Surrey Business News

Is Your Or­ga­ni­za­tion Fraud-proof?

Stay­ing ahead of pay­ments fraud and other schemes

- Internet Security · Cybercrime · Information Security · Crime · White-collar Crime · Hacking · Fraud · Information Privacy · Internet · Society · Bitcoin · Ransomware

It’s Fri­day morn­ing and a con­troller at a Sur­rey-based com­pany gets an email from the owner with wire in­struc­tions for a pay­ment she au­tho­rized. The owner says she will drop by the con­troller’s of­fice with a copy of the orig­i­nal in­voice later in the day, but to go ahead and im­me­di­ately send the pay­ment. After it’s sent, and the con­troller fol­lows up for the in­voice, he dis­cov­ers the owner’s email was com­pro­mised and was not from her, and now the money is gone.

This hy­po­thet­i­cal sit­u­a­tion is an ex­am­ple of pay­ment fraud. As more pay­ments be­come elec­tronic, fraud­sters are be­com­ing more so­phis­ti­cated in the tech­niques they use to tar­get busi­nesses.

Ac­cord­ing to the As­so­ci­a­tion of Fi­nan­cial Pro­fes­sion­als in its 2018 Pay­ments Fraud and Con­trol Sur­vey, 78 per­cent of the or­ga­ni­za­tions sur­veyed were tar­gets of pay­ments fraud in 2017. In ad­di­tion, 74 per­cent of or­ga­ni­za­tions ex­pe­ri­enced some form of cheque fraud.

While these are scary statis­tics, in­creased aware­ness and ed­u­ca­tion is key to curb­ing this trend ac­cord­ing to Sur­rey-based Bill Cun­ning­ham, Dis­trict Vice Pres­i­dent – TD Com­mer­cial Bank­ing.

“It’s crit­i­cal to re­view your or­ga­ni­za­tion’s pro­ce­dures around pay­ments to ad­dress vul­ner­a­bil­i­ties and as­sess your em­ploy­ees’ knowl­edge gaps,” says Cun­ning­ham. “Every or­ga­ni­za­tion should have poli­cies and con­trols in place to mon­i­tor, de­tect and pre­vent pay­ment fraud.”

No pay­ment meth­ods, be it cheques or elec­tronic pay­ments, are im­mune to fraud and it’s dif­fi­cult to elim­i­nate. That’s why it’s im­por­tant to evolve your com­pany’s re­sponse and layer fraud-pre­ven­tion tac­tics to en­sure fraud is made as dif­fi­cult as pos­si­ble for crim­i­nals.

“Cheque fraud is quite com­mon so care and con­trol is key with this pay­ment method,” says Cun­ning­ham.

“Think through your cheque is­su­ing process and de­ter­mine where your cheques are kept and who has ac­cess. Re­mov­ing the op­por­tu­nity for fraud will go a long way in pre­vent­ing it in the first place.”

An­other form of fraud is elec­tronic pay­ments fraud, also known as cy­ber­crime. While elec­tronic forms of pay­ment such as credit cards, wires and elec­tronic funds trans­fers of­fer op­por­tu­ni­ties for bet­ter con­trol and mon­i­tor­ing of pay­ments, they also open the door to cy­ber crim­i­nals. Fraud­sters who en­gage in cy­ber­crime are tech-savvy and cre­ative and will of­ten use email to tar­get and trick em­ploy­ees to give up sen­si­tive in­for­ma­tion.

Tammy Rea, a Busi­ness Bank­ing Man­ager at TD works with her clients to help them iden­tify and bet­ter pro­tect them­selves against elec­tronic pay­ments fraud.

Rea sug­gests ed­u­cat­ing all em­ploy­ees, in­clud­ing tem­po­rary ones, who have ac­cess to on­line bank­ing, reg­u­larly test knowl­edge, re­view po­ten­tial fraud sce­nar­ios, per­form daily ac­count rec­on­cil­i­a­tions and re­mind em­ploy­ees that your bank will never send an email ask­ing for ac­count lo­gin or to­ken cre­den­tials.

