Four Best Practices to Achieve Payments Security
According to the 2017 AFP Payments Fraud and Control Survey, 74% of finance professionals report that their companies were victims of payments fraud in 2016, up from 73% in 2015 and 62% in 2014. The larger the organization, the higher the percentage of fraudulent activity: 84% of firms with an annual revenue greater than $1B with more than 100 payment accounts reported attempted or actual payments fraud.
The Importance of Maintaining Visibility and Control
It makes sense that a larger number of accounts, multiple currencies and higher volume of transactions open large organizations up to greater risk. But that doesn’t decrease the concern for any company facing a more complex payments landscape. Even more troublesome is the fact that many hacked organizations had passed security compliance testing. Many corporates are unaware of threats until after suffering a loss. But as hackers and criminals become more sophisticated, so do the means in which they can compromise security.
Here are four ways to be proactive about achieving and maintaining payments security:
- Create a security framework
Having a security policy isn’t enough. You should also have a documented process in place that spells out how the policy is executed. This may be driven by IT, but needs to have input from treasury – and if the steps are followed, the organization will be vulnerable. This includes mandatory anti-malware software and updates/patches, secure logins, access controls (authorization and authentication), approval processes, and separation of roles and responsibilities.
- Implement cash visibility
As companies scale, they often lose visibility into the details of their accounts, which can result in a loss of control. If you don’t know the balances and standard transactions for each account, you will have no way to flag potentially fraudulent activity. Aggregation, normalization, and daily reconciliation gives you visibility into the state of your accounts, decreasing the chances of financial loss.
- Implement straight-through multibank connectivity
Make sure your technology is up-to-date, and serves your needs. Your multibank vendor should be a trusted partner and advisor, not only providing you with secure payments solutions, but also offering suggestions and data to help you optimize your payment policies and best practices in terms of format and delivery.
Ideally, all transactions should be created, validated, executed and monitored through a single workflow platform, eliminating the manual element as much as possible. Investigate setting up a payment factory, bank account screening, and other automated methods to spot discrepancies that may signal fraud.
- Be Aware
Keep abreast of what’s going on. Pay attention to the news, read the reports, and be vigilant – don’t be caught off guard. Make sure your team complies with the security processes you have implemented: don’t fall victim to business email compromise scams or account takeover attacks. Be clear on liability – it’s on you to understand how much accountability falls on your bank and your payments provider in the event of money loss due to fraudulent activity, and what remains under your purview.