top of page

Serrala: Prevent payment fraud - Strengthen your weakest links

fraud banner 1.jpeg

74% of businesses report that they’ve experienced payment fraud attempts. And in reality, the real figure is probably closer to 100% – many will simply have missed fraud attempts that were successful. It’s easy enough to spot fraud attempts when handling our personal finances. Nobody will make a large transfer from their own bank account without making sure it’s a legitimate bill. But for finance teams handling hundreds or even thousands of transactions monthly the margin of error widens, and fraudsters exploit vulnerabilities. And those vulnerabilities are very lucrative – B2B payment fraud is a $42bn global industry. As any security expert will tell you, it’s impossible to create a completely secure system that will eliminate fraud risk entirely. But it is possible to protect yourself from most fraud attempts by identifying your major vulnerabilities – the weakest links in the chain of your payment processes – and strengthening them. At Serrala, we’ve been investing in fraud prevention methods for our own accounts payable and treasury management solutions for decades. And in that time, we’ve learned that there are three key areas of vulnerability that all organizations can address that will substantially reduce their fraud attack surface.

People – your first and last line of defense

The overwhelming majority of fraud attempts target two parts of the financial function: AP (61%) and treasury (13%). The reason is simple: these two departments host the largest number of people responsible for manually keying payment details. This makes them the most likely to let fraudulent payment requests slip by – either because the volume of transactions they’re dealing with makes scrutiny impossible, or because they lack the resources to identify them. The two next most significant people vulnerabilities are individuals or functions with a major stake in payment approvals: C-level executives (the targets of so-called “whaling” attacks) and the procurement team. But as the targets only 8% of fraud attempts respectively, they represent a much smaller vulnerability than those at the day-to-day payment coalface. The risk represented by people-related vulnerabilities (from the CEO down to your AP operators) are, fortunately, very easily fixed. We minimize them by providing adequate fraud detection and prevention training to everyone with responsibility for making and approving payments. Regular sessions and attention given to real-life examples of fraud attempts help sensitize your people to potential threats. Clear reporting channels and processes also empower them to alert everyone to suspicious activity and reduce its impact. Speaking of processes, this brings us to our second key vulnerability. 

 

Processes: a bigger risk than you think

Your people are only as good as the tasks and workflows you give them. Over the years, we’ve seen countless businesses expose themselves to unnecessary fraud risk due to outdated or informal payment processes. In larger organizations especially, these can vary considerably between different offices and even between different teams. Varied processes for approval or master data checking often arise to deal with specific challenges. But while they can make operations easier in the short term, in the long term they make it harder to keep track of approvals and approvers and create a host of vulnerabilities for fraudsters to exploit with both simple phishing and fake invoicing tactics and more sophisticated approaches like registering fake suppliers to allow payments to be rerouted, or infecting your organization’s systems with malware. On top of this, many AP and treasury teams lack proper segregation of duties for payments. Centralizing approvals with individuals certainly makes things easier. But it creates a critical vulnerability if a fraudster can identify those individuals and target them specifically. Streamlining and standardizing your processes, incorporating segregation of duties and “multi-eye” principles, and establishing robust master data update protocols helps verify legitimacy and identify suspect transaction requests.

Systems: a major source of vulnerability, and a major opportunity for improvement

Secure systems make for secure processes. If your organization relies on multiple e-banking tools, it’ll be much harder even for the most vigilant teams and approvers to form a clear picture of company-wide payments. Much less fraud attempts or even accidental duplicates. For both visibility and control, organizations need to centralize their payment systems. Many payment hub technologies help not only by making scrutinizing individual invoices and transaction requests easier, but by incorporating whitelisting functionalities to prevent false positives, and automated pattern recognition (increasingly bolstered by AI and machine learning) to flag suspicious transactions long before your people would be able to spot they’re suspicious. Sophisticated solutions can even enable you to remove suspect items from bulk payment files so you don’t have to upend a payment run for the sake of one or two flagged transactions. All while still allowing you to escalate the problem payment for closer scrutiny. Integrating these capabilities into your payments process as you centralize your technology means you can not only enhance security, but do so without hampering operational efficiency. And while empowering your people to make more effective and speedy decisions that optimize payment efficiency and risk management. You can strengthen all three vulnerabilities by picking the right technology partner. At Serrala, we’ve spent 40 years developing automation solutions for AP and treasury that make payments more secure without your people noticing. Empowering them to work smarter and faster with full confidence that they’ll only ever need to apply scrutiny to the transactions that need it.

bottom of page