PwC’s Global Economic Crime and Fraud Survey 2022 revealed that 46% of organisations have experienced fraud, corruption, or other economic crimes in the last 24 months. Ryan Mer, CEO of eftsure Africa, a Know Your Payee (KYP) platform provider, gives a rundown of what to look out for.
Today’s CFO needs to be highly attuned to the constantly evolving fraud landscape. To be effective in leading the fight, CFOs and high-level financial administrators must be two steps ahead of the criminals by understanding the latest fraud trends and adapting defences accordingly. Only then can the right investments be made to prevent the potentially crippling cost of fraud.
Fraud protection is no longer optional
It’s hard to believe, but just a few years ago, even large organisations didn’t have payment fraud protection in place. One of our clients, a listed company, had an ongoing issue with payment fraud totalling over R3 million in losses in the year before adopting eftsure. They haven’t lost a cent to payment fraud since.
Businesses are taking the threat of payment fraud a lot more seriously than they did even two years ago. They’re acknowledging that the payment fraud risk is there and that it’s ubiquitous – not only large corporations and banks are being targeted anymore. They know they have to be protected in some way or another.
It’s easier to hack people than to hack machines
Business email compromise (BEC) is a massive problem, even with protection in place. As threat protection becomes more sophisticated, fraudsters are targeting people to circumvent these digital security measures. There are numerous examples of bad actors manipulating various levels of staff. Although it may be tempting to believe only gullible individuals fall for scams, criminals are often professional, persuasive and well-trained in using human weakness, as well as individual and company information, to their advantage.
Here’s a likely scenario: A client writes an online review of your company. A fraudster sees this and now knows this person or company is your client and that you would expect emails from them. They create a similar-looking fake email address, paste the client’s logo in their email, attach a malicious document, and send it to your company asking for clarification on the ‘attached invoice’. It takes one person on your team to open that attachment without double-checking the sender’s details and your company is compromised. This happens so easily when financial teams are under tremendous time pressure.
Email security does help, but personnel training is crucial. Otherwise, it’s like having the best security at your house, from beams to alarms to fencing, and letting someone through the gate without checking their credentials.
Manual processes are dangerous
The surprising result of increased digital fraud and BEC is that many companies opt to solve this problem by introducing more manual processes. They’re adding another person as a point of contact or another manager to oversee crucial checks. The problem is that it’s still a manual process, reliant on a person that can be manipulated, whether unwittingly or not. It’s a case of rearranging the deck chairs on the Titanic. Digital threats must instead be fought with digital solutions.
Another common mistake is to automate some processes but keep certain steps in that process manual. And ‘manual’ doesn’t necessarily mean physical documents but can involve adding extra steps to a process that could easily be automated. Onboarding new suppliers or clients is a great example: many businesses have a platform for this, but then request certain documents via email. That’s an invitation for an interception, impersonation or malicious attachment. Or they’ll take data from the platform and manually perform processes and procedures on it, adding in a human element and the potential for mistakes. That’s not only counter-productive from a security perspective but also a business perspective.
Luckily, we’re seeing the pendulum starting to swing in the other direction. CFOs and CEOs, the executives responsible for processes, controls, operations and systems in the organisation, are starting to pay more attention to digitisation and automation. There’s a better understanding of these risks and benefits in general. After all, t a lot of responsibility sits on the shoulders of those responsible for outgoing payments in an organisation.
Onboarding, for example, is one of the first experiences someone will have with your company and should be as seamless and simple as possible. By using a platform that can digitise and automate the process, you can speed up the onboarding journey and collect all documents upfront, saving time for all parties involved. A digitised and controlled internal approval process that is automatically part of internal procedures increases business efficiencies and reduces the wastage of productive time and energy that should be used to further the company, as manual labour is greatly reduced.
Don’t just upgrade: integrate
The next step is to not only automate but to integrate. Though our solution can be used as a standalone system, we’re seeing more clients integrating it into their existing systems.
A Software as a Service (SaaS) provider like eftsure can help enhance processes and limit payment fraud risks by providing an integrated onboarding, verified master data management and payment screening solution that cross-references the payments an organisation is about to release with a database of verified bank account details. This can be integrated into anything from ERP and accounting systems to sales and customer relationship management systems. The platform alerts you to any potentially compromised payment details at the point of payment, allowing you to deal with the problem before the flow of funds has occurred.
The CFOs who are ahead of the digitisation curve, or further along in the process, are now looking for more integrated solutions. This cuts down on the number of steps in each process and the time spent on each step – improving security while improving the bottom line. Even if they’re making these decisions for the sake of efficiency rather than security, it’s still a win on both fronts. And at the end of the day, which stakeholder with the huge responsibility of releasing payments on behalf of a company wouldn’t want peace of mind before doing so?
