Twelve Important Trends to Watch in 2022

Ed Adshead-Grant

Open banking evolves into open finance

Ed Adshead-Grant,
General Manager and Director, Payments LinkedIn Bug

Expect open banking to become a more global conversation in 2022. According to Bottomline General Manager and Director, Payments Ed Adshead-Grant, in the UK Open Banking will pick up increased adoption among businesses and consumer communities.

In the UK variable recurring payments (VRPs) are becoming a hot topic as Open Banking concludes its first technical foundations. VRPs enable a practice called “sweeping,” which is the automatic transfer of money between a customer’s own accounts, such as moving a certain amount of funds from the core bank account to a savings account on payday - also referred to as intelligent ‘me-on-me’ sweeping across banking accounts. Later phases expect VRPs to evolve into a form of intelligent, real-time direct debit to improve on the existing Direct Debit scheme in the UK.

More effective onboarding will be another important UK use case. Many new accounts are abandoned during the application process or stay at zero balance. With Open Banking data requests, the application process can be accelerated by populating regular fields automatically and then the first payment is pulled into the same session through a regular open banking payment inside the same process.

Although the US already has some elements of open banking in place, keep an eye on more aggressive initiatives from card networks and banks. Mastercard, through its Finicity subsidiary, reported in mid-December that more than 80% of US consumers are already connecting their bank accounts to technology apps. This follows on the heels of the July 2021 directive from the Biden administration to the Consumer Financial Protection Board to make data sharing among financial institutions easier.

For more information on Open Banking, check out these resources:

Website: What Is Open Banking?

Article: How Open Banking Can Help SMEs Recover from the Pandemic

Podcast: Upcoming Payment Regulations: How Ready Are Companies?

Ed Adshead Grant

Jessica Cheney

Real-time payments define modernization initiatives

Jessica Cheney, VP Product Management and Strategic Solutions LinkedIn Bug

Real-time payments are the future of consumer and business transactions. Full stop. Next year’s conversation will turn to use cases as real-time reaches its tipping point in serving as the foundation of payments modernization efforts around the globe. As Bottomline’s Vice President Product Management & Strategic Solutions Jessica Cheney sees it, modernization in the form of real-time is in progress and new use cases are coming into the market.

One of the things that I’m watching for in 2022 is the role of real-time payments in the evolution of payments architecture and modernization globally. For some time now, my UK and EU colleagues have talked about this in the form of the UK’s New Payments Architecture (official name) initiative as the core of their real-time payments infrastructure. In Canada they’ve approached real-time rails in a similar fashion, launching an entire payments modernization project behind it. In the US you could say that we’re in the middle of our payments modernization initiative. Real-time rails are already built and operating. The “last mile” means that organizations like The Clearing House and NACHA are continuing to advocate for payments modernization. For example, TCH announced a joint venture with SWIFT in October to accelerate real-time settlements of cross-border payments. NACHA reported 142.8 million payments processed via its Same Day ACH service for Q3 2021, a 120% jump over 2020. Working aggressively to market real-time payments to banks, with the Federal Reserve adding to this modernization through its FedNow real-time platform.

And both organizations, as well as the rest of the US financial industry, are anticipating the FedNow platform, slated to debut in Feb 2023. The Fed has taken an active thought leadership role, and much of that has come under the heading of payments modernization. They’ve done a lot of the right things to assure the market that their technology will be interoperable. They’ve signed on for the ISO 20022 message sets and have launched some very early pilot programs. Now, nobody's actually sending money or messages to each other through FedNow, but it has moved from being a set of architectural slides to having a clear line of implementation in 2023. Expect the Fed to continue its role as a thought leader for modernization as it preps its own product.

One of the things I’ve been surprised by is the volume of use cases that are coming to the fore either as real-time, bank-based payments or other instant payments platforms. From a consumer perspective, reliance on Zelle, Venmo and other instant payment platforms has skyrocketed during the pandemic. For example, Venmo expects to grow from its current 76 million user base to 120 million by 2023. So, the American consumer is certainly familiar with the concept of real-time payments. There is also a lot of press about using real-time payments rails for instant payroll. DailyPay has been working with banks as well as corporates to enable on-demand instant payroll. One of its competitors, Even, partnered with JP Morgan in early November to provide real-time payroll services. Expect that to be another trend to watch in 2022 as we watch the U.S. real-time use cases expand.
 