“Re­mem­ber, if in doubt, call your ven­dor or fi­nan­cial in­sti­tu­tion to ver­ify the le­git­i­macy of an email and never, un­der any cir­cum­stances pro­vide any lo­gin or to­ken cre­den­tials, ei­ther by phone or email,” says Rea.

She says TD re­cently in­tro­duced a pol­icy of dual au­then­ti­ca­tion that re­quires two peo­ple to au­tho­rize ap­pli­ca­ble elec­tronic funds trans­fer pay­ments and wire pay­ments. Dual au­then­ti­ca­tion adds a layer of se­cu­rity to help pro­tect against fraud. In ed­u­cat­ing em­ploy­ees about fraud, it’s im­por­tant to let them know about the dif­fer­ent pay­ment fraud schemes – and vari­a­tions – out there in­clud­ing: • Phish­ing/smish­ing/vish­ing – An au­then­tic look­ing email, text mes­sage or phone call that ap­pears le­git­i­mate and asks the re­cip­i­ent to val­i­date their ac­count, con­firm sus­pi­cious ac­tiv­ity or pre­vent their ac­count from be­ing sus­pended. Typ­i­cally, a link or doc­u­ment is in­cluded in the email or text that di­rects re­cip­i­ents to a fake web­site where they are asked to pro­vide log in cre­den­tials or con­fi­den­tial in­for­ma­tion. Don’t open at­tach­ments or click on links in emails from un­known senders. • Spoof­ing/ Busi­ness Email Com­pro­mise – Fraud­sters tar­get a busi­ness and re­search who the of­fi­cers are. They then send a fraud­u­lent email, im­per­son­at­ing the of­fi­cer or a ven­dor and try to trick their vic­tim into ini­ti­at­ing one or more wire trans­fers to pay an in­voice. They “spoof” or fake a le­git­i­mate email ad­dresses, al­ter­ing one or more char­ac­ters from the

ac­tual email ad­dress.

• Ran­somware – A type of mal­ware that in­fects com­put­ers, locks down data and then en­crypts it un­til the vic­tim hands over a pay­ment to re­store ac­cess to the in­for­ma­tion. Ran­soms may be de­manded in bit­coin, a dig­i­tal pay­ment sys­tem that is less trace­able than other pay­ment types.

• Mal­ware - Soft­ware used to gather sen­si­tive in­for­ma­tion or ac­cess com­puter sys­tems. It is pos­si­ble to down­load mal­ware with­out know­ing it – per­haps in a phish­ing email, or by click­ing an In­ter­net link. If your com­puter presents pop-ups or un­fa­mil­iar screens, dis­con­nect and con­tact your IT pro­fes­sional.

You can min­i­mize your risk by re­view­ing and im­ple­ment­ing the se­cu­rity fea­tures avail­able for your bank’s prod­ucts, in­clud­ing those that en­able sep­a­ra­tion of du­ties, dual au­then­ti­ca­tion and en­hanced ad­min­is­tra­tion and con­trol. Al­ways en­ter the ad­dress of any bank­ing web­site in­stead of click­ing on links em­bed­ded in emails, pop-up win­dows or search en­gines and set in­di­vid­ual user lim­its for your pay­ments that are ap­pro­pri­ate for each user.

Your fi­nan­cial in­sti­tu­tion is a good source for in­for­ma­tion, sup­port and prod­ucts to help you pro­tect your com­pany against fraud.

This spon­sored ar­ti­cle is for in­for­ma­tional pur­poses only and is sub­ject to change.

 ??  ?? Tammy Rea
Tammy Rea
 ??  ?? Bill Cun­ning­ham
Bill Cun­ning­ham
 ??  ??

Newspapers in English

Newspapers from Canada