April 28, 2021 at 09:00AM

Companies worldwide are still attempting to reconfigure their typical operations and payment processes to keep up with the shifts caused by the pandemic. This includes working to keep out fraudsters who are moving to take advantage of these changes to slip onto their servers.

Bad actors are coming armed with an increasingly varied arsenal of tools and tactics to steal money and data from firms globally. Malware, ransomware and business email compromise (BEC) attacks in particular are becoming much more popular among fraudsters, and these schemes can have costly consequences for affected businesses. Companies in the United States alone collectively lost $1.8 billion to BEC fraud in 2020, making safeguarding against these and other attacks that use social engineering critically important for firms.

In the inaugural Preventing Financial Crimes Playbook: A Guide To Overcoming Commercial And Corporate Payment Fraud, PYMNTS analyzes how fraudsters’ attack strategies have changed since the start of the pandemic, as well as what adjustments businesses must make to their own fraud prevention tactics to keep them out.

Around The Payment Fraud Space

Payment fraud volume rose over the course of the past year, with many business professionals pointing to the impact of the ongoing pandemic as a key factor in this growth. Fraudsters are growing particularly fond of BEC attacks when targeting digital payments, for example. Sixty-two percent of firms that reported suffering payment fraud attacks — successful or otherwise — claimed they were hit by BEC schemes, for example. Therefore, figuring out how to protect against these attacks is becoming a crucial goal for businesses the more popular BEC and other social engineering scams become. Examining what particular solutions or technologies could be implemented to ward against them is critical to firms that wish to compete in the changing digital business environment.

Another factor that could be affecting fraudsters’ tactics is the ongoing shift to remote work at many firms worldwide due to the pandemic’s effects, something that weakened the typical cybersecurity measures implemented by companies. Seventy-nine percent of bank professionals in the United Kingdom claimed the move to remote working models had a negative effect on their fraud protection or financial crime compliance systems, for example. This is partially due to the fact that many banks use multiple systems to manage fraud prevention efforts at their institutions, something that is much more difficult to coordinate when employees are working from home rather than clustered in one physical office. Banks must adjust their fraud prevention strategies accordingly to keep out enterprising fraudsters looking to take advantage of these gaps.

Companies must be careful to secure every aspect of their payments processes from beginning to end, both from external and internal threats. Invoice payment schemes are growing more common, for example, and can prove particularly dangerous should the fraudster gain inside knowledge of businesses’ systems. One such scam saw the former employee of the targeted company siphon $4.5 million from the affected firm by using her knowledge of the businesses’ financial processes in order to craft a false vendor account and generate false invoices. The money was sent directly to her personal account before the scheme was discovered and she was sentenced to nearly five years in federal prison. The story illustrates the necessity of guarding every aspect of one’s payment processes from potential fraud at all points.

For more on these and other stories, visit the Playbooks’ News & Trends.

How The Pandemic Has Changed Fraudsters’ BEC Scam Tactics

The pandemic provided fraudsters with numerous opportunities to slip onto businesses’ digital platforms or email servers without detection, in turn providing them with key data points about firms’ payment processes or vendor relationships they could employ for further attacks. Bad actors will tap this stolen information to better mimic legitimate vendors or company executives when attempting BEC or other social engineering attacks, making such scams much more deadly to businesses.

Developing a robust fraud prevention strategy to protect against these attacks is critical to businesses, explained Jeffrey Taylor, senior vice president of Commercial Fraud Forensics and Payment Strategy at Regions Bank in a PYMNTS interview.

To learn more about why BEC schemes represent a rising threat for companies and how firms can work to minimize this danger, visit the Playbook’s Feature Story.

Deep Dive: Why Businesses Must Revamp Their Fraud Strategies To Keep BEC Scams And Payment Fraud At Bay

The growing danger of payment fraud scams has not been lost on businesses, with 86 percent of companies agreeing BEC schemes represent the greatest potential risk to their firms. Fraudsters are increasingly tapping these or related schemes to target businesses’ payment processes as more entities make the jump to digital for their B2B transactions. Reducing this risk is an essential task for firms, many of which are therefore searching for tools and solutions that can protect these processes without introducing undue friction.

To learn more about how fraudsters are changing their payment fraud attack strategies over the past year and how businesses must shift their fraud protection approaches to keep up, visit the Playbook’s Deep Dive.

About The Playbook

The Preventing Financial Crimes Playbook: A Guide To Overcoming Commercial And Corporate Payment Fraud, a PYMNTS and Bottomline collaboration, examines how corporate and commercial payment fraud is evolving, the most significant fraud risks faced by businesses, and what technologies or solutions could be employed to best protect against fraud attacks.

Report: Automation Protects Business Payments From Email Compromise …

Selected by EFXA

Search Web: Report: Automation Protects Business Payments From Email Compromise

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>