Fighting B2B payments fraud starts with acknowledging that financial risk management starts from within.
A continuous audit and data validation has been shown to be a key ingredient in the fight against business payments fraud, as nsKnox Chief Operating Officer Nithai Barzam told PYMNTS in a recent conversation.
“Nobody wants to think that their finance or IT professionals or information security people who may have access to data can actually steal money from the company,” said Barzam. “But the statistics are mind boggling, right?”
According to the “B2B Payments Fraud Tracker,” from PYMNTS and nsKnox, proactive financial risk management helps companies thwart internal and external security threats. Data shows more than 70% of firms experienced fraud, with fraud against businesses rising by 134% in Q1 over 2021 levels. Negligent or malicious insiders are responsible for up to 57% of payment fraud. This uncomfortable fact can be hard to swallow for businesses dependent on employee trust.
“I talk to some finance professionals and they’ll tell me, ‘I trust my team, I trust my IT folks,’ said Barzam. “Unfortunately, there’s so many stories of others that have trusted (employees) and failed.” Barzam states that he recommends that his company’s clients “replace trusting that everything’s OK with verifying that everything is indeed OK.”
Segregation of Duties Not Enough to Maintain Data Security
Conventional wisdom recommends an old-school solution, such as segregating duties when handling sensitive data. However, this is not enough, Barzam said, as employees could be compromised separately or in tandem. Employees can cause significant harm at any point along the chain of custody when handling sensitive data and Barzam recommends a policy of “continuous validation” of data, using “automated processes to audit the entire master data set.”
This follows with PYMNTS findings. According to the B2B Payments Fraud Tracker, automated anti-fraud solutions can cut fraud losses in half for B2B marketplaces.
Retro Fraud Tactics Are Here to Stay — and Increasingly Effective
Age-old fraud tactics like social engineering are still highly effective, said Barzam, because of the human element. Fraudsters may trick workers into entering incorrect data by spoofing phone numbers or video calls. As many employees work remotely, the lack of direct oversight and an on-site team makes it easier for employees to make the wrong decisions concerning whom to trust. Barzam says about 30% of employees taking training courses on how to avoid social engineering compromise fail testing.
Companies are increasingly using the cloud to manage sensitive data and transactions, which has attracted fraudsters’ attention. One popular tactic used by criminals is after tricking or convincing an employee to interact with malicious software, criminals can use legitimate credentials to launch a cyberattack on a cloud solution. Upon gaining access to the cloud, fraudsters can manipulate account data and divert payments, just like they use ransomware to encrypt company data and demand payment.
How CCS Fights Modern B2B Payments Fraud
According to Barzam, adopting a cooperative cybersecurity (CCS) strategy is one way businesses can fight back against fraud. CCS is a distributed framework for securing sensitive data. “It’s designed to make sure that there’s no single point of failure,” said Barzam. “Instead of putting all your data in one location and maybe try to encrypt it or put fences around it — make it hard to get — you take the data, you shred it into meaningless pieces and you store each of these pieces in a different secured location.”
According to Barzam, that makes it harder for fraudsters to pinpoint the information they need to compromise critical systems, access such information or manipulate it.
Learn more about how companies are modernizing the fight against B2B payments fraud by downloading the report.