For more information on Real-time Payments, check out these resources:

Guide: Real-time payments primer

Article: Real-time payments interoperability remains key topic at Chicago Fed panel

Podcast: Developing a new payments and security mindset

Jessica Cheney

Paul Fannon

CoP cements its presence in the fight on fraud

Paul Fannon, Managing Director of Global Business LinkedIn Bug

With all that’s been written about Confirmation of Payee in 2021 it’s a somewhat risky venture to say it will continue to be a topic of great interest in 2022. But it will for the simple reason that it has found traction with UK banks and success against authorized push payment (APP) fraud. The proof can be found in several cases, but most notably in the Payment Systems Regulator report of October 2021. It showed CoP has increased consumer confidence, and has helped to prevent what could have been runaway growth in APP fraud. The PSR says fraud is migrating to financial institutions that have yet to implement CoP. In 2022 CoP will continue its good works and according to Bottomline Managing Director of Global Business Paul Fannon, it will expand its presence and power.

In the UK CoP has shown its effectiveness, but in 2022 I expect you will see it start to be a factor in other countries. In the waning days of 2021 SurePay, SEPAMail.eu and StreamMind launched the first cross-border IBAN Check/Confirmation of Payee solution. Right now, it’s limited to cross-border payments between France and the Netherlands. But this is a critical step toward cross-border CoP.

I also expect CoP to move beyond its fraud mitigation capacities and to show its value on the data generation front. Yes, it will ensure the payment gets to the right account, but as it is used more frequently by more banks, increasing data generation will help fuel smarter analytics. Examples: On-time payment records, potential growth accounts and even accounts that are at risk. It will also eventually lead to more enhanced data, which will potentially carry a URL that links to supporting documents.

CoP, and its related Request to Pay, needs to gain more awareness among the small business community this year. I believe only 20% are aware of it currently. For CoP to succeed, a coordinated effort will be needed across the financial services industry that includes awareness and education of its use cases among smaller businesses, who are an important part of the collective action we need to take across the industry to combat APP fraud.

For more information on Confirmation of Payee, check out these resources:

Guide: What Is Confirmation of Payee?

Article:  Payments regulation...your key to greater efficiency and security

Executive Brief: Helping prevent fraudulent of incorrect payments

Paul Fannon

Jeff Feuerstein

B2B payments automation gains speed, scale and efficiency

Jeff Feuerstein, SVP, Paymode-X Product Management and Market Strategy LinkedIn Bug

Although the paper check hangs on into 2022, for most businesses and banks payments automation has reached a point where the risks and rewards are more important than ever. Automated processes and digital payments are ubiquitous.  As Bottomline’s SVP, Paymode-X Product Management and Market Strategy, Jeff Feuerstein sees it the three most important dynamics to watch are embedded finance, virtual cards and new threats from fraudsters.

Embedded finance: For consumers, paying a vendor is a click away. That hasn’t always been the case for B2B payments, but it is a trend that continues to gain momentum in 2022. Of course, the ability to pay and get paid with speed, scale and efficiency is always the end goal regardless of the payment type. With embedded finance, the name of the game is around reducing cost by improving ways to integrate with existing ERP systems. For example, our recent Paymode-X/MRI integration allows real estate companies to reduce the cost of processing payments, reduce payment fraud and improve cashflow by capturing early-pay discounts or maximizing cash-back rebates on their AP spend.  The feature is embedded as of the MRI payment processes, reducing the need for users to leave their financial system, making that one-click consumer experience closer to the B2B space.

Virtual cards: Juniper Research expects virtual cards to process over $5 trillion in transactions by 2025, a 26% annual increase. B2B usage will double over that period. They are an essential part of an e-payables strategy that includes ACH in its various forms. Virtual cards, however, have been a bit of a digital laggard, with most of them requiring manual processes like portals, and emails, to process the payment. It’s an analog process in a digital world. I expect advancements in the end-to-end process, digitizing the receipt and processing of virtual cards to reach the level of ACH. That results in savings of both time and effort, as well as reduced card acceptance costs, for vendors with high volumes of virtual card payments.

