The fight against fraud: time for a rethink?
26 May 2016
To pay and get paid - a process that enables every company to remain in business. So why is it not being sufficiently protected in many organisations today? Payment fraud is on the increase and can occur from outside and inside a business - and it does not discriminate. Those responsible for security and protecting against fraud in organisations of all sizes must rethink their approach to protecting the corporate fortress.
James Richardson, Head of Presales, Bottomline Technologies & Richard Ransom, Payments Product Marketing Manager EMEA, Bottomline Technologies
Recent BBC headlines have reported that ‘Two-thirds of big UK businesses have been hit by a cyber-attack in the past year, according to government research’ and ‘More than 5,000 people were conned into sending planned payments to fraudsters’ bank accounts last year’. This follows other reports of fraud across all types of business, including well-known manufacturers, charities, football clubs and those in the public sector, which are appearing in the news on an almost weekly basis. The threat level of infiltration and subsequent theft is increasing and unsurprisingly so is the cost of each attack, which may not just be financial but also reputational.
The reason for the big increase? Attackers and fraudsters are becoming more innovative and committing fraudulent actions because they can – not legally, of course, but because the corporate fortress is not as secure as we think. Existing defences designed to deter or detect fraud may not today cut the mustard against the evolving techniques being used to access money and data. Businesses must also acknowledge that these threats are not just coming from highly-publicised, high-tech external hacking either. Internal fraud accounts for a high proportion of cases reported in the news today. Old processes or technology can present an ideal opportunity for exploitation. An employee can easily use gaps in procedures to syphon off money by paying bogus suppliers or changing bank account details on invoices. Low-value fraud occurring over a long period of time can be just as costly as the one-off sensational frauds for millions of pounds.
But how can you detect a fraudster or when you are indeed being attacked? It is surprising how “normal” the people are who commit these crimes – in fact, according to KPMG¹ the typical internal fraudster could be sitting next to you in the office – a 36 to 45 year-old male, working in the finance department or in a finance-related role. Fraud can be detected by implementing modern security systems and technology that provides effective real-time monitoring of processes and people to detect changes in behaviours. In parallel, by regularly reviewing and adapting existing measures for proactive prevention, you will keep ahead of the fast-moving threat environment.
At Bottomline, our 20-year history of powering payments for all types and sizes of companies, financial institutions and banks has led us to naturally extend our technology to protect money by keeping it moving in and out of a business securely. Money is the lifeblood of an organisation and any that goes astray compromises its ability to function, buy materials and pay suppliers, employees and shareholders. It unbalances the equilibrium of liquidity and prevents investment and growth. So surely this is worth protecting?
Click here to find out more about cyber fraud and risk management
(¹KPMG’s 2011 study of Global Patterns of Fraud)