Payment fraud has become a real and permanent threat for companies of all sizes.
No company can afford to close its eyes to the risks – fraudsters target all industries and large and small businesses alike. It is the eleventh hour to start focusing on the safety of your payment process if you want to avoid financial damage.
The good news is that the fraudsters prefer easy targets, so even raising awareness on the topic in your organization is a step in the right direction. With this blog, I want to share 5 concrete tips for preventing payment fraud and improving the safety of your organization’s payment process.
1. Get rid of risky task combinations
Do you know who has access to your payments at each stage of the process? Risky task combinations may have formed over time without anyone noticing that a single person can, for instance, create a new payment in the system and approve it to be paid. Overly broad user rights leave unnecessary room for both malpractice and costly mistakes. Applying strong user rights management – the four-eye principle, for example - is a quick way to reduce the risks. You should require double approval also on the changes made in the vendor master data, as well as user rights.
2. Build your payment process on best practices
Design a secure payment process with best practices approach. Establishing a “no PO, no pay” principle where invoices are approved for payment only if they have a purchase order number or if they are paid to registered suppliers supports preventing payment fraud. You can improve the safety of manual payments when you utilize the ready-made templates of a payment system and demand multi-factor identification from the person who makes the spontaneous request for payment. Many CFO attacks could have been prevented if the origin of an email payment request had been confirmed via another channel.
3. Automate and focus on end-to-end safety
You would be surprised if you knew how many companies have gaps in their payment process, creating payment fraud risk. For example, if the payment file batches are waiting to be uploaded to the bank in a folder or file share, it leaves the data open for tampering even if the process up to that point had been secure. Eliminating manual phases through automation is one of the best ways to increase safety as it reduces not only the risk of fraud but also the risk of mistakes.
4. Improve transparency
Standardized and harmonized practices build up transparency, which makes spotting and preventing payment fraud easier. Create a uniform, company-wide process for handling payments and make sure that there are no routes round it. By centralizing all your bank connections to a single system, you will take transparency to another level, and, in addition, you are able to better control the risk related to data transfer and system management.
5. Keep an eye on deviations
It is not rare that payment fraud is discovered only by accident. As a part of good risk management, you need to focus also on the measures that help you spot the fraudulent payments that manage to go through your defenses. Keep an eye on payments that are going to unknown bank accounts or that are made outside normal payment schedule. Your payment system should support you in risk management and filter out deviations from your payment flows before they are paid. Machine learning and artificial intelligence will soon create new possibilities for recognizing and managing deviations in accounts payable in a more real-time and automated fashion.
Preventing payment fraud in an ever-changing threat landscape requires that you take a comprehensive and proactive approach. I recommend that you download and read our e-book, where we take a look at this topic in detail, and provide you with all the different perspectives a corporate payment process should be examined from. In the e-book, you will find best practices and concrete advice you need to keep your organization from falling victim to payment fraud.