Q&A with Nick Griffin on key findings from treasury fraud report

When it comes to payments and fraud circa 2022, we have the usual suspects like business email compromise joined by relatively new concerns such as potential threats from real-time payments. All the old and new threats and solutions have been packaged up in the recently-released 2022 Treasury Fraud and Control Survey Report, conducted by Strategic Treasurer and Bottomline. It could be argued that every single data point in the report represents a key finding when the stakes are so high for both banks and corporates. We identified five of them and asked Nick Griffin, Bottomline’s go-to-market strategy and operations manager for the Fraud and Financial Crime line of business to provide his commentary around how they connect to the current realities of the anti-fraud landscape.

Bottomline: Nick, the majority of respondents (59%) believe that they are in a good position despite the uptick in the seriousness of various kinds of fraud threats. How do we get those respondents to understand that this relative optimism does not mean that anti-fraud efforts are locked up for the long term, especially given the continued persistence of fraudsters?

Griffin: Just because an organization maybe invested a lot last year or the last two years and they've taken a step forward, they need to carefully consider whether they've actually closed the gap. And then even if they did close that gap, are they prepared for that next evolution of the fraud landscape? All our analytics here at Bottomline are designed to adapt to changing behaviors. And we are constantly innovating as new payment channels come online. I would counsel both banks and corporates to constantly reassess your fraud strategy and make sure that your tools in place are able to evolve with you and the fraud landscape.

Bottomline: Speaking of new payment channels, 62% percent of respondents see the shift to real-time payments as a risk, speed being the top concern, followed by the rules and newness of these platforms. Is that a legitimate concern?

Griffin: I believe it is legitimate, but let’s understand that the concerns around it aren’t necessarily new. Numerous factors are at play when deciding where to put your fraud detection investment. When thinking about payments channels you need to consider not just your highest value payments, but speed of settlement and the irrevocability of the payment. So, it used to be wire fraud that fit that description. It got a lot of attention, because those were your mortgage payments and other high value transactions that settled within minutes. With real-time payments becoming more ubiquitous, you now have more payments that settle faster, which means the funds can be taken out and potentially re-routed that much faster. Additionally, because it’s a new threat surface fraud teams are still working through the learning curve. They’re working to strike that balance of stopping suspicious transactions and properly investigating them without impacting the customer experience and the value that those faster payments bring.

Bottomline: One-third of companies use monitoring methods that detect potential fraud before payments are out the door. Prevention, the report says, is superior to detection. From a technology standpoint (and from the Bottomline point of view) both are addressable. How can banks and corporates leverage technology to both prevent and detect fraud?

Griffin: In my view they’re two sides of the same coin. It's about having the layers of protection and making sure that you're protecting all the right junctures of the payment’s lifecycle. Protection could mean everything from multi-factor authentication to user monitoring to transaction profiling. And the more checks along the path of the payment, the more likely that you're going to shorten the windows in which a fraudster can get in there and do something nefarious.

Bottomline: Sixty-seven percent of respondents indicated their plans to use network visualizations and analytics as part of their strategies to investigate. According to the report “visualization is a superior method for identifying attack activities after the fact compared to audit trail information.” Why is visualization so important and how does Bottomline play in that space? 

Griffin: When you think about it in the investigation context, yes visualization becomes very important. And I would also argue that it’s even more important in addressing the challenges we spoke about earlier around real-time payments. Part of the reason that real-time payments is a risk factor for fraud is due to the fact that teams want to balance security of the payments flow with the value of a quick payment. So, the quicker that you can investigate any suspicious activity, and resolve it, the better off they are. We have a few visualization tools to help here. One is our link analysis, which shows an entity map of financial transactions and their relationship to customers, accounts, and more.  The visualization helps fraud analysts connect those digital footprints, making it easier to spot suspicious patterns. In addition, our record-and-replay solution is another visualization that helps with investigating suspicious activity by offering screen-by-screen replay of what occurred within the monitored application. It has reduced investigation time by up to 90%. That’s huge.

Bottomline: 85% of respondents indicated AP and AR are key areas for bolstering fraud prevention and control investments. What makes AR and AP so vulnerable?

Griffin: I think it's a little under invested when it comes to fraud protection historically. The reason it's a focus area is twofold. One is from where they sit within the organization, these are the people that hold the purse strings which makes this probably one of the most vulnerable spots within the payment’s lifecycle. It’s also one of the highest risk areas for insider fraud. I think back to the classic the fraud triangle: opportunity, pressure, rationalization. The people in AP and AR are the people with the biggest opportunity. If they happen to experience unexpected financial pressures, you're only one side of the triangle away from somebody trying to move some funds around on a fraudulent basis.