Cybercrime is often considered a high-tech activity. We envision computer-savvy criminals behind screens using algorithms and code to hack into a corporate network and steal funds. And while this sort of technologically sophisticated crime is grabbing headlines, the enterprise remains at risk for less advanced fraud.
A new report from Strategic Treasurer and Bottomline Technologies uncovered some of the patterns underneath fraud attacks on corporate treasuries. Payments fraud is nothing new, but with recent incidents highlighting criminal hackers' ability to infiltrate major financial institutions and corporations — and successfully walk away with the cash — treasurers are being forced to step up their enterprise security game.
One in four executives surveyed by the companies said that they had experienced a financial loss due to fraud.
Perhaps more surprising, however, is that these attacks often emerge in the form of check and wire fraud — not the hypertechnical cyberhacks that make the news.
Check And Wire Fraud
Check fraud is nearly as old as the paper check itself. According to Strategic Treasurer and Bottomline, check-heavy markets like the United States are especially prone to the crime. The losses that are linked to check fraud, luckily, are relatively low, averaging between $1,000 and $2,000 for an enterprise.
Check fraud, while having a minimal financial impact on a target, is among the most common types of payments fraud experienced by the enterprise. According to the report, 39 percent of businesses surveyed said they had been the target of attempted check fraud — more than wire fraud, ACH fraud or check conversion fraud.
Wire fraud, while at a similar level of criminal sophistication to check fraud, has emerged as a far greater financial threat to the enterprise, researchers said.
Data from the Federal Bureau of Investigation revealed that the average payout for a wire fraudster is about $130,000. This crime also experiences a higher success rate than check fraud.
The survey revealed that 77 percent of companies had been hit with an attempt at wire fraud in the last two years; 10 percent of them said they experienced a financial loss due to the crime.
Wire fraud includes so-called imposter fraud, in which a criminal poses as a legitimate corporate executive and requests via email a wire transfer.
For Strategic Treasurer Managing Partner Craig Jeffery, the data reveals how pervasive these crimes can be.
"This survey clearly demonstrates the seriousness and reach of the growing payment fraud issue," he stated. "For attackers, crime is paying off, and the lack of protection surrounding their targets has brought about an escalation in their assault."
The Usual Suspects
Who are these attackers? Just as some of the most common and most financially damaging types of fraud are often those that aren't the most technologically advanced, often the sources of these crimes are so obvious that corporations might overlook them.
Strategic Treasurer and Bottomline found that more than one-third of businesses identified either current or former employees as the source of fraudulent activity. For these businesses, a lack of employee screening dealt a major blow to the corporation's overall protection. Researchers found that 12 percent of employees are not faced with a background check.
Further, more than half of temporary workers aren't screened, and a whopping 69 percent of contractors pass by without background checks.
Back To Basics
The fraudulent activity hitting enterprises may not be the most technologically sophisticated and the fraudsters may not be professional criminals or computer geniuses, but that doesn't mean the corporation can endure without proper security measures, Strategic Treasurer and Bottomline noted.
More than half of the businesses they surveyed said they have no control framework to safeguard the enterprise. That means no security measures within the treasury department or at the corporate level.
"Given what we have seen with regard to fraud over the past few years, this is deeply disturbing," the authors stated.
The research found that, often, businesses rely on their banks to monitor and identify fraudsters and their crimes. On a positive note, banking technology has given businesses a deeper view of their finances. The report found that 45 percent of companies said they reconcile at least 90 percent of their bank accounts every day; 70 percent said they can see at least 90 percent of their bank account balances and activity every day. And most noted that their firms have an Anti-Bribery/Corruption policy in place.
The accounts payable department emerged as the most common target for businesses when investing in anti-fraud measures. But according to Bottomline VP of Business Solutions Gareth Priest, while the fraud may not seem complex, businesses need to advance their payments security efforts to greater levels.
"A 'band aid' approach isn't a viable fraud protection model," the executive said in a statement. "Companies need to have the right mindset when it comes to fraud protection. It's recognizing that you will have to make changes, developing a global strategy, and then making the right investments; an ad-hoc approach will not provide the protection needed."