How Safe is Your Corporate Payment Workflow Process, Really?
Payments fraud is still on the rise, and it’s a safe bet that the problem will only continue to increase. The larger the organization and the more complex their infrastructure, the higher the likelihood of attack. Therefore, it’s crucial for corporate treasury professionals to understand the risks and take steps to prevent and mitigate any potential damage.
Common Types of Attack
According to the 2017 AFP Payments Fraud and Control Survey, 75% percent of organizations experienced check fraud in 2016, showing a reversal of the decline of the previous five years. Wire fraud was the second most targeted method of payment. Corporate purchasing card fraud and ACH transaction fraud were also referenced.
Also, 74% percent of organizations reported that their organizations were victims of business email compromise (BEC) scams – up 10% from 2015 – which may also have contributed to the increase in transaction fraud. According to the FBI’s Internet Crime Complaint Center (IC3), “Since January 2015, there has been a 1,300 percent increase in identified exposed losses [resulting from BEC scams], now totaling over $3 billion.”*
Identifying the Weakest Process Links
Determining the key areas of vulnerability within your payments workflow is the first step towards protection.
Payment transactions must be handled securely to ensure compliance, and should also be managed efficiently and cost-effectively. Conducting a process review can be valuable on several levels, as it can provide insight into areas where efficacy can be improved as well as identifying potential weaknesses.
A few questions to ask yourself: How much visibility do you have into your cash flow? Who has access to your payments system, and what controls are in place? Is your process documented and auditable? How much manual intervention is required at any stage of the workflow? Is the technology that you are using up-to-date?
Detect, Protect, and Prevent – With Technology
Centralization, automation, and documentation are all key to reducing risk. Using a single centralized payments solution increases the odds of quickly detecting fraudulent activity.
Today’s payment providers offer a secure payments and multibank frameworks, taking much of the worry away from treasury. Multibanking solutions can automate bank connectivity, file formats, messaging, and transactions, and the onus for regulatory compliance falls to them to uphold. But that doesn’t mean that treasurers should ignore processes and be less vigilant. It falls to corporates to put security policies in place and implement best practices in order to realize the value inherent in these solutions.