What’s better than $10,000? Try $25 million.
That, it appears, is the thinking of an emerging cohort of bad actors and financial criminals behind a worrying rise in commercial banking fraud.
After all — why target individuals when you can target big ticket business-to-business (B2B) transactions.
And with B2B relationships becoming ever-more digital between buyers, suppliers and their financial institutions, criminals are adapting their tactics by persuading businesses to log onto fake commercial websites and pilfering their credentials.
The consequences of such cyberattacks are profound, with some companies facing staggering losses.
Phishing emails, malicious websites and social engineering are common methods used to deceive employees into clicking on fraudulent links or providing login credentials. Once inside the commercial banking systems, fraudsters exploit vulnerabilities to gain unauthorized access to accounts and initiate fraudulent transactions.
That is why it is becoming increasingly critical for organizations to both educate their employees around today’s evolving threat landscape, as well as invest in leveling up their own defenses.
CNN reported over the weekend (Feb. 4) that a multinational firm was tricked into paying out $25.6 million as part of an elaborate, artificial intelligence (AI) scam in which an employee of the firm logged onto a videoconference with eight deepfake video creations of colleagues he recognized who coaxed the worker into paying out millions of dollars.
While the “core components” of the B2B payment ecosystem are relatively constant across channels (think money movement infrastructure that enables an exchange between buyers and suppliers), the methods bad actors are using to target and attack these key components are constantly evolving as new technologies and players are brought to market.
Unlike consumer-level banking, commercial digital banking involves larger sums and more complex transactions. The sheer scale of financial activities in the B2B domain amplifies the potential impact of digital banking theft. The theft of credentials can lead to unauthorized access to corporate accounts, enabling fraudsters to manipulate funds, initiate wire transfers, and conduct other irrevocable transactions.
One of the most distressing aspects of commercial digital banking theft is the scale of financial losses involved. Businesses routinely deal with substantial sums of money, making them attractive targets for cybercriminals seeking significant payouts.
And while within consumer banking certain transactions can be disputed and reversed, commercial banking often involves irrevocable transactions. Once a fraudulent B2B transfer is initiated, it becomes exceedingly difficult to recover the funds. This lack of recourse poses a severe challenge for businesses trying to mitigate the financial impact of digital banking theft.
As PYMNTS Intelligence found in collaboration with Hawk AI, about 43% of FIs in the U.S. experienced an increase in fraud this year relative to 2022, resulting in a rise in fraud losses increasing by about 65% from $2.3 million in 2022 to $3.8 million in 2023.
Collaboration and data sharing between businesses, financial institutions, and cybersecurity experts is crucial in developing and implementing effective preventive strategies. Additionally, the integration of advanced technologies such as AI and machine learning can enhance the detection of suspicious activities and potential threats.
“It’s a continuous spectrum,” Michael Jabbara, global head of fraud services at Visa, told PYMNTS in March. “[Businesses need to] think about every interaction across multiple dimensions and think strategically about the appropriate safeguards to put in place to reduce potential incidents of fraud.”
As emphasized by many of the risk management leaders PYMNTS has spoken to, the first line of defense is increasingly an organization’s own employees and consumers, making individual education around next-generation attack tactics, and the best practice methods to combat them, more important than ever.
Managing the ever-escalating threats prevalent in today’s digital environment can be a particular challenge for small- to medium-sized businesses (SMBs), which often have budget constraints and sparse security teams.
That’s why employee training programs to raise awareness about phishing attacks, the use of multifactor authentication, and regular security audits are essential steps in fortifying the defense against digital banking fraud.
By prioritizing cybersecurity measures, implementing preventive strategies, and fostering a culture of vigilance, businesses can better protect themselves and help fend of this escalating threat.