Fraud, a threat beyond borders
Cybercrime & Authorized push payment fraud around the world
Sources : PWC , Cybercrime Magazine Top 5 Cybersecurity Baromètre DFCG • Euler Hermès, Etude PWC • PwC’s Global Economic Crime and Fraud Survey 2020, Rapport Acronis, article CyberSecurityVentures
Authorised Push Payment Fraud
Bank transfer fraud affects all companies, whatever their size or sector of activity. Although fraud is now better known to the general public, it is no less threatening in the face of unscrupulous fraudsters with increasingly technical and sophisticated methods.
Both professionals and private individuals are affected, from bankcard and cheque fraud to in-house fraud and scams. Cybercriminals are cunning and know how to deceive their victims. Every potential victim needs to be vigilant.
Since the health crisis and the spread of teleworking, every department within a company is exposed to major risks of fraud. The finance department in particular is the main target of fraudsters when it comes to transfer scams. Weaknesses are highlighted and exploited to obtain fraudulent payments.
Of the various types of bank transfer fraud, the most popular is the fake supplier fraud, which involves impersonating a company’s supplier, but other types of fraud also exist.
The techniques most commonly used in bank transfer fraud (or FOVI) are identity theft and social engineering. The way in which the victim is contacted and approached varies. In phishing, for example, the fraudster sends an e-mail or text message to encourage the victim to enter sensitive data (bank details, login details, bank card, etc.) on a fraudulent page. Another risk concerns online credit card payments, which are often subject to phishing attacks. Companies are weak in the face of these attacks and have very little recourse, even if legal proceedings are initiated. Victims are often hit by a rebound attack. In other words, once a company has fallen victim to a money transfer scam, the next victim is often one of its customers or suppliers. There are no borders to this threat, the fraudster is difficult to identify and the chances of a refund of the amount stolen are very slim. Fraudsters are usually organised in groups and carry out these scams in order to finance larger illegal operations.
Worldwide, it is estimated that almost half of all companies have been the victim of a fraud attempt, but few are willing to share their experiences. As a result, they do not lodge complaints, even though they have few rights to assert when faced with a situation of bank transfer fraud. By making as many companies as possible aware of the different techniques used, how to protect themselves and the risks involved, the fight becomes a collective one.
Fraud is a collective battle!
Securing processes beyond the company
Fraud risk at every of the Purchase-to-Pay (P2P) process
The human factor is central to validating the data of your third parties, customers and suppliers. In particular, this is where action needs to be taken to eliminate manual errors and check the identity of each person involved, especially if they are known to the company. Fraud is, in 72% of cases, external to the company and each stage of the P2P process put in place by the finance department presents a risk for the company.
The payment process is often undermined by a scam, resulting in a significant loss that could put an end to a company or at least permanently damage its image. For example, in the case of a fake supplier scam, victim companies experience losses of over €10,000 per company. The victim’s lack of information about the risk of fraud is an aggravating factor, which can nevertheless prove highly preventive.
To thwart any attempt at fraud, processes must be made more secure and controls must be digitalised.
Aggravating factors of corporate fraud
Measures to combat bank transfer fraud
What are the right things to do?
Your bank details or bank identifiers should not be disclosed on a website if you are not sure of the authenticity of the page.