Fraud: The fight against B2B payment fraud has made progress in an environment where fraudsters are continuing to hone their skills. But complacency is just as dangerous as fraud itself. Looking ahead in 2022, banks and corporates should continue to focus on fraud, simply for the fact that it’s a risk to reputation and customer relationships. If you’re a bank, you own the solutions and the customer relationships. Don’t risk any part of this equation. As Bottomline’s research shows 49% of firms reported they had serious fraud attempts against them. Fifteen percent of all companies indicated they suffered a loss. Corporate concern about fraud increased heavily over 2020 (+52%), and even more so among banks (+70%).

For more information on B2B Payments, check out these resources:

Article: Your best weapon against fraud? Automation

Guide: Virtual Cards 101: A payments method that drives security and efficiency

Infographic: B2B Payments research: the tech that drives tomorrow

Jeff Feurestein

Marcus Hughes

CBDCs give crypto viability and stability

Marcus Hughes, Head of Strategic Business Development LinkedIn Bug

The viability of cryptocurrencies such as bitcoin for business payments is not proven and may never be, given their volatility and innate barriers to demonstrating AML compliance. And it’s important to understand the following: 1) blockchain experimentation and actual uses of distributed ledger technology for business purposes are separate from the hype and popularity of cryptocurrency investments; 2) cryptocurrencies investment instruments are different than their value as a factor in business payments; and 3) it’s important to watch the emergence of digital currencies issued by central banks (CBDCs) as 2022 plays out. Marcus Hughes, UK-based business development director for Bottomline, explains why:

I do sense that the market is reaching the next level in the evolution of blockchain and cryptoassets, especially relating to digital currencies. Recent work by various central banks means it is increasingly likely that quite soon one or more major central banks will issue their own Central Bank Digital Currency. Although a few small economies have already launched their own local Central Bank Digital Currency, we’re now seeing the central banks of several major economies announcing initiatives to test or even create their own digital currency. So, for me, after many years of experimentation and seeing huge sums of money invested in blockchain, Central Bank Digital Currencies are now emerging as one of the most exciting and practical applications of this new technology. In tech terms, CBDCs might finally prove to be the “killer app” for blockchain.

Of all payment types, it’s cross-border payments which currently suffer from the greatest friction and complexity, so they are one of the best use cases for CBDCs. Advocates say that a CBDC would create “a more resilient payments landscape”, with a new payment rail, which meets the needs of our modern digital economy. It would therefore provide individuals and businesses with a reliable payments system which makes payments faster, cheaper, and more efficient. And it would protect against the risk of private payment systems potentially failing. By linking up different countries’ CBDCs, there is great potential to radically improve cross-border payments in multiple currencies, by making them real time, 24/7, without cut-off times or holidays, while cutting costs associated with cross-border payments processed through the correspondent banking network. Using a CBDC for cross-border payments could reduce the time taken from days to a few seconds.

It seems increasingly likely that CBDCs will be structured in a 2-tier-system, a hybrid, whereby the central bank operates the core system and ensures its safety and efficiency, while commercial banks and payment service providers would compete to develop innovative use cases, to onboard and serve end customers, including handling AML requirements. Meanwhile, the private sector, such as commercial banks and Payment Service Providers, would compete to develop innovative use cases, to serve customers. In this way, consumers could pay with a CBDC just as today, with a debit card, online banking tool or smartphone app, all operated by a bank or other private sector Payment Service Provider. However, instead of these intermediaries booking transactions on their own balance sheets as is the case today, they would simply update the central bank’s records.

