As International Fraud Awareness Week kicks off, we took the pulse of Bottomline’s LinkedIn audience and found some results that show banks and corporates have a healthy level of concern regarding cyberattacks. But it also left us concerned that two specific types of fraud, stemming from insiders-employees and authorized push payments (APP), need more attention.
First, the numbers. Forty-percent of our audience listed “external cyberattacks” as the type of fraud they were most concerned about. Trailing that were insider fraud (28%) and APP (26%). From our perspective those numbers should be higher, because our experience in the anti-fraud defense fight tells us that these two kinds of fraud are occurring with increasing frequency and their consequences can be serious. Fortunately, both have technology solutions at the ready.
Let’s deal with insider and employee fraud first. Independent research shows it is on the rise as the pandemic-driven hybrid work environment continues to perpetuate. In fact, there might be $2.7 million on the table, depending on the type of insider fraud and the size of your company. That’s one of the findings from a recently published Proofpoint survey, which also found that credential fraud – in which employees share access information with outside parties – has tripled since 2018. In financial services, insider fraud has spiked 20.3% since the pandemic started.
But even that data might be minimizing the threat. Our Business Payments Barometer report released earlier this year showed that 48% of businesses surveyed have seen an increase in insider fraud and collusion since the start of the pandemic. It also found that
fraud concerns are more acute among larger companies, with enterprise organisations significantly more likely than smaller companies to show concern around three areas of risk: insider collusion (58% vs 31%), external cyber fraud (69% vs 49%), and authorised push payment fraud (65% vs 41%).
To combat insider fraud, technology advances are making a huge difference. Most companies rely on content filtering technology, which works well against blocking websites a company sees as threatening to security (social media) or productivity (gambling sites). It sits between the end user and outside devices or networks, and reacts to unauthorized access to sensitive information rather than stopping it. Bottomline’s Record and Reply technology has created an entire new level of defense called an application layer. It sits between the company’s application server and the end user, creating a visualization for companies as they track unauthorized access and stopping insider fraud before it happens. We’ve seen several companies use it to their advantage. For example, one company used it to better protect systems from privileged user misuse and improve internal controls. Through screen-by-screen replay R&R uncovered a disgruntled employee, an authorized user, installing malicious code to remove customer records.
APP fraud is also rampant, and like insider fraud, has a solution. In APP fraud the problem is identity. A fraudster, for example, will trick their victims into making bank transfers or other kinds of payments, often because of a threat or false urgency behind the request. In the UK alone, APP fraud losses increased by 22% to almost 150,000 in 2020.
Enter Confirmation of Payee. It gives banks an extra layer of defense against APP fraud by using API technology to provide data and messaging which shows that a payment is going to the right recipient. The API is used to validate the beneficiary’s name and account details against the information held on file whether sending or receiving payments. CoP improves customer confidence in the bank’s brand and processes, and banks can do more to adopt it. At stake is the ability to lock out criminal activity and ensure deposits flow efficiently and correctly.
Intelligence surrounding payees will be an important trend to follow in 2022. There’s no silver bullet for fraud prevention, but it is part of a combination of defensive layers that can help banks and corporates avoid becoming easy targets.
Subscribe
For further insight into the payments and banking industries, subscribe now and stay up-to-date on the latest tips, trends, and topics. You can also check out The Payments Podcast, where experts engage each other on the real-world factors impacting your industry.
Posted by
John Gaffney
