—
B2B payments fraud is a major problem affecting businesses of all kinds — including institutions of higher education, according to Pablo Molina, former chief information officer and vice president of IT at Georgetown University and current chief information security officer at Drexel University. Bad actors are continually seeking both money and data, as fraudsters can abuse confidential information for extortion or for sale on the dark web.
Companies are using a range of mechanisms to protect themselves, from mandatory security awareness training for all employees to anti-spam filters, which are effective, but not 100%. Molina revealed that fraudsters can be quite sophisticated, creating deepfakes to convince employees to share data or even diverting phone calls to confirm “legitimate” payments, creating fake invoices and payment platforms that look exactly like the originals, but with payments being diverted to other accounts. He said that this happened to his institution on more than one occasion.
“We had problems [in which] fraudsters accessed our employees’ accounts and started getting information from these accounts. Luckily, we were able to detect it at the 11th hour, and we didn’t lose money in these incidents,” he recounted. “But despite our best internal efforts to halt this fraud, it was thanks to our financial institutions that flagged the transactions as suspicious [that] we were able to investigate the incidents further.”
Molina added that the cost of B2B payments fraud includes not only the money but also the reputational damage to the institution, which can have a lasting impact.
“In our institution, we run cybersecurity training programs, and even if these incidents have nothing to do with the academic programs, people could think, ‘How can you teach cybersecurity programs when you don’t know how to protect your own institution?’”
How do institutions — of higher learning or otherwise — protect themselves? Molina said the key strategy is to manage the risk.
“You have to either reduce [the risk] or accept it. As B2B payments fraud is a problem for which we don’t have accurate data and incidents are underreported, we don’t know how much risk is out there, so companies are designing [interventions according to] the level of risk they want to accept.”
An example of how companies are doing this is by introducing new policies or training programs to keep employees on high alert for the potential for fraud. One of the most effective ways to protect against these attacks, however, is to invest in financial technology that protects not only the data entering the system but also the data at rest and the data used for outgoing payments.
“The more technology we can provide our employees to [help them] do the right thing, the less likely it is [they will] fall into these scams,” he concluded.