SlideShare a Scribd company logo

3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigate the Risk.pdf

M
Mahmoud Elmekawy

3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigate the Risk

Internet
1 of 6
Download to read offline
Sponsored by 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS— And how you can mitigate the risk
2 © 2022 IOFM, Diversified Communications. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic or mechanical, without prior written permission of the Institute of Finance & Management. Have you ever received an email from a vendor that was hacked? This is a common situation, particularly for accounts payable organizations that make large-dollar payments. The fraudster may have compromised the vendor’s email to secretly view correspondence about a particular transaction, then intervened prior to your payment run by emailing you from the vendor’s account and requesting a change to the banking information. They covered their tracks by deleting sent emails, setting up automatic forwarding rules and changing the phone number in the vendor’s email signature to intercept the call you’re likely to make to confirm the banking change. Now throw in the post-pandemic confusion about accepted procedures and security measures within AP, and the scammer has an even greater likelihood of successfully intercepting that large payment. How can you protect your organization from this and other frightening fraud scenarios? Finding a Payment Fraud Vulnerability Fraudsters thrive on disruption, which opens the door to process and technology vulnerabilities. That situation is now playing out across the country as businesses are looking to reopen their offices and move staff back in-house post-COVID. Many organizations are also looking at a hybrid workforce, with some employees working from the office and some working from home, or allowing flex schedules that only require staff to go into the office a few days a week. What that means is that fundamental AP processes like invoice receipt, processing and approvals will be in flux as all that gets sorted out. It also raises the question of whether the staff is working with standard-issue equipment or on personally-owned devices—and whether the right security measures are protecting all that different technology. Ever on the lookout for opportunities, you can bet that thieves and scammers will find new ways to exploit the situation. “The shift to in-office or hybrid policies is going to drive fraudsters to come up with new, imaginative schemes to try to defraud companies,” says Chris Gerda, Bottomline Technologies’ Risk and Fraud Prevention Officer. “We’re not used to working in the office after a year or more away, and if you think that’s not going to impact your security, think again.” A Case in Point Policies and procedures are important, of course, but it’s likely they all need to be rewritten at this point, if they haven’t been already. Of course, just having these measures in place isn’t enough to protect your organization—they must be followed rigorously. That requires training and oversight, something organizations have had little time or opportunity to do in the current chaotic business environment. It also requires flawless execution, not to mention considerable effort. All that is iffy, at best.For example, the town of Peterborough, NH recently lost $2.3 million after cybercriminals tricked a town employee into sending large payments to the wrong accounts. 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS —AND HOW YOU CAN MITIGATE THE RISK Fraudsters thrive on disruption, which opens the door to vulnerabilities. Policies and procedures alone won’t protect your business against fraud.
3 © 2022 IOFM, Diversified Communications. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic or mechanical, without prior written permission of the Institute of Finance & Management. 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS—AND HOW YOU CAN MITIGATE THE RISK How did it happen? An overseas fraudster impersonated an established high-value vendor and emailed the AP department with a change to banking information. This classic scam enables the thief to redirect payments to a personal account, withdraw the money, close the account and disappear. In this case, multiple emails were used to impersonate different individuals to gain credibility. The accounts payable coordinator changed the banking data without calling the vendor to confirm it. Peterborough town officials learned of the sophisticated fraud scheme when a vendor they sent payment to alerted them they did not receive their monthly transfer from the town. Officials said at that time they realized the town was the victim of business email compromise fraud. Peterborough’s finance department quickly tried to stop payment, but the funds had already left the town’s bank account. At the same time, their IT staff followed protocol for alerting the U.S. Secret Service and kicking- off investigations into the email-based payment fraud scheme. That’s the problem with relying on manual systems, policy compliance and the vigilance of employees. Human error, confusion and pure laxity can leave a business wide open to getting scammed. For this reason, effective fraud prevention in the current payment environment shouldn’t be left to manual processes and staff to enforce. It needs to be implemented through automation and digital authentication strategies instead. The Three Types of Payment Fraud Fraudsters generally employ one or more of these high- level tactics to scam AP organizations into making fraudulent payments: 1. Business email compromise (BEC) The scammers either gain access to your vendor’s email, send “spoof” emails, or even create web domains appearing to mimic the real business. What does this look like? Simply put, it’s when AP receives an email that appears to be from a vendor, instructing staff to make a last minute bank change before a payment is sent. These hacked emails come from the phishing attempts we consistently see, sent with the intention of obtaining user name and password information. Fraudsters will send a seemingly innocent email that states, “Corporate HR is asking all employees to re-validate their contact information as we move back to the office. Login with your credentials to confirm.” Gerda says, “Beware of anything that asks for credentials.” 2. Account takeovers If a scammer does obtain your login credentials through phishing or another method, this information can be used to log into your AP system, bank accounts, vendor management systems and emails in order to initiate and approve bogus payments, change banking information to misdirect payments, or even steal vendor banking information and other sensitive data. Keeping your vendors’ bank information in a secure, encrypted way is critical. 3. Imposter vendors Here, new vendors you’re in the process of onboarding are impersonated by a fraudster seeking to intercept the first payments—they use emails, phone numbers and names that are similar to vendors’ real information in order to impersonate them. If you have vendors who bid on public contracts, they are at particular risk, since fraudsters know exactly who to impersonate to obtain a payment in the new relationship. Keeping vendors’ banking information secure and encrypted is critical.
