Thursday, November 21African Digital Business Magazine

Fraud trends every CFO should know

PwC’s Global Economic Crime and Fraud Survey 2022 revealed that 46% of organisations have experienced fraud, corruption, or other economic crimes in the last 24 months. Ryan Mer, CEO of eftsure Africa, a Know Your Payee™ (KYP) platform provider, gives a rundown of what to look out for.

1. Fraud protection is no longer optional

It’s hard to believe today, but just a few years ago, even large organisations didn’t have payment fraud protection in place. One of our clients, a listed company, had an ongoing issue with payment fraud totalling over R3 million in losses in the year prior to adopting eftsure. They haven’t lost a cent to payment fraud since.

Businesses are taking the threat of payment fraud a lot more seriously than they did even two years ago. They’re acknowledging that the payment fraud risk is there and that it’s ubiquitous – not only large corporations and banks are being targeted anymore. They know they have to be protected in some way or another.

2. It’s easier to hack people than to hack machines

Business email compromise (BEC) is a massive problem, even with protection in place. As threat protection becomes more sophisticated, fraudsters are targeting people to circumvent these digital security measures. There are numerous examples of bad actors manipulating various levels of staff. Although it may be tempting to believe only gullible individuals fall for scams, but criminals are often professional, persuasive and are well-trained in using human weakness, as well as individual and company information to their advantage.

Here’s a likely scenario: A client writes an online review of your company. A fraudster sees this and now knows this person or company is your client and that you would expect emails from them. They create a similar-looking fake email address, paste the client’s logo in their email, attach a malicious document, and send it to your company asking for clarification on the ‘attached invoice’. It takes one person on your team to open that attachment without double checking the sender’s details, and your company is compromised. This happens so easily when financial teams are under tremendous time pressure.

Email security really does help, but personnel training is crucial. Otherwise, it’s like having the best security at your house, from beams to alarms to fencing, and letting someone through the gate without checking their credentials.

3. Manual processes are dangerous

The surprising result of increased digital fraud and BEC is that many companies opt to solve this problem by introducing more manual processes. They’re adding another person as a point of contact or another manager to oversee crucial checks. The problem is that it’s still a manual process, reliant on a person that can be manipulated, whether unwittingly or not. It’s a case of rearranging the deck chairs on the Titanic. Digital threats must instead be fought with digital solutions.

Another common mistake is to automate some processes but keep certain steps in that process manual. And ‘manual’ doesn’t necessarily mean physical documents but can involve adding extra steps to a process that could easily be automated. Onboarding new suppliers or clients is a great example: Many businesses have a platform for this, but then request certain documents via email. That’s an invitation for an interception, impersonation or malicious attachment. Or they’ll take data from the platform and manually perform processes and procedures on it, adding in a human element and the potential for mistakes. That’s not only counter-productive from a security perspective, but also a business perspective.

Luckily, we’re seeing the pendulum start to swing in the other direction. CFOs and CEOs, the executives responsible for processes, controls, operations and systems in the organisation, are starting to pay more attention to digitisation and automation. There’s a better understanding of these risks and benefits in general. After all, there is a lot of responsibility that sits on the shoulders of those responsible for outgoing payments in an organisation.

Onboarding, for example, is one of the first experiences someone will have with your company and should be as seamless and simple as possible. By using a platform that can digitise and automate the process, you can speed up the onboarding journey and collect all documents upfront, saving time for all parties involved. A digitised and controlled internal approval process that is automatically part of internal procedures increases business efficiencies and reduces wastage of productive time and energy that should be used to further the company, as manual labour is greatly reduced.

4. Don’t just upgrade; integrate

The next step is to not only automate, but to integrate. Though our solution can be used as a standalone system, we’re seeing more clients integrating it into their existing systems.

A Software as a Service (SaaS) provider like eftsure can help enhance processes and limit payment fraud risks by providing an integrated onboarding, verified master data management and payment screening solution that cross-references the payments an organisation is about to release with a database of verified bank account details. This can be integrated into anything from ERP and accounting systems to sales and customer relationship management systems. The platform alerts you to any potentially compromised  payment details, at point of payment, allowing you to deal with the problem before the flow of funds has occurred.

The CFOs who are ahead of the digitisation curve, or further along in the process, are now looking for more integrated solutions. This cuts down on the number of steps in each process, and the time spent on each step – improving security while improving the bottom line. Even if they’re making these decisions for the sake of efficiency rather than security, it’s still a win on both fronts and at the end of the day, which stakeholder, with that huge responsibility of releasing payments on behalf of a company wouldn’t want peace of mind before releasing payments?