Blog | iBanFirst

Security and fraud prevention in international payments

Written by iBanFirst | 08-Aug-2023 13:26:00

In today's business landscape, international payments have become a crucial part of managing supply chains and operations for companies of all sizes. 

 

Here's the kicker: a massive 71% of businesses experienced payment fraud in 2021, and across Europe, businesses lost an average of 3% of revenue due to these scams. The presence of potential fraudsters and cybercriminals, who exploit regulatory differences and evolving technology, looms large.

 

The problem is especially acute for small and medium-sized businesses making large international payments. Even just one instance of fraud can completely disrupt your cash flow and place a significant strain on day-to-day operations.

 

In this article, we'll take a deep dive into the reasons fraudulent international payments occur, uncover common fraud methods to watch out for and provide valuable best practices to safeguard your business effectively.

 

Why fraudulent international payments happen

Here's the deal: every payment carries a bit of risk, but when it comes to international payments, things ramp up with an extra layer of complexity. And as you might have guessed, greater complexity equals greater risk. So, what exactly makes international payments a sweet spot for fraudsters? Let's break it down:

 

  • Lack of uniform regulations

Different countries and jurisdictions have different rules governing international payments. This lack of consistency and uniformity makes it more challenging for financial teams to prevent and identify fraud.

 

  • Payment processing complexity

Cross-border payments often involve multiple parties, multiple steps, and multiple currencies. Each of these touchpoints has vulnerabilities that criminals can exploit to their advantage. 

 

  • Rapidly changing technology

Payment processing and security technology are constantly evolving. Technologies and protocols used in one country may not be in place in another, and financial teams are not always aware of the latest developments. Scammers are experts at identifying weaknesses and disparities in payment technologies to perpetrate payment fraud.

 

Common types of international payment fraud

While some payment fraud schemes depend on sophisticated technologies, the most common ones rely on simple deception. Being aware of the most frequently-used tactics can help you spot any suspicious activity before things get out of hand. Let's take a look at the types of international payment fraud that small and medium-sized businesses often come across:

 

Business email compromise (BEC)

One of the most common tricks in the book is called BEC (business email compromise). Here's how it plays out: the crafty criminal gathers intel about the business's vendor or supplier relationship—just enough to impersonate a trusted contact. Then, they cleverly send an email that looks like it's from the supplier, providing new banking details for future payments. The unsuspecting accounting department makes the changes, and before you know it, the scammer's sitting pretty with the amounts diverted into their account. 

 

This type of fraud is closely related to phishing. In a classic phishing scheme, the perpetrator pretends to be a supplier, sending an email to the business, requesting bank details or login credentials under the pretence of tracking a payment, for example. Once they've got the info, they're off to siphon money right out of the business's account.

 

Fake invoice fraud

As the name implies, this type of scam involves a criminal creating a fraudulent invoice for goods or services that were never ordered or received. Sneaky, right? The worst part is these fraudsters are pros at making their fraudulent invoices look legit, making it quite challenging to detect.

 

Here's how they pull it off in one of the most common tactics: they clone the appearance of an actual invoice from a trusted supplier and then slyly tweak the payment address or bank account information. The payment team processes the payment, trusting the details on the invoice, and voilà, the scammer walks away with the money.

 

Even big names like Facebook and Google aren't immune to this deception. Remember when a clever criminal posed as an employee of Quanta Computer, a major vendor they both worked with? Over the course of two years, this fraudster slipped in hundreds of fake invoices, racking up a staggering $120 million before getting caught. 

 

Here's a reality check: if it can happen to major companies with cutting-edge tech, it can certainly happen to a business like yours. It’s in your best interest to keep your guard up.

 

Now, here's a word of caution: scammers always search for information to make their fraud seem legitimate. And guess where they often find it? Your business's public website and even employee social media accounts. Those seemingly harmless details, like testimonials or supply chain reports you proudly share to demonstrate ESG credentials, can be the very tools these cunning criminals exploit for a fraudulent payday.