4 © 2022 IOFM, Diversified Communications. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic or mechanical, without prior written permission of the Institute of Finance & Management. 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS—AND HOW YOU CAN MITIGATE THE RISK Protecting Yourself As we’ve seen, fraudsters are highly creative—and determined—when it comes to detecting and exploiting your vulnerabilities. They’re enabled by the inadequate information analysis performed in the traditional vendor onboarding process. Here’s where a strong defender like Bottomline’s Paymode-X (PMX) can bring the digital verification expertise required to stop sophisticated fraud attempts in a modern and everchanging payables world. Paymode-X uses an online enrollment portal that includes multiple layers of security and bank-standard encryption methods for all banking information. Before adding records to the vendor master file, the solution thoroughly vets each supplier, and afterward, any changes to banking information are validated each time. A simple example of this is the way PMX reviews IP addresses for aberrations and geolocation proximity, and bounces them against a robust blacklist of known bad IP locations. Paymode-X employs a defense-in-depth strategy, where no basket ever contains all the eggs, by using different types of multi-factor authentication, combined with sophisticated behavioral analytics to help keep your information safe. It does this by using a blend of critical digital information, enhanced with additional data sources designed to detect red flags that reveal that the business is not who they say they are. For example, communication coming from a pre-paid “burner” phone being used as a contact number for a new vendor that purports to be a large corporation is an obvious indicator of payment fraud. Leading payment solutions also utilize “device fingerprinting.” An application like Paymode-X learns about known devices, from phones to computers—so it can recognize them before allowing a bank account update or change to contact information from those sources. Changes coming from known devices are less risky than those coming from unknown sources, which require additional validation. Paymode-X also performs ongoing OFAC checks, which is a cornerstone of any company’s good payables program; this ensures you aren’t doing business with prohibited entities and countries. Doing so can result in significant fines and penalties—which in recent years have been levied against corporations who have their own independent responsibilities to verify their vendors. The Power of Secure Cloud Technology A major advantage of using a cloud-based solution like Paymode-X is that it’s available on any internet-connected device. That means that work-from-home staff, office users and people on the road can all use the application from their devices—desktops, laptops, tablets and phones. If approvers are traveling, they are still able to approve invoices from their mobile devices, keeping the payments flowing and the vendors happy. That also means that no matter where AP staff or approvers are working and on what device, their activity is protected by comprehensive cybersecurity. This is particularly important now when staff is in a state of transition, because whether they remain remote, go back to the office full-time, or transition to a hybrid home/office working arrangement, that security is needed. All payment activity should be protected by comprehensive cybersecurity. Fraudsters are highly creative and determined to exploit your vulnerabilities. Leading payment solutions use “device fingerprinting” to verify legitimate transactions.
5 © 2022 IOFM, Diversified Communications. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic or mechanical, without prior written permission of the Institute of Finance & Management. 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS—AND HOW YOU CAN MITIGATE THE RISK How’s that working? Let the numbers tell the story. Paymode-X holds an authenticated network of over 450,000 vendors being paid by some of the largest corporate and government entities in the U.S. Combined, they make over $250 billion in payments annually, and over the past three rolling years, PMX has been successful in maintaining a network free of fraudulent payments, while blocking a significant number of attempts—attempts that would have led to fraudulent payments ranging in the thousands to many millions of dollars. As further validation, Paymode-X is the preferred B2B payments network of seven of the largest banks in the U.S. Fraudsters look for weak links and soft targets—and are increasingly skilled “social engineers,” preying on unsuspecting staff who may be too busy to notice something that looks reasonably convincing on the surface. Fraudsters are also making technology advances that make them harder to spot, even with sound policies in place; therefore flexible, proactive digital authentication must be part of a modern payments strategy. Managing payables with an automated AP solution like Paymode-X strips away the tactics that enables thieves to be successful. Gerda says, “The most efficient way to send a payment is securely through networks where fraud prevention is first and foremost in all design. As payments modernize and become faster, authenticated supplier networks and digital security tools are the key pillars to make speed safe in a changing fraud landscape.” Fraudsters are increasingly sophisticated and harder to spot. Payment efficiency depends on designed-in fraud prevention.
6 © 2022 IOFM, Diversified Communications. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic or mechanical, without prior written permission of the Institute of Finance & Management. 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS—AND HOW YOU CAN MITIGATE THE RISK About Bottomline Bottomline is at the forefront of making complex business payments simple, smart and secure. We help over 600,000 companies in 92 countries around the world by automating and securing core accounts payable and accounts receivable processes through solutions including Bottomline’s Paymode-X. At our core we share ideas, innovate and support each other personally and professionally. Doing the right thing, working with and for one another, and innovating constantly are our guiding principles, which help us achieve our common goals of exceeding expectations and delighting customers. Learn more at www.bottomline.com About the Institute of Finance & Management Accounting and finance professions have each undergone nothing short of a complete transformation since the Institute of Finance and Management (IOFM) was founded in 1982 and since then our mission has been, and continues to be, to align the resources, events, certifications, and networking opportunities we offer with what companies need from the accounting and finance functions to deliver market leadership. IOFM empowers accounting and finance professionals to maximize the strategic value they offer their employers. Our enduring commitment to serving the accounting and finance professions is unmatched. IOFM has certified over 25,000 accounting and finance professionals and serves several thousand conference and webinar attendees each year. IOFM is proud to be recognized as the leading organization in providing training, education and certification programs specifically for professionals in accounts payable, procure-to-pay, accounts receivable and order-to-cash, as well as key tax and compliance resources for global and shared services professionals, controllers, and their finance and administration (F&A) teams. Learn more at www.IOFM.com