To read more about CBDCs, check out this resource:

Article: BIS Plans for 24/7 Central Bank Settlement

Marcus Hughes

Ed Ireland

ISO 20022 drives payments transformation

Ed Ireland, Senior Market Development Manager LinkedIn Bug

The ISO 20022 messaging format isn’t new. But it is on the cusp of what is arguably the most urgent and relevant period in its existence – as it becomes widely adopted in the payments industry. In the UK the CHAPS RTGS infrastructure will move to what is called a ‘like for like’ migration in June 2022, where ISO 20022 messages will replicate legacy message architecture. In the EU, TARGET2 and EBA E1/S1 will fully migrate to ISO 20022 in November 2022. And for cross-border payments, SWIFT launched a new “in-flow” translation service that will facilitate the migration. The Monetary Authority of Singapore (MAS) has mandated that Financial Institutions which use the SWIFT-based MEPS+ system must comply with the ISO 20022 messaging format by June 2022.

Financial institutions who are unprepared for ISO or underestimating its impact are gambling with their ability to stay competitive. According to Bottomline’s market development director for ISO 20022 Edward Ireland, there’s the data component that makes ISO a treasure trove of information, but there are also the following reasons why it should be priority number one for banks globally.

More use cases for ISO data are coming to the fore. With ISO, FIs have transaction information, not just payments information. Instead of containing only the basics (account number, name, transaction amount) ISO 20022 can carry invoice data, the purpose of the payment and even more complex documentation. For example, a house sale could carry information about the type of property, the title and the mortgage terms. This view is supported by Cyrus Bhathawalla, Managing Director - Global Head of Real Time Payments at J.P. Morgan - “I agree that there will be benefits in reconciliation, automation and reducing manual operations inefficiencies, where you have people ticking and flicking registers. What’s more exciting, though, is in the areas of data analytics, forecasting and modelling, because you’re consuming, in some cases, a hundred times more data than you would in a traditional, batch, automated clearing house-style payment, where you’re limited to, in the US, somewhere between 16 and 18 characters in the payment message.”

ISO 20022 is also poised to impact product development and revenue and has the potential to lead some FIs to remodel their payments businesses. Among them: fraud monitoring, sanctions screening, better clarity and granularity on payers and beneficiaries, foreign exchange rates, trade documentation, new API uses, and even new credit products based on the data carried by ISO. Beyond the deadlines and competitive urgency, ISO 20022 should be developed simply because we don’t yet know all the potential use cases that it will generate.

ISO is also the key to digital and payments transformation. In fact, it can be seen as a springboard to both, and the complexities involved will demand effective partnerships and third-party providers. For example, challenges must be considered depending on how several countries plan to leverage the ISO change as a core part of their payments architecture - introducing new transaction data elements, network providers, connectivity options (e.g. API), rails (e.g. Instant Payments), digital services, and overlay services (e.g. Request to Pay).

For more information on ISO 20022, check out these resources:

Webinar: 4 Steps to a Successful ISO 20022 Migration

Report: ISO 20022 and the transformation of real-time cross border payments: Are you ready?

White paper: Digital payments Transformation with ISO 20022 as the Springboard

Article: Riding the Rails

Podcast: The Impact of ISO 20022 on Real-Time Payments

Ed Ireland

Tracy Kantrowitz

The rise of the connected financial officer

Tracy Kantrowitz, VP of Marketing for Treasury LinkedIn Bug

The Chief Financial Officer is no longer the executive that pours over spreadsheets trying to gain a holistic picture of the money coming in, the money going out and the money sitting idle within an organization. The CFO is now the Connected Financial Officer. As Tracy Kantrowitz, VP treasury at Bottomline sees it, the responsibilities and crucial functions of the CFO continue to be enhanced. Today’s CFO’s are “leaning forward, and not looking back.”

The office of the CFO is changing and instead of the “chief” financial officer I see it as the “connected” financial officer. Until recently, many financial organizations operated in a largely siloed manner with only bi-directional lines between the CFO and the various financial functions and very little cross-functional collaboration. Today, a major part of the connection evolution is that the CFO needs all teams - Treasury, FP&A, Accounting, Finance—working more closely together across processes, systems and data—and across business lines in the organization. To deliver the most value to their businesses, CFOs are embarking on a journey to unify traditionally disparate financial functions and achieve accurate and real-time financial intelligence that fuels strategic decision-making across the enterprise. It’s an important distinction because to prepare forecasts properly and have the best visibility into current liquidity, the CFO needs to orchestrate that collaboration and unification to make the right financial decisions and understand the actions needed to take place across all areas of the business.

