It’s Not Enough That Businesses Win – Fraudsters Must Also Lose 

The digital age has brought with it a new, sophisticated twist to traditional fraud threats.

But while the threat of cybercrime is constantly evolving, as bad actors and cybercriminals leverage the same bleeding-edge tools that organizations have at their disposal, it’s important for firms to note that one of the biggest threats can often come from the inside. 

That’s because despite all the buzz around new technology, human employees remain both a firm’s best line of defense — and one of their most sensitive vulnerabilities. 

This, as a New York-based procurement manager, Bhaskarray Barot, pled guilty on Wednesday (June 7) to defrauding his own company as part of a multi-million dollar, multi-year fake invoice scheme. 

“For years, Barot created fraudulent invoices and processed them for payment at the Manhattan-based company where he used to work as a procurement manager. Barot designed the invoices to closely resemble the invoices that the company received from real vendors and other entities owed payment from the company. But the fraudulent invoices differed in a crucial way: they directed payment into Barot’s pocket,” said Damian Williams, the U.S. Attorney for the Southern District of New York (SDNY), in an announcement about the judgment. 

Over approximately 40 fake invoices dating back to 2018, the procurement manager used his position to process fraudulent payment requests, totaling approximately $4.4 million for his own gain. 

Invoice fraud is a common problem that results in an average yearly cost of $280,000 per middle-market business.

See AlsoGenerative AI Gives Scammers More Tools and Greater Reach

Research in “Payments Security Amid Uncertainty: Fighting Fraud And Crime With Digital Innovation Playbook,” a PYMNTS collaboration with Citi, details how firms can pinpoint vulnerabilities and strengthen security to better position themselves — and takes care to note that fraud can originate from inside an organization as easily as from outside, meaning that companies must effectively prepare for, and protect themselves against, both.

Particularly in today’s challenging economy, it’s worthwhile for firms to be introspective about their defenses and the strength of those defenses — and whether they’re in a position to fend off attacks, no matter where those attacks come from. 

Authentication and enterprise-level digital identity verification have become crucial to helping firms identify digital fraud today while protecting against it tomorrow. 

As PYMNTS has previously noted, there is a “greenfield opportunity for providers and platforms to help automate the verification of counterparties’ identities, payment details and accounts.

Still, many global businesses lack access to the modern digital tools needed to identify fraud vulnerabilities and mitigate their risks. 

While 38% of businesses are using document and identity authentication tools, with roughly a third of those companies looking to modernize ID processes plan to outsource those functions, PYMNTS research in the “B2B Payments Fraud Tracker” found that 71% of businesses say they need additional digital fraud solutions.

That’s because the longer firms hold off on boosting their defenses, the more of a jump bad actors will be able to have on them. 

“Fraudsters, as a general rule of thumb, tend to be very sophisticated and are always finding new ways to defraud individuals and businesses,” Doriel Abrahams, head of risk in the U.S. at fraud prevention provider Forter, told PYMNTS.

Abrahams explained that “the weakest link in the online payment journey is the human link,” and emphasized that while organizations often leverage artificial intelligence (AI) and machine learning (ML) tools to train anti-fraud models and establish robust controls, “fraudsters can do the same.” 

But that doesn’t mean the situation is hopeless, with bad actors playing the cat and businesses the mouse in a constantly evolving game of cat-and-mouse. 

“One of the things people in the identity space are most excited about is this concept called passkeys that is a new way to do cross-device biometrics, and it pretty much moves us away from the password-laden world into a much more seamless UX,” Stytch Co-founder and CEO Reed McGinley-Stempel told PYMNTS, emphasizing that it will establish much more secure authentication pathways for firms — and hopefully keep the next generation of bad actors at bay. 

Because at the end of the day, it’s a simple, if damning, quandary firms find themselves facing — make it too easy to make transactions, and companies and consumers are exposed to the fraudsters. Make it too hard, and no one wants to put up with the frictions along the journey and they move to a competitor.