Preventing payments fraud is a multilayered problem that requires a multilayered approach, Allen Shiber, chief technology officer at nsKnox, told PYMNTS.
Payment fraud is difficult to prevent because it comes in many forms and from different places, Shiber said. Firms must be protected from bad actors who could be insiders or outsiders. They must also be protected from numerous attack vectors, including phishing and social engineering that attack the human mind, as well as malicious software that manipulates systems and data.
Whatās more, payments cross different systems and different teams, including accounts payable, procurement and treasury. With more complexity, there are more vulnerabilities. On Jan. 11, nsKnox, a cybersecurity company focused on corporate payment security, reported that it had been awarded a U.S. patent for its CCS (Cooperative Cyber Security) technology.
Read more: B2B Security Provider nsKnox Wins US Patent
āIf more people are involved in the process, then it means thatās more opportunities for social engineering, and if more systems are involved in the process, then it means that there are more vulnerabilities for hackers,ā Shiber said. āSo, in a sense, itās a multilayered problem that requires a multilayered approach.ā
Developing a Multilayered Approach
Secure processes depend on sound technical infrastructure. To start, organizations should use multifactor authentication for logins, ensure systems are fully up to date, secure their endpoints and mandate that employees working remotely do so via virtual private networks (VPNs).
āThe reason that we have to start with the basics is that if our infrastructure is not sound, then anything that will build on topĀ it will fall,ā Shiber said.
See also: Managing Remote FinTech Risk: In Digital Payments We Trust, But Verify Continuously
The second layer includes strong processes carried out by well-trained employees. Shiber recommends running educational sessions and frequently testing employees with fake phishing attacks. And because weāre all prone to error, he recommends implementing processes such as 4-eyes reviews and allowing only a handful of trained employees to carry out sensitive activities like collecting vendorsā data and validating vendor information.
āA good tip here would be to look for interfaces, because these are the most sensitive places that are often overlooked ā things like communication between teams, communication with external parties and so on,ā Shiber said.
Applying these two layers of security ā infrastructure and people/processes are a good start but we still remain with manual controls that are only as strong as the employees who follow them. Experience shows that sooner or later someone will make a costly mistake so to close this gap, thereās a mandatory third layer ā deploying an automated, end-to-end antifraud solution. A good one allows companies to verify the accuracy of any banking data they receive from partners or suppliers, including international ones; to detect whether data has been manipulated after it was saved into their payments system; to secure the actual payment process and transactions; and to issue an alert in the case of any compromise.
āIt is very important that the verification process will be completely automated, without relying on manual [activities] like emails and phone calls because these things just open the door for social engineering,ā Shiber said.
Collaborating to Gain an End-to-End View
Together with this three-layered model for protecting corporate payments, thereās also a need for collaboration between finance, IT and security teams. When they work well together, they can take an end-to-end view of problems and solutions and prevent things from falling through the cracks.
āIf IT guys understand the financial process, then they can identify problems that finance guys are not aware of ā and vice versa,ā Shiber said.
Remote work and digitization have created more opportunities for fraud. Fraudstersā continued adoption of new technologies like phone spoofing and voice cloning applications will cause additional challenges.
See also: Work-From-Home Trend Raises Stakes in Fight Against Business Email Fraud
Add in supply chain difficulties that are forcing companies to work with unfamiliar vendors and the increasingly cross-border nature of commerce, and you have a payments environment where vigilance is more important than ever before.
āSo, relying only on manual controls in 2022 is going to become more and more challenging,ā Shiber said. āThis is the reason that companies like nsKnox that provide a third layer of automation and fraud prevention technology are probably going to be very busy ā because we have a lot of new challenges.ā
Weāre always on the lookout for opportunities to partner with innovators and disruptors.
Learn More