Mattel became one of the biggest known victims of treasury fraud when it sent $3 million to scammers in China. The perpetrators had successfully convinced its treasury department to pay an invoice for high-scale production, made even more convincing because the company was working with a legitimate Chinese producer.
Protect your company against treasury fraud by learning why this department is so often the target, and the most common techniques. Finally, learn how to prevent it through deterrence, workflows, and secure systems like Trustpair’s ongoing account validation. Request a demo to learn more!
Why are Treasurers a main target for fraud?
Treasurers hold a unique position within the company – they have access to and responsibility for the company funds. Of course, many treasury departments use tech and physical barriers to ensure this money remains secure. But fraudsters are creating increasingly more complex scams to target the accounting and treasury departments.
Think about it: the treasury department is a mecca for the movement of money, making missing funds much easier to hide. With responsibilities like budgeting, complying with the IRS, and documenting expenses, it’s easy for the day-to-day work to take over (and fraud attempts to go under the radar).
While other departments are restricted by budgets or the need to request approvals, treasurers are the team that controls the company budgets and approves or denies those requests.
What are the types of fraud that target Treasury departments?
Treasury departments could be the victim of several different types of scams, but three of the most popular include:
- Transaction fraud
- Impersonation fraud
- Internal fraud
Transaction fraud
Transaction fraud often occurs when fraudsters commit third-party fraud by ripping off a legitimate vendor or supplier. They create a fake invoice or hack into the real supplier’s system and change the banking information on a real invoice.
Transaction fraud occurs when the treasury team doesn’t spot this discrepancy in payment details, or if it’s realized but no red flags are raised. Treasury departments that fall victim to transaction fraud not only let the perpetrators get away with the funds but also leave their real vendors out of pocket. This is likely to cause tension up the supply chain and could result in a loss of suppliers, or severe reputational damage.
Impersonation fraud
When fraudsters impersonate a senior figure, such as the CEO, they might hack into their target’s real email address to learn exactly how they speak to staff. Then, the fraudster will replicate this language in their message to a victim in the treasury department. This typically comes with the request to immediately transfer money, or give information to the fraudster.
Otherwise known as phishing emails (learn more about phishing here), experienced scammers often rely on social engineering techniques, such as pressure, urgency, and other forms of manipulation. This leads to a greater chance that the perpetrators will gain access before the treasury department employee realizes they have been scammed.
On occasion, impersonators have been known to pretend to be the IT departments, legal companies, and even the IRS in tax scams to extort companies.
Internal Fraud
Internal fraud refers to a trusted employee who abuses the internal systems to commit fraud. In the case of internal treasury fraud, the perpetrator specifically applies to a position within the treasury department, in the hopes of gaining access and responsibility over company money.
Once trusted, these colleagues take advantage of their access and divert funds to themselves. They might use legitimate invoices to match the amounts or use their knowledge of the internal systems to create their own compliant transactions.
Is having a Treasury Management system enough to fight fraud?
A treasury management system should streamline workflows, offer visibility over every business transaction, and build security features into the procurement process. For example, treasury management can centralize company cash flow, and automate certain financial processes like invoice matching against order forms. It’s a good example of the benefits of digitalization for finance teams.
However, most treasury management systems are not built with fraud as the number one priority, which means that threats can become a second thought. Without regular updates to protect against new and developing threats, some treasury management systems could become defunct.
Moreover, although treasury departments are often the target, sometimes scammers will aim at other employees. For example:
- IT departments: in order to compromise the security systems and gain access to information. For example, a UK-based police department’s server was recently hacked after their third-party IT department became compromised
- Legal partners: to penetrate and expose confidential contracts, which has seen a huge spike recently (as reported by the FTC)
- Employees in other departments: in the case of Twitter’s 2020 fraud, regular employees fell for a re-authentication scam that led to the perpetrator’s access to the systems, and public endorsements from celebrity accounts to ‘invest’ into fake cryptocurrencies
Therefore, organizations that take the threat of fraud seriously should know that treasury management systems do not offer enough protection. Instead, companies should invest in best practices, and specific fraud prevention software that can address transaction and impersonation scams.
Trustpair is one such platform, which prevents the financial effects of falling victim to either of these scams. It works by validating third-party details in real-time against the most robust external databases, ensuring that companies can trust their suppliers. When suspicious or unknown parties are discovered, payments are automatically blocked.
The main safeguards against Treasury fraud?
Safeguarding against treasury fraud requires a thoughtful strategy combining detection and prevention.
Centralized workflows
Using online programs to centralize, report, and automate financial processes means that operations become transparent.
By relying on machine-learning or cloud-based technologies, companies can benefit from holding their staff accountable and preventing external access. That’s because these programs require individual log-ins, and track or record the actions of each employee to ensure it is traceable.
Moreover, centralizing the financial workflows enables treasury departments to build mechanisms that can strengthen and protect their organization against scams, like fraud alerts. By requiring two senior employees to approve payments over a certain threshold, for example, payments cannot be made until two sets of eyes have manually checked the details. This is called the 4 eyes principle.
Deterrence measures
By publishing guidelines on standard operating procedures, colleagues should be deterred from committing internal or employee fraud. That’s because they’ll know that fellow employees will spot any actions that are out of the guide, and become suspicious.
Moreover, detailing risk assessments and fraud response plans can help treasury departments prevent fraud attempts from being successful. By having these resources to rely on, treasury colleagues definitively know the steps to take when they become suspicious of fraudulent activity.
Another good way to prevent and deter fraudsters is by raising awareness through information sessions. This enables team members to get educated on the techniques of fraudsters and get regular reminders of threats – both emerging and established.
Secure Systems
Building physical and online security features into these systems is also key. For example, requiring authentication before colleagues can finalize a transaction could allow them to think twice and escape the looming pressure of a socially engineered request.
Another security feature includes upgrading the spam filters on an email system. Here, organizations can better arm themselves against business email compromise, a phishing technique that relies on spoofing a real email address or website to fool your employees.
Businesses could choose to limit access to certain parts of the financial systems based on employee seniority. This would prevent the financial effects of transaction or impersonation fraud, even if the employee fell for the scam unless they were among the most senior workers in the department.
Learn all there is to know about B2B fraud in our latest fraud report!
Protect your company against Treasury Fraud
Treasury fraud represents a significant threat to companies since the treasury department has so much access and control over company funds. Prevent it by arming your company with central workflows, deterrence measures, and secure systems like Trustpair. The platform works to validate all third-party payments and prevents the financial effects of fraud.