Liquidity, speed and data. Remember those through 2022. Liquidity is vital and managing it is essential to business continuity from a financial perspective. And it's also vital to achieving agility in operating and preparedness for the future. Speed and data will also be essential for CFOs in the coming year. You have to be able to make decisions quickly based on data. Supporting all of this is technology. A technology partner should be focused on delivering an experience to you that syncs with the stages of your company's transformation strategy and its priorities.

We're clearly seeing a trend where more banks are investing in liquidity services, often solving for them by working with technology providers and treasury management providers to embed functionality and create a centralized repository for different financial instruments. These are differentiated short-term investments that treasurers or corporate finance leaders could take advantage of, once they have the visibility to move money, make decisions and execute on them.

For more information on Connected Finance, check out these resources:

Guide: 5 Keys to Strategic Treasury Management

Podcast: The Rise of the Connected Financial Officer

Tracy Kantrowitz

Brian McLaughlin

UX puts new face on payments

Brian McLaughlin, Chief Experience Officer LinkedIn Bug

Today, design is responsible for 94 percent of initial impressions. Monitoring UX design trends and optimizing experiences are key to converting long-term customers. UX is certainly priority one for Brian McLaughlin, Bottomline’s chief experience officer. His job is to keep abreast of design trends in the market. It’s a focus that has helped take Bottomline to the upper echelon of UX for banking and B2B experiences. As he sees it, these are three trends likely to advance in 2022. 

Micro Frontends (MFEs): Some background is necessary here for the non-developer audience. The frontend of a website, mobile app or web app is the layer that someone using the solution interacts with. Historically any single element of the frontend is highly integrated and dependent on being connected to the larger application. This means that if Bank X wants to add a new cryptocurrency element to the frontend, a team would need to put in the time to develop this new element. Micro Frontends is a different approach and leverages many aspects of new technology. Micro Frontends allow single elements to be built and shared more easily because they can exist much more independently as modules. Now Bank X can consume a cryptocurrency module much more quickly while retaining a seamless UX. As a result, micro frontends offer a variety of benefits, including personalized experience for end users, the ability to offer more services more quickly, deployment independence, quicker upgrades and updates, and much more. Of course, MFEs do present new challenges. These challenges are primarily centered around ensuring the needed cultural and software development lifecycle practices are aligned with this new way of creating, designing, developing, deploying, and supporting solutions that have this level of flexibility. Organizations that fully embrace all that is required to use MFEs successfully will leap ahead in 2022 and beyond.

Super Data Visualization: Most people imagine data visualizations as individual renderings in boxes arranged around a screen. When someone views a screen this way, they're looking at these objects concerning other unique areas of interest to get a sense of the bigger picture. It will become more typical to flip this model. Rather than individual visualizations in boxes strewn across a screen, we'll see more super data visualizations that show the whole picture in a single glimpse. In other words, the story will be told in a single picture, versus individual snapshots.

Contextual experiences:  Contextual design always puts the most critical content and functions at the forefront. The flow is managed, taps/clicks are decreased, and clutter and stagnant empty states are avoided. The objective of an app should be evident as soon as it is opened, and the following action should always be obvious. Context-aware programs don't sit around waiting for user input; instead, they change as they do. The user should feel that you've read their mind while using a user-centric interface. A clever and enjoyable interactive experience is as near to magic as one can get in terms of technology. This is achieved by creating an experience that satisfies users' needs while requiring minimal interaction.  

