How Kyriba Helps Protect You From Payments Fraud

How Kyriba Helps Protect
You From Payment Fraud
Xavier Audibert, Lead Product Architect
Bob Stark, VP Strategy

Payments Fraud is on the rise
Source: AFP Payment Fraud Report 2017
Did Number of
Fraud Incidents
Increase Since
Last Year?
Organizations seeing
more Attempted
and/or Actual
Payments Fraud

Source: 2016 – 2017 AFP Payments Fraud and Control Survey, Association for Financial Professionals
5%
4%
3%
6%
9%
6%
4%
11%
53%
0% 10% 20% 30% 40% 50% 60%
Over $2,000,000
$1,000,000 - $1,999,999
$500,000 - $999,999
$250,000 - $499,999
$100,000 - $249,999
$50,000 - $99,999
$25,000 - $49,999
Up to $24,999
No Loss
2015 - 2016
More at risk than we think
How much was targeted?

Do we know where fraud is coming from?
BEC schemes
Organized
Crime
Account
Takeover
Outsourced
3rd party
Internal
Compromised
mobile
Lost laptop
Source of Fraud
Attempts
(AFP 2017)
Forrester study
says this is 40%
for all types of
fraud

5%
8%
12%
15%
27%
37%
37%
46%
74%
0% 10% 20% 30% 40% 50% 60% 70% 80%
How treasury protects themselves (Uh Oh  )
Perform daily reconciliations
Stronger login authentication
Secure disaster recovery
Restrict access to company network
Payments only on company laptop
Restrict network access by mobile devices
Dedicate a PC for payment origination
Implement SWIFT
Other
Source: AFP Payment Fraud Report 2017

PREVENTION is the first line of Defense
1. Prevent fraudsters from taking over
user accounts and stealing data
2. Prevent the fraudsters who are in your
system from releasing transactions!

1. Protect Your System from Fraudsters
Fraudsters
attempt to
access your
application
Client Site 1
IP Filtering
Users can log in only if
their device uses a
registered IP address
Client Site 2
IP Filtering
Users on the go, at home… Two Factor
Authentication (2FA)
SMS or USB key required
as second factor of
authentication
Single Sign On (SSO)
Use your corporate
credentials to log in
Kyriba
IP Filtering
SSO
Two Factor Authentication

You can combine methods to further strengthen security
SSO IP Filtering 2FA
1. Protect Your System from Fraudsters

2. Protect Your Data from Fraudsters
What Kyriba does for you
 Encryption of data - in transit and at rest
 Secure hosting within state-of-the-art data
centers
 Segregation of data and networks
 3rd party risk assessments / penetration testing
 Security Incident Event Management (SIEM)

3. Payment Controls…Controls…Controls
Dual Administration
Of changes in master data, business rules
Notifications
Of changes in sensitive master data
Dual Factor Approval
Of payment transactions, batches, files
Electronic Signature
Of payment files (3SKey certificates)
Standardize
Controls across payment systems, users, geographies

3. Payment approval – additional security
Can use 2 Factor Authentication for internal Approvals of:
 Payment transactions
 Payment batches
 Payment files

4. Payment Screening
Screening against
blacklists (OFAC…) is
a Compliance
requirement
Fraud screening is
a Security
requirement
Fraudsters are not blacklisted: Sanction
list screening does not protect you
from Fraud!

You need a 2nd line of defense to detect
Suspicious Payments & Behaviors
Manually entered
payments
ERP files to route
to banks
Treasury
payments
Payments
imported from
ERPs
Alert!

Key to payment screening is to create rules that
align with your Payment policy
Payment Policy Screening Rule
1. Payments should only go to approved
suppliers in approved countries
All payments to non-approved countries
must be stopped
2. Payments initiated by A/P within the ERP
are only approved or rejected by treasury
Any payments that are modified after
import must be stopped
3. Single or multiple payments to same
beneficiary must not exceed a specified
limit
Hold for review any payments that
cumulatively exceed specified limit per
day/week/month
4. All payments to a newly modified bank
account must be reviewed by Treasurer
First payment to a new or modified bank
account must be held for review

Challenges when complying with payment policies
1. Screen large data volumes
2. Screen data before fraud completes
3. Block suspicious payments &
Assign alerts to appropriate teams
4. Segregate who can view & resolve Alerts:
per company, account, transaction code…
5. Monitor the status of Alerts
Automation!
Real-time!
Workflows!
Dashboards & KPIs!
Integration with
existing Access rights!

Also critical to detect & monitor potential errors
The same ERP payment file may lead to alerts raised by
Compliance, Fraud, Errors…
Better to manage them all in one place, isn’t it?
Required
check type
Applied checkTransactions
in file
Payment 1
Compliance
checkThe beneficiary is blacklisted!
Payment 2
Fraud
detectionToo many payments to a vendor over the month!
Payment 3
Error
monitoringRejected payment due to unknown Budget code!

Unified Alert Management: consolidated view over all Alerts
across Fraud, Compliance, Errors
Control Center
module
Fraud Detection
module
Payment Screening
module
Suspicious Transactions Hits on Sanction
Lists
Processing Errors
NotificationsReal time Alerts KPIsResolution Workflow
Kyriba solutions that detect and resolve all types of
threats

4 Step Framework
1) Application security – more than UserID/Password
2) Data security – ensuring treasury data is safe
3) Payment controls – standardizing how payments
are initiated, approved, and transmitted
4) Payment screening
a) External sanctions lists
b) Internal payment policy/scenarios
c) Potential payment errors
Preventing Payment Fraud

How Kyriba Helps Protect You From Payments Fraud

Recommended

Recommended

More Related Content

What's hot

What's hot (16)

Similar to How Kyriba Helps Protect You From Payments Fraud

Similar to How Kyriba Helps Protect You From Payments Fraud (20)

More from Kyriba Corporation

More from Kyriba Corporation (20)

Recently uploaded

Recently uploaded (20)

How Kyriba Helps Protect You From Payments Fraud