The Missing Link in Corporate Fraud Prevention
Imagine receiving an email that appears to come from your supervisor, requesting that you immediately send a wire transfer of a substantial sum to a client. Not wanting to disappoint or question your superior, you hastily comply without taking the time to notice the red flags that point to the imposter behind the message. You follow the directions included in the email and unwittingly transfer thousands of dollars to a fraudulent account. The company suffers a significant loss that ultimately costs you your job.
Unfortunately, this scenario plays out all too often in today’s financial environment. A 2017 survey by Strategic Treasurer found that 86% of companies experienced fraud in the prior two years. The type of fraud highlighted in the above example, known as business email compromise (BEC) or imposter fraud, was experienced by 79% of respondents. Often difficult to recognize, criminals impersonate a corporate employee or vendor using fake credentials as a disguise. Perpetrators spend significant time learning the nuances of an employee’s interactions before initiating a fraudulent transfer request, with the goal of convincing an employee that their request is legitimate.
It is not uncommon for business email compromise to be successful. Over 14% of imposter fraud attempts result in the criminal successfully initiating a money movement out of the company. Of the organisations that suffered a loss in 2016, 11% terminated an employee. The losses can also be significant- an average payout for successful BEC fraud in the U.S. is upwards of USD 130,000.
As fraud attempts become more commonplace, corporates have had to change the way they think about managing transactions. In 2017, 61% of corporates said that security concerns had a strong or very strong influence on their planned technology spend. For 46% of corporates, this is higher or significantly higher than in 2016. As defense spending becomes an increased priority, corporations must learn how to best allocate these resources. This includes both technology and training.
What influence do security concerns have on your current or planned technology spend?
- Very Strong Influence 30%
- Strong Influence 31%
- Moderate Influence 29%
- None to Limited Influence 4%
- Unsure 6%
When it comes to defending against fraud, the human elements are just as important as the technological ones. Many banks and corporates invest heavily in technology that supports security. This may include tangible locks, key cards, and other barriers to entry, as well as multi-factor authentication systems and updated firewalls. Unfortunately, the human element is often overlooked.
Technology cannot always prevent fraudulent activity. Human activity is unpredictable and prone to error. Imposter fraud no longer consists of a hastily written email by a foreigner who does not speak the reader’s language. While such attempts have been easy to spot in the past, criminal sophistication continues to develop, and attempts become harder to detect. Educating employees is now one of the most important measures of defence.
Education can be as simple as holding quarterly or yearly training sessions to guide awareness of security threats. The most effective training will have an element of awareness and testing. For imposter fraud specifically, there are a few action points that can help employees be aware of the red flags. First, employees must authenticate the source through multiple avenues. An employee should not simply reply to an email, but instead use phone, in person conversation, or an alternate email to inquire as to the legitimacy of the request. It is also wise to consider the urgency of the message. If the message includes the necessity of immediacy, it is often illegitimate. Awareness makes a difference in how fraudulent activity affects your company, but corporates must take the responsibility for that knowledge.
Alarmingly, many corporations are still not engaging on this front. A recent survey showed that even though banks and corporates have invested significantly in fraud prevention and security tools, training is still being overlooked by corporates. Whereas nearly all banks (97%) responded that they require employees involved in payments to take yearly security training, only 39% of corporates do the same. Even with the widespread awareness of fraud and the increase in fraud attempts, corporates are failing to educate their employees on security.
BEC Fraud is on the rise and the implications of the threat cannot be overlooked. Even if your company takes the first strong step towards security and invests in technology that supports it, prevention should not stop there. Addressing the human element of security through training is key to a complete safeguard against loss due to fraud.
Content Copywriter, Treasury Analyst
Meredith Carpenter works as a content analyst and copywriter in the market intelligence division of Strategic Treasurer, a top tier treasury consultancy headquartered in Atlanta, Georgia.