To learn more about User Experience, check out this discussion:

Podcast: Why User Experience is Critical for Financial Institutions

Brian McLaughlin

Erik Nilsen

Small business banking gets new platform

Erik Nilsen, SVP Small Business Solutions LinkedIn Bug

Remember the first time you bought a smartphone? You probably had three or four apps, just the basics like weather, email and messaging. Google now says the average user has 35 apps on their phone. When Bottomline senior VP for small business solutions Erik Nilsen scopes the trends to watch in 2022 he sees a parallel to the app experience. Because while many banking partners provide the basics, the experience has now been differentiated by companies adding partnerships and new capabilities for SMB banking, payments and analytics. Some of the dynamics in that experience, from his point of view, include:

Too many banks put SMBs on a retail banking platform, and they need something that has more utility for them without being so big that only an enterprise can use it. What we're finding is, as you put businesses into that retail platform, it gives them the consumer capabilities of basic money movement like consumer bill pay and mobile payments, but it doesn't meet many of the requirements of a small business, like budgeting, cash flow control, liquidity management, accounting automation and more advanced payment services. The interesting thing now with SMBs is that so much of their day-to-day business operations is happening outside of what the bank can offer them.

We bring in partners like Autobooks to create an integrated online banking experience to serve what we believe is the number one thing that a small business wakes up and worries about, which is how to get paid for services rendered. And so our big movement around technology is to help facilitate that digital transformation that helps them get paid while embracing fintech partners where it makes sense. Part of that will be to serve SMBs by leveraging API’s and providing more and more connectivity that can be consumed by these technology partners. 

I’ve seen some stats that say SMBs had a great 2021 and are concerned about inflation and continued COVID disruption in 2022. For me, it comes back to the basics. When you look at invoices and accounts receivables what we’re really talking about is liquidity. Liquidity management, or cash flow control, goes beyond big companies. We intend to be a problem solver in 2022 for SMBs, and if inflation and the economy cause disruption, we intend to be a trusted advisor and an information resource. We understand partnerships, we understand how to empathize with the pain points of a business rather than just sell them products. In fact, when the pandemic started in April 2020, we shifted into that trusted advisor mode, and even coined the term “marketing as a public service” to help businesses navigate an unprecedented situation. I don’t expect anything on the order of the crisis of 2020. By focusing on liquidity, we can fill several roles for SMBs at a time when they need all of them.

For more information on small business banking needs, check out these resources:

Article: Embedded digital solutions bind the new banking small business relationship

Report: Prioritizing the Right Offerings to Meet Small Business Needs

Market Outlook: Small Business Banking in 2021

Erik Nilsen

Kevin Pettet

Increased M&A activity for U.S. banks

Kevin Pettet, GM Enterprise Banking LinkedIn Bug

As Bottomline’s GM, Enterprise Banking Kevin Pettet sees it, the U.S. banking landscape will change considerably next year. The dynamics in the industry point to increased merger and acquisition activity as disruptive technologies and heightened customer expectations put pressure on mid-sized and regional banks. Among the dynamics driving this trend:

Capital expenditures are bringing a sense of urgency to banks that need to achieve scale in order to invest in technology that will enable them to extend new services like real-time payments and mobile experiences. These projects are expensive and possibly beyond the reach of smaller banks. PYMNTS/PSCU joint research recently found that as many as 15% of CUs still haven’t committed to a comprehensive digital strategy.

Larger banks are increasing their dominance and market share among businesses and consumers. JP Morgan Chase, Bank of America, Citigroup and Wells Fargo had a 35 percent market share in 2021, and JPM is on track to add 400 branches by 2024.

Customer loyalty is changing and well-funded fintechs are competing for them, adding to the difficulty factor for the mid-tier. According to J.D. Power, 41% of US banking customers are digital-only, which plays into fintech strengths. The survey also found customer satisfaction improves with digital engagement.

To read more about Digital Banking, check out this resource:

White Paper: The Commercial Banker’s Guided to Digital Banking Disruption

Kevin Pettet

Charles De Rougé

Cross-border payments accelerate with clarity

Charles De Rougé, Senior Market Development Manager LinkedIn Bug

Cross-border payments are now considered in the same manner as any other type of payments. The end user client as well as the banks and financial institutions expect that they should be processed seamlessly and in real time, or as close as possible with all the related data enclosed. Charles De Rougé is Bottomline’s head of SaaS solutions and has identified three developments to watch as cross-border payments continue to evolve in 2022:

SWIFT GPI has revolutionized cross-border payments. It has enabled 92% of cross-border payments to be credited to the beneficiary’s account within 24 hours and 40% within just 30 minutes. That kind of speed has been missing from cross-border payments as well as tracking capability. Bottomline capitalized on that in late 2021 by announcing an API-based payments tracking service for banks worldwide, integrating SWIFT gpi data.

