What are the main types of fraud threatening businesses today? How can businesses protect themselves against bank transfer fraud and phishing? Our expert Bertrand Godin provides all the answers.
Finance ministers from the G7 countries recently underscored the importance of cooperation between different economic stakeholders in order to fight cybercrime. Given their expertise when it comes to security issues, all financial services players have a vital role in providing businesses with essential information on this topic.
The undeniable resurgence of online fraud attempts since the outbreak of Covid-19 is part of a long-term trend on an international scale, which may be observed in all sectors of the economy. According to PwC, 47% of companies around the world have fallen prey to fraud over the past 24 months alone. Figures from a report published by Euler Hermès-DFCG in 2019 indicate that in France, more than 7 out of 10 companies fell victim to at least one fraud attempt over the course of last year, and 27% of companies surveyed claimed they had fallen for at least one known fraud attempt. The damage inflicted amounted to over 10,000 euros for a third of the businesses surveyed, and this figure climbed to 100,000 euros for 10% of this sample group.
While Covid-19 has led to a major shift towards teleworking for many businesses, it has also forced some scammers to change tack and revert to cybercrime. The truth is, they have mostly resorted to two well known methods. The first consists of mass cyberattacks through techniques like phishing, smishing (a term used for phishing via SMS) and sharing malicious URLs via social media. The second technique relates to targeted cyberattacks, including bank transfer fraud, which comes in four different variants.
Bank transfer fraud, the four majors
- Ghost invoicing is the most common type. It involves sending an invoice to a business’s accounting department, which, if no fraudulent activity is detected from the outset, subsequently pays the fee. This kind of fraud attempt generally amounts to a few hundred euros.
- Supplier fraud is also very common. It involves pretending that a supplier’s banking details have changed. For this to be perpetrated, the person committing the fraud has to first collect information on the business’s suppliers in a bid to pass themselves off as an official supplier. This type of fraud typically amounts to several thousand euros.
- CEO impersonation fraud is another type of scam perpetrated by con artists. This kind of fraud tactic originated in other fields but has become more widespread in the world of business. It involves a fraudster pretending to be in a position of power within a company and using their influence to request an immediate and supposedly urgent bank transfer. This type of fraud is particularly dangerous, as it often amounts to several hundreds of thousands of euros.
- Fourthly, and not to be overlooked, there is banking malware, which is a less common type of fraud but riskier. This is a sophisticated tactic that can cost a company up to one million euros or more. In this instance, malware sent via email redirects a malicious message’s recipient (or recipients) to a false banking interface, where they are prompted to transfer funds to offshore accounts.
Common sense and low-tech checks and balances in business
Be it in terms of the global economy or merely at company level, data security and the fight against cyber fraud require all stakeholders to remain vigilant.
Public and private initiatives to help raise awareness about these very real risks for businesses are found in abundance. Since the outbreak of the Covid-19 pandemic, many different bodies have organised webinars for companies on protecting against cyberattacks. They have presented a number of best practices to implement, including some that are quite low-tech and based on little more than common sense. But as logical as they may appear, people still need to remain mindful in order to put them into practice! Creating an Excel spreadsheet (or other type of format) that diligently catalogues all suppliers, as well as their associated bank accounts, gives employees the chance to easily verify whether any contact requesting payment is indeed who they claim to be. In many cases, simply calling someone back on a well known and frequently used telephone number is all it takes to dispel any doubts.
KYC, KYT and financial sector innovation
While common sense is important, when it comes to security, expertise is a decisive factor. The expertise of banks and payment service providers is tried and tested due to the sensitive nature of the data they process daily, not to mention the stringent compliance requirements they must adhere to. That is why they are well positioned to assist companies in the area of fraud prevention.
Financial institutions implement many different procedures, such as KYC (know your customer), which allows them to fulfil their obligation to verify their customers’ identity and detect the potential risk of illegal activities, in compliance with AML/CFT European Directives 4 and 5. The fintech space has provided many innovations in this area. Some companies have developed their own KYT (know your transaction) procedures to ensure that all transactions may be fully traced, from funds being sent and received to currency exchanges. They also use artificial intelligence to detect fraud.
Cybersecurity is important for everyone, but financial institutions play a particularly critical role in fighting internet fraud by guaranteeing safe trading practices and promoting trusting relationships between businesses.
Improved payment tracking for heightened security
Recent innovations that leverage SWIFT gpi’s transparency-boosting capabilities have made tracking live payment statuses possible. This benefits not only the banks and PSPs offering cross-border payment solutions, but the businesses they serve as well. Though sometimes overlooked, heightened security is among the advantages such innovations offer.
Real-time, end-to-end payment tracking is lauded by many as a customer experience revolution, no doubt influenced by ongoing digital consumer trends. Contemporary consumer expectations of increased speed and certainty have come to shape what businesses can expect from their service providers too. In a world of Uber, DPD and Deliveroo, real-time tracking is fast becoming a key competitive advantage. Chasing payments is among the latest everyday operational obstacles treated to a much-needed digital overhaul, with transparency and traceability at its core.
Beyond customer experience and operational efficiency, however, payment tracking creates a trusted ecosystem with enhanced security. When businesses and suppliers can check the live status of their payments, they can tell whether funds have been sent or received in the time usually allocated. If there is a hold-up, real-time tracking can explain why, showing where the payment is at any given time. Indeed, when there is a delay, heightened visibility reduces the need to investigate at different stages of the payment chain, fostering trust among stakeholders.
In cases of fraud, whereby funds have been intercepted and deviated from the beneficiary’s account, payment tracking can help detect illicit activity. Live payment statuses can prove decisive in these instances, as the possibility of recovering defrauded funds after a forty-eight-hour period is decidedly slim. Detecting a payment journey abnormality beforehand is vital if you wish to stop the transfer and ensure that funds are not diverted towards the fraudster’s account.
This opinion piece by Bertrand Godin, Director of Operations at iBanFirst, was originally published in French-language business publication Chef d’entreprise. It has recently been expanded. A member of the iBanFirst team for the last seven years, Bertrand was previously in charge of payment architecture and banking compliance. He has studied various methods of attempted fraud and devised a number of techniques and systems to protect against these.