps them to make payments with limited details of payees, but also gives an opportunity to let their customers and suppliers to manage their payment data and claim their payments anywhere in the world with the option of getting paid into bank accounts or to wallets.

Biometric authentication has emerged as a reliable and secure option for digital payments to confirm the payees and payers. Verification of customers with multi-factor authentication (MFA) combining biometric based verification, makes it extremely difficult for hackers to compromise an account or to make or claim payments fraudulently.

Since banks have been chosen as go-to service providers for their payments, Business Treasuries and Operations teams are denying themselves of alternative payment methods – which help them make payments efficiently with minimal data, at low cost, faster, and with richer data for reconciliation. These alternate payment methods offered by non-bank payment services providers deliver the above values and help reducing the frauds. Businesses should evaluate the need of capturing and maintaining large amount of customer and supplier data for making payments, or for collecting money from customers or buyers. This helps to put in place effective data management policies and builds access controls for employees and outsiders.

As called out by Association of Financial professionals in their fraud control report for business payments, it is vital that treasury and finance professionals continue to be vigilant and protect their organizations against future attacks to the best of their abilities. It must involve continuous evaluation of payment providers, reduction of manual processes, validating controls on data access and frauds making them more effective in preventing criminals from being successful in their endeavors.

BenePay can help businesses in controlling frauds, managing their payment data, and delivering efficiencies in payment processing.

BenePay simplifies and protects businesses for their global digital payments and collections. BenePay facilitates global payments and collections using contact details only. Instead of storing large amount of customers and suppliers’ financial data, businesses only need to collect minimal details of their payees and allow them to manage their payments and personal data on BenePay’s portal using strong security controls.

BenePay offers a fully managed SaaS solution for payments and collections with bank-grade security helping both SMEs and large businesses globally. These capabilities are delivered through Strong customer authentication (SCA) with three-factor authentication including biometric methods and making Payee’s and payers’ journeys simpler through an easy-to-use web and mobile portal. BenePay delivers payment solutions only through regulated entities.