Ransomware, malware and phishing attacks are the major types of attacks being used today, all of which are a means to facilitate payments fraud via check, wire, ACH and credit cards. These methods of entry seem to have one of two primary purposes. One is an account takeover, which is an attempt to gain access to an account. The other is business email compromise, in which targeted email accounts are compromised and the owner is impersonated by a fraudster who makes requests to move payments around, a tactic that’s become increasingly popular as a means of perpetrating payments fraud.
“Business email compromise has shown to have traction,” says Jim Altman, Middle Market Pennsylvania Regional Executive at Huntington Bank. “These emails legitimately look as if they’ve come from a manager, and employees naturally respond to the request. The result is that dollars are increasingly moving out of company accounts.”
Smart Business spoke with Altman about the cybersecurity threats that are affecting companies’ financial accounts, and how companies and their banks can mitigate those threats.
What steps have banks taken to protect their clients from fraudulent banking activity?
Banks have taken at least two primary approaches to combat fraudulent banking activity. Communication and education have been important first steps. Through this approach, banks are helping their clients consider the cybersecurity landscape. Tactics will continue to evolve, so it’s important to establish a dialogue so that business owners can better understand the impact cybercrimes can have on their companies, regardless of their size, industry or characteristics.
Products and offerings are being created to help mitigate fraud, products such as positive pay and cyber liability insurance. There are also strategies such as establishing multiple accounts, each of which is used for a specific purpose. That can help limit potential fraud and lead to faster identification of fraudulent payments if a transaction occurs that’s out of character for a specific account.
Banks can also validate transactions. When a request looks outside the norm, the bank will call the customer to verify that the transaction was legit prior to any money movement.
What can companies do to mitigate cyber fraud, especially financial fraud?
It’s important to stay informed about what’s happening in the area of cybersecurity and cyber threats because resiliency is a key part of business safety.
Educate employees on what to look for in terms of fraud — for instance, don’t click on links because of the threat of malware, don’t provide personal information to anyone through email and be empowered to validate any request to transfer funds.
Also, companies should evaluate their technology, making sure their networks and systems are up to date and aren’t vulnerable to attack.
From a payments perspective, think about internal processing and the controls that are in place to make sure money isn’t moving unexpectedly. Companies can institute dual verification of payments, two factor authentication and other steps to be more aware of what money is coming in and what’s going out.
Why is it important for companies to act now to protect themselves from cyber fraud?
Fraudsters are looking for the path of least resistance, so companies must be vigilant and don’t assume it’s an unlikely scenario. Payments fraud has been reported in all 50 states and in 150 countries. Not all of those attempts are successful, but it highlights the determination fraudsters have for finding a way in. It’s also an indication that fraud will not only continue to happen, but may happen more frequently.
While protecting against payments fraud might seem like just one more thing to do, preparation is less disruptive than a financial or data loss from a successful breach. That can be a major distraction as companies try to recover their losses and manage their reputational damage.
Cybercrime takes on lots of shapes and forms. Companies must believe that it could happen to them and be ready for it in order to minimize the chances of a successful attack.
Insights Banking & Finance is brought to you by Huntington Bank