Recommended

Fraud Awareness Guide for Businesses
Fraud Awareness Guide for BusinessesFraud Awareness Guide for Businesses
Fraud Awareness Guide for BusinessesShred Station
 
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfHow to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfBhekumuzi Xaba
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdfMerchantech - Payment Processing Services
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptxdarrengracia
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft- Mark - Fullbright
 
Business Email Compromise: A Symptom Not A Cause.pdf
Business Email Compromise: A Symptom Not A Cause.pdfBusiness Email Compromise: A Symptom Not A Cause.pdf
Business Email Compromise: A Symptom Not A Cause.pdfNiloufer Tamboly
 
DRAFT 2 RP.docx
DRAFT 2 RP.docxDRAFT 2 RP.docx
DRAFT 2 RP.docxDharmendraMedatwal
 
Credit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptxCredit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptxBoston Institute of Analytics
 

Recommended

Fraud Awareness Guide for Businesses
Fraud Awareness Guide for BusinessesFraud Awareness Guide for Businesses
Fraud Awareness Guide for BusinessesShred Station
 
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfHow to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfBhekumuzi Xaba
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdfMerchantech - Payment Processing Services
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptxdarrengracia
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft- Mark - Fullbright
 
Business Email Compromise: A Symptom Not A Cause.pdf
Business Email Compromise: A Symptom Not A Cause.pdfBusiness Email Compromise: A Symptom Not A Cause.pdf
Business Email Compromise: A Symptom Not A Cause.pdfNiloufer Tamboly
 
