Fighting fraud is a hot topic currently for Financial professionals. During the AFP conference, which took place on from October 23rd to October 26th in Philadelphia, we had the chance to assist to fraud-oriented conference topics and here is a quick throwback on what has been discussed. To cover payment fraud issues, the Association for Financial Professionals appointed the following speakers on a roundtable :
- Carl Slabicki, CTP, AAP, Moderator
- Lynn Cirrincione, Director, Treasury, and Banking Operations Allstate Insurance Co.
- Frank D’Amadeo, Director of Treasury Operations Consolidated Edison
- Michael Herd, Senior Vice President, ACH Network Administration Nacha
- Kathy Mertes, Vice President, Digital Payments Strategy and Solution, Conduent
“The fraudsters are always a step ahead of us, no matter what we do!” How can we avoid fraud in whatever we’re doing? It is not just payments out but also payments that are coming in! You have to look at both sides of it.” Lynn Cirrincione
Fighting Fraud with Nacha’s New Rules, Methods to Reduce Risk and Tools to Decrease Fraud Volumes
Emerging fraud threats and protections against them
Kathy “We’ve seen a lot of executive style fraud, attacks from someone spoofing my CFO. Knowing my favorite color, name, etc. Account take over fraud : we have them a lot too! We have to be diligent to make sure we know our payees. Knowing your payee is really important for all of us”.
Frank “We’re constantly getting emails and phone calls. When you meet with senior management, the message we have given out: “don’t even think about sending us or calling us”. We have procedures in place, we go with the known channel we have and do proper controls. You should meet with key stakeholders in the business to educate on how to proceed. Fraudsters are using social media, linkedin, they are able to re-structure your organization entirely, they are sending notes to the people in treasury, they try to get you to give passwords. Even if your email or password is compromised, they can still get in your bank account. Recently we lost 80 000$ on a subsidiary, the supplier they were dealing with : they got hacked. One of the control they didn’t follow was: the KYS, you should have an independent phone number stored somewhere where you can validate payment instruction change.”
Lynn “We do use a service to validate both accounts, health or owner of accounts. Anytime payment instructions are changing, you’ve not to accept it. We have those same processes. Education is key! Every single person in the organization must know what the fraud schemes are. If they don’t understand how the schemes can work, they are not going to understand how it can happen. If you start telling people why, it will help. We were doing a lot of spoof emails to our employees to try and educate them. It starts to become part of you and how you think. what of the things we are treating with our payments is how to validate bank accounts. ”
Fraudsters continue to be dynamic and change !
Michael : “We have experienced over these last 5 years, we spend the majority of our time working on these things. How do we address it? How do we protect from it? It’s now cross channel : everyone has its unique kind of fraud on each payment channel.”
Effectiveness of Nacha rules to safeguard the ACH network from fraud (specifically around data protection for large originators and WEB debit pre-validation).
Michael “In discussion since 2018, security rules requirement are state-of-the-art. The new Nacha rules require protection of data at rest, and account validation. We saw the marketplace change significantly. It has expended to other areas : account validation, validation tools, techniques, services. There is a reel tabloid effect on the market place. “
Lynn “Luckily, our IT group and security group was all in on that. It was though to get it to happen, we took baby steps.”
Risks from the shift to a credit-push fraud focus, challenges relative to ACH Debits, and controls to help effectively manage those models
Scams on the B2B payment side happen : photoshop invoices, emails get hacked from vendors, what do you do to mitigate that ?
Michael :” Risk management on the era of credit-push fraud is a challenge. The standard industry to a fraud event, is to not talk to counter-parties !”
Lynn “Tools and data can help your firm to fight fraud, every tool that’s out there we are going to use! Trusting the data is key to fight fraud, the only way you can trust it is to validate de data you work with”
💡 Trustpair is the leading anti-fraud platform for large corporates. We provide real-time and international account validation on the P2P process from the beginning to the end. To prevent payment fraud on real-time payements, we recommend to work with accurate third party data in your systems. Get in touch with us to know more about how to protect your company from payments fraud.