Third-party payment risk exposures receive the most press and attention from corporate treasury and risk management professionals, and even more so over the past few years with the explosion of business e-mail compromise (BEC) scams. If we look at the top sources of attempted/actual payments fraud as reported in the 2017 AFP Payments Fraud & Control Survey1 it is clear third-party payments risk exposures have more than earned that focus.
The explosion of BEC scams across all payment types should inspire companies of all sizes to invest in educating employees as to how to mitigate these exposures, to work with IT relative to how to prevent data compromise, and to ensure that a data breech response plan is in place to mitigate the cost of any data breach. The following graph from the 2017 AFP Payments Fraud and Control Survey illustrates the prevalence on BEC scams across payment types.
Effective third-party risk mitigation can be achieved through employee education and the right technology in conjunction with the right processes and controls. In terms of processes and controls, the following represent specific techniques companies are using to mitigate these exposures:
- The education of all employees involved in the processing payments reactive to BEC scams
- Educate employees on how to protect company data that can be compromised via mobile devices, and laptop computers when traveling on company business.
- Real-time reporting of payments activity above certain thresholds
- Daily account reconciliations
- Multiple layers of security for access to bank services that facilitate payments and/or payments reconciliation
- Investment in upgrading security to access the company network
- Restrict payments activity to company-issued laptops
- Invest in direct company access to the SWIFT network
- Leveraging purchase cards with authorization for only specific restricted MCC codes for each user
Technology is also a key tool for companies to leverage in mitigating any type of payments risk exposures. Technology that minimizes the number of systems, manual data entry, and the number of parties involved in a transaction helps mitigate payments risk exposures. Technology can also be leveraged to strengthen the level of security relative to the authentication of actions that affect payments, and automate reconciliations and reporting that mitigate risk exposures across all payment types.
1 – 2017 AFP Payments Fraud and Control Survey, The Association for Financial Professionals (March 2017).
This article first appeared on the Tipalti Blog.