Fraud alarms continue to sound louder as the coronavirus crisis presses on. For corporates, the threat has evolved in a variety of ways, from attackers taking advantage of pandemic-related uncertainty as well as ongoing remote working requirements.
It’s a particularly large opportunity for malicious actors using tactics like the business email compromise (BEC) scam, in which an attacker poses as a legitimate executive or supplier to request a transaction from the accounting or accounts payable (AP) department. Perhaps not shockingly, the risk of this attack becoming successful has grown: After all, validating a request to make a payment or change bank account details is no longer as simple as asking a coworker down the hall whether that request was legitimate.
“Across the board, we’ve seen fraud go up,” said Ted Kirk, vice president of strategic partnerships at Advanced Fraud Solutions, in a recent interview with PYMNTS, pointing to other factors like unemployment and economic uncertainty, which have created new motivations for potential bad actors to target company coffers.
While the BEC scam has been a mainstay on cybersecurity professionals’ priority lists for years, there remains a lack of clarity over the best way to combat the issue. As Kirk explained, there are opportunities for the business and financial ecosystem to collaborate to tackle fraud, even as the threat evolves.
Sharing The Burden
With the complexities of B2B payment workflows, it’s not always clear who carries the burden of preventing fraud. To some, it’s the responsibility of accounting and AP departments to deploy strategies and checks that verify any changes to account details, payment amounts or transaction requests. Others argue that it should be a company’s bank that carries that weight.
“A lot of businesses are looking to their financial institutions to help them,” explained Kirk, noting that in instances of check and ACH fraud, it’s often up to the bank itself to ensure that any funds credited to another account are going to a legitimate destination. But there is an opportunity to strengthen the fight against B2B payments fraud through collaboration. It’s a concept behind Advanced Fraud Solution’s new tool, Positive Pay, which aims to promote collaboration between finance teams and their banks.
The platform enables corporates to upload information to their banks regarding consistent and relatively predictable transactions they make every month, giving pre-authorization for that bank to complete those payments. Things like payroll, or monthly payments to a supplier, can be pre-approved, while any changes in bank account details or transaction amounts can initiate an alert to a business and notify them of any unexpected changes — alterations that could signal fraud.
As Kirk noted, it’s a way to be proactive against B2B payments fraud. “It gives the business accountholder more control over what funds are disbursed before it happens, as opposed to just seeing that unauthorized charge come across when funds have already left their account, and now they’re scrambling to try to get the money back.”
Rolling With Market Shifts
The ability for organizations and their banks to prevent fraudulent charges before they occur will continue to grow in importance as the payment landscape evolves and transactions accelerate toward real-time. With instant payments, the window of opportunity to claw back funds before they’ve settled into the beneficiary’s account is significantly smaller, which means collaborating with banks and sharing data about which payment beneficiaries and transaction values are approved can go a long way toward addressing this pain point.
The volume of transactions that might qualify for preapproval is on the rise, too, as the subscription-based economy digs further into the B2B landscape. Today, corporates can ensure predictable and consistent payments on a weekly or monthly basis to pay for everything from hiring services to digital communication tools, and any change in those recurring transactions could be an easily spotted (and prevented) red flag.
But there are other ways in which the B2B payments landscape is evolving that could add new challenges to combating fraud. In addition to faster payments, businesses are also embracing suppliers that bill on a usage-based model, creating less predictability in how much a charge will be. Kirk also acknowledged that there are often ad-hoc purchases — one-off transactions with unfamiliar vendors that cannot necessarily be preauthorized with a bank.
Still, through collaboration and data sharing, he said, there will be greater transparency within the B2B payments ecosystem that can strengthen the ongoing battle against fraudsters. “Overall, we are fully in support of the idea of financial institutions collaborating with each other, and creating an open banking ecosystem in which there is more transparency,” said Kirk. “Then, it’s a lot harder for fraudsters to take advantage of asymmetric information.”