DRAFT 2 RP.docx
DRAFT 2 RP.docxDRAFT 2 RP.docx
DRAFT 2 RP.docxDharmendraMedatwal
 
Credit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptxCredit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptxBoston Institute of Analytics
 
Identity Theft Information for Businesses
Identity Theft Information for BusinessesIdentity Theft Information for Businesses
Identity Theft Information for BusinessesTri-State Better Business Bureau
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Fraud management - eCommerce fraud explained
Fraud management - eCommerce fraud explainedFraud management - eCommerce fraud explained
Fraud management - eCommerce fraud explainedAaronSmith41007
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...
CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...
CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...CXO 2.0 Conference
 
Online Fraud Detection- A Review
Online Fraud Detection- A ReviewOnline Fraud Detection- A Review
Online Fraud Detection- A ReviewIRJET Journal
 
Fraud Prevention Guide
Fraud Prevention GuideFraud Prevention Guide
Fraud Prevention Guidecatherinecattles
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachCBIZ Risk & Advisory Services
 
How Kyriba Helps Protect You From Payments Fraud
How Kyriba Helps Protect You From Payments FraudHow Kyriba Helps Protect You From Payments Fraud
How Kyriba Helps Protect You From Payments FraudKyriba Corporation
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentationmbachnak
 
Cyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools TacticsCyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?tommy2tone44
 
Ultimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptxUltimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptxFTx Identity
 
FraudNet PowerPoint
FraudNet PowerPointFraudNet PowerPoint
FraudNet PowerPointcuanswers
 
Be prepared to deal with fraud for web
Be prepared to deal with fraud for webBe prepared to deal with fraud for web
Be prepared to deal with fraud for webKatie Farrow
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authenticationJack Forbes
 
How Organisation Can Fight Scam | CIO Advisor Apac
How Organisation Can Fight Scam | CIO Advisor Apac How Organisation Can Fight Scam | CIO Advisor Apac
How Organisation Can Fight Scam | CIO Advisor Apac JackMathew4
 
CRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfCRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfssuser7464571
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftAppsian
 
Protecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH FraudProtecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH FraudFraudBusters
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 

More Related Content

Similar to 3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigate the Risk.pdf

Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Fraud management - eCommerce fraud explained
Fraud management - eCommerce fraud explainedFraud management - eCommerce fraud explained
Fraud management - eCommerce fraud explainedAaronSmith41007
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...
CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...
CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...CXO 2.0 Conference
 
Online Fraud Detection- A Review
Online Fraud Detection- A ReviewOnline Fraud Detection- A Review
Online Fraud Detection- A ReviewIRJET Journal
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachCBIZ Risk & Advisory Services
 
How Kyriba Helps Protect You From Payments Fraud
How Kyriba Helps Protect You From Payments FraudHow Kyriba Helps Protect You From Payments Fraud
How Kyriba Helps Protect You From Payments FraudKyriba Corporation
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentationmbachnak
 
Cyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools TacticsCyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?tommy2tone44
 
Ultimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptxUltimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptxFTx Identity
 
FraudNet PowerPoint
FraudNet PowerPointFraudNet PowerPoint
FraudNet PowerPointcuanswers
 
Be prepared to deal with fraud for web
Be prepared to deal with fraud for webBe prepared to deal with fraud for web
Be prepared to deal with fraud for webKatie Farrow
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authenticationJack Forbes
 
How Organisation Can Fight Scam | CIO Advisor Apac
How Organisation Can Fight Scam | CIO Advisor Apac How Organisation Can Fight Scam | CIO Advisor Apac
How Organisation Can Fight Scam | CIO Advisor Apac JackMathew4
 
CRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfCRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfssuser7464571
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftAppsian
 
Protecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH FraudProtecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH FraudFraudBusters
 

Similar to 3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigate the Risk.pdf (20)

Identity Theft Information for Businesses
Identity Theft Information for BusinessesIdentity Theft Information for Businesses
Identity Theft Information for Businesses
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
 
Fraud management - eCommerce fraud explained
Fraud management - eCommerce fraud explainedFraud management - eCommerce fraud explained
Fraud management - eCommerce fraud explained
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...
CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...
CXO 2.0 Reviews Common Scams Targeting Growing Businesses & Legit Prevention ...
 
