Even the best tech solutions may not help you prevent and detect fraud, if your basic security procedures are insufficient. Based on our experience helping world leading brands set up proper controls against payments fraud, we believe that payment security is a much broader topic than just fraud. Therefore, payment fraud prevention or detection can only be a meaningful exercise when it is an integral part of a company’s overall payment security strategy.
Fraudsters come up with new ideas to scam companies all the time. As digitalization transforms the way payments are being made, the risk for cybercrime also increases. Recently, companies have become prey to business email compromise attacks (BEC): Someone will impersonate a high-level manager and tell an employee that due to extraordinary circumstances they need to make a payment right then and there. As the name suggests, this is usually done via email, but fraudsters have become more creative. In some instances, a voice imitation software was used to convincingly fake a manager’s voice on the phone. Because of nefarious scams like this, it is important to raise awareness for security and fraud prevention among your employees.
However, fraud is not always an external threat. Often, fraud happens within a company. For big companies it can be a struggle to keep track of all payments that are made across their worldwide subsidiaries – especially, if they are made manually. Unfortunately, fraudulent payments made by employees are usually detected afterwards – if they are detected at all.
It is therefore important to build a payments security strategy that works on all levels. But what does that mean? Where should a company begin?
A good start is to make sure that you have a system where each step of a payment process is visible and well-documented. Remember: Transparency and visibility are the enemies of fraud. You should always have control of all your payments. Standardization of payment processes and workflows is one step closer to better visibility and control. This way, fraud can be stopped before it has even happened. The following three basic principles can lay the groundwork:
1. Segregation of duties
This is a no-brainer. When responsibilities are shared, people can keep an eye on each other. Ideally, every critical payments’ process should involve multiple people or even multiple departments. Suspicious transactions are spotted at once.
2. A single payments’ gateway
Even if your payments are not fully centralized, it is very helpful to have a single payments’ gate. Combined with value-added services such as validation, multi-step authorization and routing, payments can be managed end-to-end. Additionally, centralized data visibility supports internal controls and audit compliance and the monitoring of transactions becomes much easier.
3. Appropriate designation of signature authority
Multi-level approval processes need clearly defined designation of signature authorities. Make sure that your workflows are sufficient and flexible enough to accommodate your company’s needs.
The TIS corporate payments platform has designed many enablers and features for its cloud-based platform to support payment security. You can standardize and automate your payments processes, enforce segregation of duties, and manage signature authorities from wherever you are. TIS is ISO 27001 certified and TIS undergoes extensive external auditing each year to provide full scope SOC1 and SOC2 Type II reports to customers.
Learn more about how TIS can help your company manage payments’ and systems’ risk to tackle fraud in our latest factsheet.