 

CEO fraud/identity fraud

You've got to watch out for this one. CEO fraud is a crafty social engineering scheme where a fraudster plays the role of the CEO or another top executive, asking for an urgent payment. The criminal leverages publicly available details, often through the CEO’s social channels, to create an all too convincing request.

 

Let's look at a real-life example. Not too long ago, a cunning criminal came across a social post about the CEO's visit to a major overseas supplier. Using those specific details, the scammer convinced the company's treasurer to make a high-value payment. Their pretext? The CEO apparently struck a major deal for a massive volume of raw materials during the overseas visit. Sneaky, huh?

 

Here's the thing about CEO fraud – it often boils down to the corporate culture. When a request seems to come straight from the top, employees often hesitate to follow standard internal controls and verification processes. Instead, they're more likely to comply with the request without question. Regular training and compliance checks are the secret weapons against this type of fraud.

 

Malware/cybercrime

Cybercrime isn’t limited to international payment fraud, but it’s sometimes used to compromise banking payment systems or steal supplier and customer data. How do they do it? One common tactic is sending an email with a seemingly harmless attachment. But here's the catch: once an employee opens that attachment, the malware is unleashed, giving the criminals access to the banking system. Before you know it, large sums of money have been whisked away to overseas accounts.

 

But wait, there's more–in some cases, the malware also launches a distributed denial-of-service (DDoS) attack, causing chaos in the company's IT system. And while everyone's scrambling to handle the chaos, they sneakily complete the transfer of funds. 

 

Now, the financial consequences of these malware attacks can be devastating for any business. But that's not all–the reputational damage can linger long after the attack is thwarted, especially when sensitive customer information gets breached. It's a double blow that no business ever wants to go through.

 

Best practices to prevent international payment fraud

Now that you're well-versed in the most prevalent forms of international payment fraud, let's talk about the specific actions you can take to safeguard your business from international payment fraud. 

 

While external partners can offer some help with beefing up your defences, it's crucial to take charge within your organisation first. Here's a four-pronged approach that will give you multiple layers of protection against cross-border payment fraud:

 

1. Perform risk assessments on a regular basis

To stay ahead of the game, start by regularly assessing all the moving parts involved in transferring funds–that means looking at your people, processes, and technology.

 

Check in with your employees to ensure they're well-versed in payment fraud and security protocols. If there are any gaps in knowledge or standard procedures, arrange training to get everyone up to speed.

 

Audit your payment processes to ensure proper checks and balances are in place. Everyone must know their roles and responsibilities in this critical area.

 

Review your IT and communication security protocols. By tightening these up, you can reduce the risk of hacking, malware, and cybercrime sneaking in through the back door.

 

2. Institute and standardise fraud prevention processes

Here are three effective processes that can help you tackle some of the most common types of payment fraud:

 

  • Embrace the "four-eyes" principle: This means requiring the approval of two individuals before any international payment goes through. It adds an extra layer of scrutiny to catch any fishy activity before it's too late.
  • Verify changes by phone: Whenever there's a change to a supplier's account details, take that extra step to verify it by phone before updating them in the accounting and payment systems. It's a simple but powerful way to prevent unauthorised alterations from slipping through the cracks.
  • Set clear procedures: Create trusted escalation channels for unusual situations and document any incidents or near-misses to use in future training sessions.

3. Conduct regular team training

New employees should go through initial training to get familiar with common payment fraud methods and your organisation's procedures. But fraud prevention is too complex and ever-evolving to “set it and forget it.” Instead, schedule regular educational sessions to keep your teams informed about changing regulations and technologies. Share updates on processes and new payment fraud techniques to empower your team and eliminate surprises. 

 

4. Choose a trusted payment partner

Partnering with a trusted payment service provider is the best defence against international payment fraud. iBanFirst is licensed, regulated, SEPA certified, and a member of SWIFT. Our enterprise-grade encryption and security controls offer ironclad protection for your funds and data. 

 

With our intuitive, best-in-class payments technology, your team can execute cross-border payments and complex currency conversions securely and effortlessly, with payment approval controls that match your internal processes. 

 

Learn more about partnering with iBanFirst for secure, reliable international payments.