Security, a vital aspect of payment services

2 November 2020

A lock is displayed in a cloud of currency signs.

What are the main types of fraud threatening businesses today? How can businesses protect themselves against bank transfer fraud and phishing? Our expert Bertrand Godin provides all the answers. 

Finance ministers from the G7 countries recently underscored the importance of cooperation between different economic stakeholders in order to fight cybercrime. Given their expertise when it comes to security issues, all financial services players have a vital role in providing businesses with essential information on this topic.

The undeniable resurgence of online fraud attempts since the outbreak of Covid-19 is part of a long-term trend on an international scale, which may be observed in all sectors of the economy. According to PwC, 47% of companies around the world have fallen prey to fraud over the past 24 months alone. Figures from a report published by Euler Hermès-DFCG in 2019 indicate that in France, more than 7 out of 10 companies fell victim to at least one fraud attempt over the course of last year, and 27% of companies surveyed claimed they had fallen for at least one known fraud attempt. The damage inflicted amounted to over 10,000 euros for a third of the businesses surveyed, and this figure climbed to 100,000 euros for 10% of this sample group.

While Covid-19 has led to a major shift towards teleworking for many businesses, it has also forced some scammers to change tack and revert to cybercrime. The truth is, they have mostly resorted to two well known methods. The first consists of mass cyberattacks through techniques like phishing, smishing (a term used for phishing via SMS) and sharing malicious URLs via social media. The second technique relates to targeted cyberattacks, including bank transfer fraud, which comes in four different variants.


Bank transfer fraud, the four majors
  • Ghost invoicing is the most common type. It involves sending an invoice to a business’s accounting department, which, if no fraudulent activity is detected from the outset, subsequently pays the fee. This kind of fraud attempt generally amounts to a few hundred euros.
  • Supplier fraud is also very common. It involves pretending that a supplier’s banking details have changed. For this to be perpetrated, the person committing the fraud has to first collect information on the business’s suppliers in a bid to pass themselves off as an official supplier. This type of fraud typically amounts to several thousand euros.
  • CEO impersonation fraud is another type of scam perpetrated by con artists. This kind of fraud tactic originated in other fields but has become more widespread in the world of business. It involves a fraudster pretending to be in a position of power within a company and using their influence to request an immediate and supposedly urgent bank transfer. This type of fraud is particularly dangerous, as it often amounts to several hundreds of thousands of euros.
  • Fourthly, and not to be overlooked, there is banking malware, which is a less common type of fraud but riskier. This is a sophisticated tactic that can cost a company up to one million euros or more. In this instance, malware sent via email redirects a malicious message’s recipient (or recipients) to a false banking interface, where they are prompted to transfer funds to offshore accounts.
Common sense and low-tech checks and balances in business

Be it in terms of the global economy or merely at company level, data security and the fight against cyber fraud require all stakeholders to remain vigilant.

Public and private initiatives to help raise awareness about these very real risks for businesses are found in abundance. Since the outbreak of the Covid-19 pandemic, many different bodies have organised webinars for companies on protecting against cyberattacks. They have presented a number of best practices to implement, including some that are quite low-tech and based on little more than common sense. But as logical as they may appear, people still need to remain mindful in order to put them into practice! Creating an Excel spreadsheet (or other type of format) that diligently catalogues all suppliers, as well as their associated bank accounts, gives employees the chance to easily verify whether any contact requesting payment is indeed who they claim to be. In many cases, simply calling someone back on a well known and frequently used telephone number is all it takes to dispel any doubts.


KYC, KYT et innovation dans le secteur financier

While common sense is important, when it comes to security, expertise is a decisive factor. The expertise of banks and payment service providers is tried and tested due to the sensitive nature of the data they process daily, not to mention the stringent compliance requirements they must adhere to. That is why they are well positioned to assist companies in the area of fraud prevention.

Financial institutions implement many different procedures, such as KYC (know your customer), which allows them to fulfil their obligation to verify their customers’ identity and detect the potential risk of illegal activities, in compliance with AML/CFT European Directives 4 and 5. The fintech space has provided many innovations in this area. Some companies have developed their own KYT (know your transaction) procedures to ensure that all transactions may be fully traced, from funds being sent and received to currency exchanges. They also use artificial intelligence to detect fraud.

Cybersecurity is important for everyone, but financial institutions play a particularly critical role in fighting internet fraud by guaranteeing safe trading practices and promoting trusting relationships between businesses.


Article originally published in French-language magazine Chef d’entreprise, written by Bertrand Godin, Director of Operations at iBanFirst, where he has worked for the last six years. Previously in charge of payment architecture and banking compliance matters, Godin has studied various methods of attempted fraud and has been able to devise a number of techniques and systems to protect against these.