The latest, flashiest cybersecurity technologies won’t necessarily protect you when an employee clicks a malicious link or falls for a Business Email Compromise scam. Rick Burke, head of corporate products and services at TD Bank, said now that cybercrime awareness is at new highs among corporate professionals, businesses will need to do more than throw resources at technology to combat the problem.
“There are a number of things that don’t require technology investments or more people,” he recently told PYMNTS. “It requires more care and procedures and reinforcement of those procedures.”
That’s good news for any company struggling to allocate resources to technology and internal staff in an effort to safeguard themselves — especially today. A recent TD Bank study found that businesses aren’t expecting cybersecurity threats to let up anytime soon. In fact, 91 percent of respondents to a TD Bank survey said they expect payments fraud to become a bigger threat in the coming two to three years.
Nearly two-thirds told TD Bank that either their own organization or one of their clients has been involved in some kind of cybersecurity event in the past year.
Burke said he wasn’t surprised at these findings at all.
“We know the whole fraud issue continues to escalate,” he reflected. “We’re not surprised that most people now someone who’s had a problem, and that’s a shame, but it’s not a surprise.”
The fact that awareness continues to climb may signal that professionals are more willing to talk about an uncomfortable topic, one that, historically, has been avoided. Burke likened it to talking about having a will or a life insurance policy.
“You don’t really want to talk about the event,” he acknowledged. But that doesn’t mean it’s not going to happen, and with cybersecurity threats reaching new highs, cyberattacks are now an inevitable reality for many corporates.
The report emphasized the role payments automation may play in safeguarding against fraud, with 21 percent saying fraud control is the top benefit to payments automation technology (though speed and agility to pay same-day and efficiency were more commonly cited as top benefits).
Use of Same Day ACH is on the rise, too, as companies look to automate and accelerate their processes. Still, paper check use remains strong, with TD Bank finding that only about a fifth of respondents described their companies as “paper-free.”
In the context of cybersecurity and the fight against payment fraud, though, Burke said payment rails may not have as much of a role in the matter as some may think.
“I wouldn’t necessarily want to say, in any absolute terms, that one payment type is less prone or more prone to fraudulent activity,” he said. “Certainly you have the experience with the paper check — everyone knows you can lose money through counterfeit fraud and things like that.”
But considering the tactics cyber thieves are using today to steal money from companies, payment rails have less to do with the ability to stop fraud from occurring in the first place. Take the Business Email Compromise, for example, the most commonly cited scam in TD Bank’s survey, with 20 percent of cyber incidents attributed to this strategy.
“When you talk about a Business Email Compromise scam, for example, it could occur via wire or via check,” Burke explained. “From the criminal’s perspective, there is value in focusing on identifying a payment that will go out electronically. If they have a wire sent, that’s final payment, so they can get their hands on the money much faster.” (Indeed, the Federal Bureau of Investigation said last month that 2016 was a record year for wire fraud via email scams, with criminals attempting to steal billions of dollars with this tactic.)
For this reason, he added, the value of employe education is “incredibly high.”
“There is a lot of risk out there, but there are ways to protect yourself,” he said. Not only implementing policies around how payments are made and authorized, but making sure those policies are reinforced, is a major component of combatting a crime like a Business Email Compromise. Top-level executives should make themselves available to any employee that receives a request to transfer funds into an account, he added. Even if the request seems legitimate, double-checking with the executive face to face means employees can be absolutely sure what they’re doing is secure.
Plus, Burke said, the more employees do this, the more comfortable everyone will feel communicating with each other to verify that wire and payment requests are legitimate.
“It might be a little uncomfortable,” he said, “but it takes just one time for a problem to be avoided, and then everyone is willing to talk to everyone else.”