“It’s always a cat and mouse game between the fraudsters and the ones that are trying to stop them,” nsKnox Chief Operating Officer Nithai Barzam told PYMNTS.
The conversation with PYMNTS came against a backdrop in which nsKnox said Wednesday (Jan. 18) that it has raised $17 million in a funding round from several investors. The capital was provided by new investors Link Ventures and Harel Insurance, as well as several existing investors, including Microsoft’s M12 and Viola Ventures. The total funding raised by nsKnox stands at $35.6 million.
This, as the great digital shift has put business payments in fraudsters’ crosshairs.
Joint research from nsKnox and PYMNTS in the “B2B Payments Fraud Tracker” revealed that payments fraud is among the top concerns for businesses.
The cat and mouse game has gotten more complex amid the shift to electronic payments, especially in the United States. Companies are increasingly making the move away from paper-based checks and toward digital channels. But alongside that shift, the bad actors have, not surprisingly, identified B2B payments as an area ripe for exploitation. When they’re successful, said Barzam, the payoffs can be huge — in the millions of dollars.
As a result, lured by the potential of a massive payday, “there’s been a surge in cybercriminal activity — and the fraudsters are really trying to target organizations in all ways, shapes and forms of attacks,” he told PYMNTS.
Barzam said that all manner of attacks — on corporate infrastructure itself, or through social engineering or business email compromise scams — have been on the rise.
The threat has mushroomed as B2B commerce is now global. Firms across any number of verticals are sourcing supplies internationally, and everyone is making cross-border transactions. As supply chains stretch across countries, it’s becoming increasingly critical to continuously validate account ownership and secure payment transactions, he said.
That’s easier said than done. At present, there’s no global database that has all the bank accounts in the world, and a company onboarding a new supplier in China, Germany or Spain needs to know that the bank account they’re sending payments to is the correct one and is tied to a legitimate owner.
Verifying account-by-account details represents a huge, time-consuming task for organizations, he said.
Protecting the Data Internally Too
The threat of fraud is not just an external one where fraudsters attack companies from the outside or present false credentials to siphon off funds. Barzam said once account-level data is stored within a company’s enterprise resource planning (ERP) and financial accounting system, the information is still a target for fraudsters looking to manipulate those details — from employees themselves acting as “bad insiders.”
“Nobody wants to think about their own employees, finance professionals or IT professionals as potential fraudsters,” he said.
But it happens.
All it takes is a few staff members working in collaboration, or a single malicious actor, to change the details on file, and money winds up being sent to the wrong account. The in-house individuals are the ones most familiar with the processes, the systems, the handoffs as data is collected, transmitted and stored — and they’re the ones with the access.
In one illustrative case, Barzam recounted a treasurer working for a huge conglomerate who “updated” the details of a supplier in his firm’s ERP system — so that more than $100 million in payments went to his bank account.
The key line of defense is to confirm bank account ownership “continuously throughout the transaction journey to make sure that data is not manipulated after the initial verification,” he said. “You need to shift from just trusting everybody to trusting and verifying.”
At a high level, the company uses its Cooperative Cyber Security and Bank Account Certificates technologies to secure both outbound and inbound payments from fraud. The technologies, he said, validate accounts anywhere on the globe, verifying the true identity of both sender and receiver and preventing manipulations across every point of transaction inside the firm too.
With a nod to the company’s Wednesday investment announcement, Barzam said conventional wisdom holds that the funding environment is onerous at present, and investors are reluctant to part with their money. But nsKnox’s fresh capital injection underscores investors’ recognition of the importance of improving B2B payments security, both externally and within the companies themselves.
Looking ahead, Barzam detailed the go-to-market strategy with the new funding in hand. While the U.S. remains the largest market, nsKnox is expanding into Europe and is examining expanding into additional geographies.
“We’ve also introduced our solutions to banks,” he told PYMNTS, “and we’ll be partnering more and more with them as they serve their own corporate customers — and we’ll protect the corporates and the banks in doing so.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More