The ISO20022 migration from SWIFT and from other networks and clearing (CHAPS in the UK for example) will accelerate the seamless processing of cross-border payments. FIN plus from SWIFT is already available for testing. The migration to ISO is the biggest and most important project for Banks and Financial institution between 2022 and 2025.

Cross-border payments will also be accelerated by new network choices. There are now new competitors on cross-border with alternative networks (VISA B2B for example) and new rails like Distributed Ledger Technology (DLT), Blockchain or even Central Bank Digital Currency (CBDC). They are still at an early stage, but they will compete in the future with existing networks.

To learn more about Cross-border Payments, check out these resources:

Podcast: The evolution of and outlook for cross-border payments

Article: The Future of Payments

Article: BIS Plans for 24/7 Central Bank Settlement

Charles De Rouge

Hagai Schaffer

Hybrid work perpetuates insider fraud

Hagai Schaffer, SVP Innovation and Technology LinkedIn Bug

2021 saw a whirlwind of changes in the work environment and there’s no denying that the rise in insider fraud was at least partially a result. In fact, 60% of organizations have more than 30 insider attack incidents a year, according to a Ponemon report. The average cost of insider threats per company is rising, with a 31% increase from $8.76 million in 2018 to $11.45 million in 2020. Fraudsters today are well-organized and always on the go. The phrase "insider threat" has developed through time, as has detection and mitigation capabilities. It's essential to develop the right strategy and technology to deal with insider fraud and we think the following trends will be worth watching.

Remote working and digital transformation due to the COVID-19 pandemic increased the average cost of data breaches. According to an IBM report the average cost of data breaches where remote work was a factor in causing the breach was higher by $1.07 million compared to those where remote work was not a factor. Outside of technology changes (see next paragraph) we anticipate a significant rise in procedural modifications in the next year to control any data leaks and better staff education to ensure that those processes are followed. Among the changes to look out for:

Investigating data breaches and other types of insider fraud will become more challenging due to the pandemic. According to an ACFE survey 60% of the respondents noted investigation processes as a major challenge for anti-fraud programs. This includes gaining access to evidence, conducting remote interviews, inability to travel and other factors.

Hybrid work environments demand new technology for detecting data breaches and insider fraud. Most companies monitor employee access to sensitive data by analyzing log files from the company's servers. Log files typically do not tell the full story of what data end-users access, as many systems include in the log files only user actions that change data, but when it comes to inquiries or data surfing most log files fall short and do not cover this important aspect of user activity. Another type of tool that many companies use is called DLP –Data Leakage Prevention. These tools typically scan data transmitted over the network to detect sensitive data that is possibly sent over email, instant messaging or other methods.

While these tools may be effective for preventing non-intentional data leakage (e.g. email sent to the wrong recipient by mistake), they are typically ineffective when it comes to intentional data leakage, since employees with bad intentions may easily bypass this type of monitoring. For example, if we consider an employee working at home taking pictures of sensitive data displayed on his/her screen using a mobile phone – this is something that will not be detected by DLP solutions. Another approach that can help organizations detect intentional data breaches and other malicious activity perpetrated by insiders is monitoring user access at the application level. When this technology is used with user behavior profiling it can alert on anomalies, which may indicate an intentional data breach.

Enter AI: Fraudsters evolve, and technology stays a step ahead. A good partner in fighting insider fraud will be one that deploys machine learning and other technologies and tactics capable of detecting, alerting, and responding to threats in real-time. Ongoing addition of data-derived intelligence only augments response. 

To learn more informationabout Insider and Employee Fraud, check out these resources;

Article: It’s complicated: FIs seek solutions for insider fraud in hybrid work environment

White Paper: A Banker’s Guide to Insider Fraud

Insider Fraud: Work from home changes data leakage prevention paradigm

Hagai

footer curve