A challenge for organisations is that the pace of change is accelerating so only a holistic strategy and a comprehensive set of defences can secure how they pay and get paid.
Five years ago, payments took much longer to complete than they do now, perhaps three days for a transfer. The upside of this delayed time allowed chief financial officers (CFOs) the opportunity to uncover anomalies and call a halt to dodgy dealings before money disappeared.
Today, almost half of UK businesses have adopted the Faster Payments Service, which greatly improves efficiency, but has closed the window in which money can be clawed back.
“CFOs and corporate treasurers can no longer rely on clearing cycles as a buffer to deal with fraud,” explains James Richardson, head of market development, risk and fraud, at Bottomline Technologies.
“Criminals have learnt smart ways to catch out organisations, whether it’s finance or treasury departments. Yet, the window of opportunity to close them down has shrunk massively.”
Bottomline is at the sharp end of a change in attitude towards securing business payments
New frauds are accentuating the problem. Business e-mail compromise, in which criminals posing as the chief executive request immediate settlement of funds, is relatively new, but costs the global economy billions of pounds each year.
“Fraudsters treat this like a business,” adds Mr Richardson. “They do research and have ‘sales and marketing teams’ which probe organisations of all types and sizes for vulnerabilities.
“E-mail scams are a bit like telemarketing. Chief executives and finance directors are tracked on social media, particularly LinkedIn, and if anyone responds it’s as if they are self-selected for a fraud. The sums can be huge, for example an acquisition-related payment, so we’re talking millions.”
Fake invoices and vendors are just a small part of a much wider problem. Mr Richardson likens it to a balloon, which when squeezed in one area expands in another. It’s strong evidence that a “people and process” approach to combating fraud is no longer adequate.
Bottomline is at the sharp end of a change in attitude towards securing business payments. It is repositioning its stance from simply making solutions available to strongly recommending a suite of technologies that can shield financial institutions and corporates.
“New regulatory and security demands, specific to payments, are being mandated for banks and large enterprises,” says Mr Richardson. “Currently fraudsters are ahead of the game so organisations should not wait until security becomes mandatory. Instead they need to continuously secure their payments effectively by applying these standards now.”
Research by Bottomline suggests more than two fifths of UK organisations don’t currently use technology as part of their payment compliance processes. In other words, they rely purely on staff members to raise the alarm if something looks wrong.
Mr Richardson’s advice is to adopt technology that deals with the latest threats. If your thinking hasn’t changed in the last three years, he suggests, your business is vulnerable.
“Don’t stick with what you have done before; it’s vitally important to keep pace with the payment security landscape and emerging threats. Now is the time to think differently.
“Our advice is to look at what security standards and obligations are coming your way, even if they are currently optional or advisory. Don’t wait for it to become mandatory; if it makes sense then do it now,” says Mr Richardson. “As new threats emerge, new standards will need to be met so organisations must keep up with the pace of change.”
Most important is to switch from a reactive to a proactive stance, one capable of monitoring behaviour and detecting payment anomalies before they leave your organisation.
“Having a suite of solutions that looks at the problem from every angle, for every single transaction, is the standard for securing business payments in 2017,” Mr Richardson concludes.
For more information please visit www.bottomline.com