Online Fraud Detection- A Review
Online Fraud Detection- A ReviewOnline Fraud Detection- A Review
Online Fraud Detection- A Review
 
Fraud Prevention Guide
Fraud Prevention GuideFraud Prevention Guide
Fraud Prevention Guide
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
 
How Kyriba Helps Protect You From Payments Fraud
How Kyriba Helps Protect You From Payments FraudHow Kyriba Helps Protect You From Payments Fraud
How Kyriba Helps Protect You From Payments Fraud
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
 
Cyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools TacticsCyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools Tactics
 
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?
 
Ultimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptxUltimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptx
 
FraudNet PowerPoint
FraudNet PowerPointFraudNet PowerPoint
FraudNet PowerPoint
 
Be prepared to deal with fraud for web
Be prepared to deal with fraud for webBe prepared to deal with fraud for web
Be prepared to deal with fraud for web
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authentication
 
How Organisation Can Fight Scam | CIO Advisor Apac
How Organisation Can Fight Scam | CIO Advisor Apac How Organisation Can Fight Scam | CIO Advisor Apac
How Organisation Can Fight Scam | CIO Advisor Apac
 
CRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfCRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdf
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit Theft
 
Protecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH FraudProtecting Your Organization Against Check and ACH Fraud
Protecting Your Organization Against Check and ACH Fraud
 

Recently uploaded

Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 

Recently uploaded (20)

Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 

3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigate the Risk.pdf

  • 1. Sponsored by 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS— And how you can mitigate the risk
  • 2. 2 © 2022 IOFM, Diversified Communications. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic or mechanical, without prior written permission of the Institute of Finance & Management. Have you ever received an email from a vendor that was hacked? This is a common situation, particularly for accounts payable organizations that make large-dollar payments. The fraudster may have compromised the vendor’s email to secretly view correspondence about a particular transaction, then intervened prior to your payment run by emailing you from the vendor’s account and requesting a change to the banking information. They covered their tracks by deleting sent emails, setting up automatic forwarding rules and changing the phone number in the vendor’s email signature to intercept the call you’re likely to make to confirm the banking change. Now throw in the post-pandemic confusion about accepted procedures and security measures within AP, and the scammer has an even greater likelihood of successfully intercepting that large payment. How can you protect your organization from this and other frightening fraud scenarios? Finding a Payment Fraud Vulnerability Fraudsters thrive on disruption, which opens the door to process and technology vulnerabilities. That situation is now playing out across the country as businesses are looking to reopen their offices and move staff back in-house post-COVID. Many organizations are also looking at a hybrid workforce, with some employees working from the office and some working from home, or allowing flex schedules that only require staff to go into the office a few days a week. What that means is that fundamental AP processes like invoice receipt, processing and approvals will be in flux as all that gets sorted out. It also raises the question of whether the staff is working with standard-issue equipment or on personally-owned devices—and whether the right security measures are protecting all that different technology. Ever on the lookout for opportunities, you can bet that thieves and scammers will find new ways to exploit the situation. “The shift to in-office or hybrid policies is going to drive fraudsters to come up with new, imaginative schemes to try to defraud companies,” says Chris Gerda, Bottomline Technologies’ Risk and Fraud Prevention Officer. “We’re not used to working in the office after a year or more away, and if you think that’s not going to impact your security, think again.” A Case in Point Policies and procedures are important, of course, but it’s likely they all need to be rewritten at this point, if they haven’t been already. Of course, just having these measures in place isn’t enough to protect your organization—they must be followed rigorously. That requires training and oversight, something organizations have had little time or opportunity to do in the current chaotic business environment. It also requires flawless execution, not to mention considerable effort. All that is iffy, at best.For example, the town of Peterborough, NH recently lost $2.3 million after cybercriminals tricked a town employee into sending large payments to the wrong accounts. 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS —AND HOW YOU CAN MITIGATE THE RISK Fraudsters thrive on disruption, which opens the door to vulnerabilities. Policies and procedures alone won’t protect your business against fraud.
  • 3. 3 © 2022 IOFM, Diversified Communications. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic or mechanical, without prior written permission of the Institute of Finance & Management. 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS—AND HOW YOU CAN MITIGATE THE RISK How did it happen? An overseas fraudster impersonated an established high-value vendor and emailed the AP department with a change to banking information. This classic scam enables the thief to redirect payments to a personal account, withdraw the money, close the account and disappear. In this case, multiple emails were used to impersonate different individuals to gain credibility. The accounts payable coordinator changed the banking data without calling the vendor to confirm it. Peterborough town officials learned of the sophisticated fraud scheme when a vendor they sent payment to alerted them they did not receive their monthly transfer from the town. Officials said at that time they realized the town was the victim of business email compromise fraud. Peterborough’s finance department quickly tried to stop payment, but the funds had already left the town’s bank account. At the same time, their IT staff followed protocol for alerting the U.S. Secret Service and kicking- off investigations into the email-based payment fraud scheme. That’s the problem with relying on manual systems, policy compliance and the vigilance of employees. Human error, confusion and pure laxity can leave a business wide open to getting scammed. For this reason, effective fraud prevention in the current payment environment shouldn’t be left to manual processes and staff to enforce. It needs to be implemented through automation and digital authentication strategies instead. The Three Types of Payment Fraud Fraudsters generally employ one or more of these high- level tactics to scam AP organizations into making fraudulent payments: 1. Business email compromise (BEC) The scammers either gain access to your vendor’s email, send “spoof” emails, or even create web domains appearing to mimic the real business. What does this look like? Simply put, it’s when AP receives an email that appears to be from a vendor, instructing staff to make a last minute bank change before a payment is sent. These hacked emails come from the phishing attempts we consistently see, sent with the intention of obtaining user name and password information. Fraudsters will send a seemingly innocent email that states, “Corporate HR is asking all employees to re-validate their contact information as we move back to the office. Login with your credentials to confirm.” Gerda says, “Beware of anything that asks for credentials.” 2. Account takeovers If a scammer does obtain your login credentials through phishing or another method, this information can be used to log into your AP system, bank accounts, vendor management systems and emails in order to initiate and approve bogus payments, change banking information to misdirect payments, or even steal vendor banking information and other sensitive data. Keeping your vendors’ bank information in a secure, encrypted way is critical. 3. Imposter vendors Here, new vendors you’re in the process of onboarding are impersonated by a fraudster seeking to intercept the first payments—they use emails, phone numbers and names that are similar to vendors’ real information in order to impersonate them. If you have vendors who bid on public contracts, they are at particular risk, since fraudsters know exactly who to impersonate to obtain a payment in the new relationship. Keeping vendors’ banking information secure and encrypted is critical.
