Business Email Compromise Is the Top Fraud Concern for Banks
The investments we’re making to digitally transform customer experiences and power faster payments around the world are being met with equally dynamic threats. The pandemic has further incubated a perfect petri dish for bad actors everywhere. This is evident in the results of the 2021 Treasury Fraud & Controls Survey by Strategic Treasurer.
Results of this year’s survey highlight a few areas where we can come together, now.
The COVID connection in bad acting
One-fifth of survey respondents said their fraud experiences had a pandemic connection. This isn’t surprising considering that the rapid transition to remote working scenarios often outpaced the ability of businesses to ramp up defenses. That trend was harsher for smaller businesses, who attributed a quarter of their experienced fraud to the pandemic.
In the world of remote working, two factors likely drove this finding: an increased incidence of malicious link clicking, and greater use of personal devices for work activity. Nearly half of these small businesses said that providing compliance through treasury fraud and controls services has become more burdensome.
Smaller firms have fewer payment junctions and channels to protect, but they also have far fewer resources to defend against scaled, syndicated attacks that increasingly hit them by “accident.” So, as we think increasingly about protecting across payment junctions, we have to collectively respond to the implications for smaller corporates.
Business email compromise and “authorized” fraud
Close to 90 percent of bank respondents to the Strategic Treasurer survey perceive business email compromise (BEC) and “authorized” fraud to be the greatest risk to their businesses over the next year or two. Those reporting fraud losses due to BEC and related fraud have nearly doubled over the last two years.
This establishes a clear call-to-action. Recognition of risks and potential gaps across the customer base, combined with education and training, are critical efforts that can be undertaken by banks to protect customers. It’s not enough to have compulsory, static training. We’re seeing increasing success among those who are modernizing the education within payment landscapes. They’re gamifying education, leaving a message that sticks.
The uptick in internal fraud, authorized push payments and invoice fraud beg questions about how to tackle these threats better. Tools like Confirmation of Payee (CoP) in the UK start us on this road. We expect bigger banks and bigger companies to do more on this front. Bringing our resources and intelligence together across financial services, fintech and business can and will make a difference here.
Investing for the future, today
The survey also found a three-year trend of spending more on security. Twenty-two percent of respondents plan to spend more on security this year, up from 17 percent in 2019. Planned investments in payment technologies that cover BEC/authorized fraud are followed closely by those focused on protecting against account takeover.
When we think about investment and spend, our real question needs to be “Is the money being well-spent?” Begin by looking at the Golden Triangle—people, process and technology. We’re often tempted to look at only one side of the triangle. According to this year’s survey, accountability for fraud has jumped from 24 percent in 2019 to 36 percent in 2021.
Data is both key and king, so data science becomes a fundamental piece of the ‘people process’, especially in the application of artificial intelligence and machine learning, the speed of investigations and the screening of watchlists. Processes are the bread-and-butter of every control—increasingly, we’re seeing their effectiveness determined as a cultural thing. As process evolves, we’ll also continue to see the development of hub mentalities—with more people having more responsibility, and more data to support us, we are coming together to share, learn and act.
Finally, when it comes to technology, we’re seeing the most successful approaches among those businesses that look to apply it across the payments and cash lifecycle. These businesses are looking at every junction subject to compromise, whether it’s within, between the customer and bank, or the between the bank and gateway.
The scale of these once-in-a-lifetime changes are a call to action to businesses, financial services companies and fintechs alike. As transformers of good, we can collectively do more to protect corporates of all sizes and consumers, across all fraud types and with investment in the right junctions in the fight of financial crime.
Omri Kletter is global VP for fraud and financial crime at Bottomline.