  • 4. 4 © 2022 IOFM, Diversified Communications. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic or mechanical, without prior written permission of the Institute of Finance & Management. 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS—AND HOW YOU CAN MITIGATE THE RISK Protecting Yourself As we’ve seen, fraudsters are highly creative—and determined—when it comes to detecting and exploiting your vulnerabilities. They’re enabled by the inadequate information analysis performed in the traditional vendor onboarding process. Here’s where a strong defender like Bottomline’s Paymode-X (PMX) can bring the digital verification expertise required to stop sophisticated fraud attempts in a modern and everchanging payables world. Paymode-X uses an online enrollment portal that includes multiple layers of security and bank-standard encryption methods for all banking information. Before adding records to the vendor master file, the solution thoroughly vets each supplier, and afterward, any changes to banking information are validated each time. A simple example of this is the way PMX reviews IP addresses for aberrations and geolocation proximity, and bounces them against a robust blacklist of known bad IP locations. Paymode-X employs a defense-in-depth strategy, where no basket ever contains all the eggs, by using different types of multi-factor authentication, combined with sophisticated behavioral analytics to help keep your information safe. It does this by using a blend of critical digital information, enhanced with additional data sources designed to detect red flags that reveal that the business is not who they say they are. For example, communication coming from a pre-paid “burner” phone being used as a contact number for a new vendor that purports to be a large corporation is an obvious indicator of payment fraud. Leading payment solutions also utilize “device fingerprinting.” An application like Paymode-X learns about known devices, from phones to computers—so it can recognize them before allowing a bank account update or change to contact information from those sources. Changes coming from known devices are less risky than those coming from unknown sources, which require additional validation. Paymode-X also performs ongoing OFAC checks, which is a cornerstone of any company’s good payables program; this ensures you aren’t doing business with prohibited entities and countries. Doing so can result in significant fines and penalties—which in recent years have been levied against corporations who have their own independent responsibilities to verify their vendors. The Power of Secure Cloud Technology A major advantage of using a cloud-based solution like Paymode-X is that it’s available on any internet-connected device. That means that work-from-home staff, office users and people on the road can all use the application from their devices—desktops, laptops, tablets and phones. If approvers are traveling, they are still able to approve invoices from their mobile devices, keeping the payments flowing and the vendors happy. That also means that no matter where AP staff or approvers are working and on what device, their activity is protected by comprehensive cybersecurity. This is particularly important now when staff is in a state of transition, because whether they remain remote, go back to the office full-time, or transition to a hybrid home/office working arrangement, that security is needed. All payment activity should be protected by comprehensive cybersecurity. Fraudsters are highly creative and determined to exploit your vulnerabilities. Leading payment solutions use “device fingerprinting” to verify legitimate transactions.
  • 5. 5 © 2022 IOFM, Diversified Communications. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic or mechanical, without prior written permission of the Institute of Finance & Management. 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS—AND HOW YOU CAN MITIGATE THE RISK How’s that working? Let the numbers tell the story. Paymode-X holds an authenticated network of over 450,000 vendors being paid by some of the largest corporate and government entities in the U.S. Combined, they make over $250 billion in payments annually, and over the past three rolling years, PMX has been successful in maintaining a network free of fraudulent payments, while blocking a significant number of attempts—attempts that would have led to fraudulent payments ranging in the thousands to many millions of dollars. As further validation, Paymode-X is the preferred B2B payments network of seven of the largest banks in the U.S. Fraudsters look for weak links and soft targets—and are increasingly skilled “social engineers,” preying on unsuspecting staff who may be too busy to notice something that looks reasonably convincing on the surface. Fraudsters are also making technology advances that make them harder to spot, even with sound policies in place; therefore flexible, proactive digital authentication must be part of a modern payments strategy. Managing payables with an automated AP solution like Paymode-X strips away the tactics that enables thieves to be successful. Gerda says, “The most efficient way to send a payment is securely through networks where fraud prevention is first and foremost in all design. As payments modernize and become faster, authenticated supplier networks and digital security tools are the key pillars to make speed safe in a changing fraud landscape.” Fraudsters are increasingly sophisticated and harder to spot. Payment efficiency depends on designed-in fraud prevention.
  • 6. 6 © 2022 IOFM, Diversified Communications. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic or mechanical, without prior written permission of the Institute of Finance & Management. 3 WAYS FRAUDSTERS COMPROMISE AP SECURITY AND CONTROLS—AND HOW YOU CAN MITIGATE THE RISK About Bottomline Bottomline is at the forefront of making complex business payments simple, smart and secure. We help over 600,000 companies in 92 countries around the world by automating and securing core accounts payable and accounts receivable processes through solutions including Bottomline’s Paymode-X. At our core we share ideas, innovate and support each other personally and professionally. Doing the right thing, working with and for one another, and innovating constantly are our guiding principles, which help us achieve our common goals of exceeding expectations and delighting customers. Learn more at www.bottomline.com About the Institute of Finance & Management Accounting and finance professions have each undergone nothing short of a complete transformation since the Institute of Finance and Management (IOFM) was founded in 1982 and since then our mission has been, and continues to be, to align the resources, events, certifications, and networking opportunities we offer with what companies need from the accounting and finance functions to deliver market leadership. IOFM empowers accounting and finance professionals to maximize the strategic value they offer their employers. Our enduring commitment to serving the accounting and finance professions is unmatched. IOFM has certified over 25,000 accounting and finance professionals and serves several thousand conference and webinar attendees each year. IOFM is proud to be recognized as the leading organization in providing training, education and certification programs specifically for professionals in accounts payable, procure-to-pay, accounts receivable and order-to-cash, as well as key tax and compliance resources for global and shared services professionals, controllers, and their finance and administration (F&A) teams. Learn more at www.IOFM.com