Select Page

As the guardians of all things cash management, payments, and bank account related, treasurers have an obligation to command control over fraud and security measures. According to the 2019 Treasury Fraud & Controls Survey Report issued by Strategic Treasurer and Bottomline Technologies, there are several areas of opportunity within treasuries to better combat fraud and close the gap on vulnerabilities. We explore the highlights of the report below.

Popular Fraud Types

Three types of fraud lead the pack when it comes to frequency of attempts: business email compromise, cyber fraud/data theft, and check forgery. Business email compromise attacks are the most common type of fraud attempted against treasury and tend to target large sums of money.

Cyber fraud and data theft typically revolve around phishing attacks and malware, with fraudsters’ main goal being to steal sensitive data that they can sell on the black market or use to financially exploit the company from whom they steal. These attacks are especially nefarious as breaches in this area often fly below the radar when they don’t result in immediate dollar losses.

Check forgery, while one of the more archaic types of fraud in existence today, actually has the highest success rate of the three mentioned. Roughly 18% of those who experienced an attempt suffered an actual loss, making it imperative that treasuries strongly consider switching to e-pay methods and be disciplined about reconciling bank accounts daily.

Vulnerabilities, Exposed

Corporate security is still lacking and security measures have vulnerabilities that leave organizations exposed. It seems even the simplest measures are sometimes overlooked. In the survey, 11% of companies didn’t implement dual controls and 15% reported not using antivirus software. Data encryption was another major area of concern. The survey showed that under half (41%) of corporates knowingly encrypt data at rest and even less (39%) encrypt data in transit.

Given the spotlight of organizations who have been breached over the past several years, these are jarring admissions. Data theft and breaches pose a prominent threat to organizations—and treasuries in particular. It’s unnerving to know that, should an unencrypted server or other system be jeopardized, the data contained would be extremely vulnerable.

Closing the Gap

The use of emerging security technologies was varied across respondents. While the majority (91%) utilized physical tokens like key fobs or USBs to access payments systems, far fewer leveraged digital solutions like biometrics (12%) and tokenization (21%). Banks have a head start in this area, as they implement these tools much more quickly than their corporate counterparts. In banking, 25% of respondents use biometrics and 46% use tokenization.

At a minimum, treasuries should be employing dual controls, firewall & antivirus software and practicing a policy of least privilege. The next level of corporate security entails multi-factor authentication (MFA), encrypting at-rest data, and point-to-point encryption for data in-transit. Industry-leading treasuries will look a step beyond these measures and employ user monitoring software, biometrics, and tokenization.

A Focus on Training

Even with the best emerging security technologies, training is a vital component to keeping your environment secure. Training and educating employees is an essential security element that shouldn’t be underestimated. Employees must be aware of how systems work, what protocols to follow in the event of a breach, and how to identify and react to fraud attempts.

Even those with training systems in place should explore how they may be more robust. According to the survey, 81% of organizations reported that they train employees on security, but just 66% of organizations were trained on how to respond to a fraud attack. Less than half (48%) tested employees with fake phishing emails. Training should entail the basics, but also extend into more advanced security topics that are augmented with tests and procedures.

Partners in Cyber Crime-Fighting

Arrow Payments is a trusted partner of treasury departments far and wide when it comes to implementing security best practices. Whether you need help managing controls within enterprise payment systems or implementing tokenization campus-wide, we can help. Contact us today.

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

Managing Ecommerce Solutions for Higher Ed

Managing Ecommerce Solutions for Higher Ed

Nothing has pushed ecommerce to the forefront of universities and institutions of higher education than COVID-19. While many universities previously saw the importance of leveraging ecommerce for everything from tuition payments to fundraising and more, the pandemic...

Higher Education’s Guide to Cryptocurrency

Higher Education’s Guide to Cryptocurrency

According to Coinbase, twice as many students report having taken a crypto course in 2019 and 41 of the top 50 universities have at least one student-led crypto and/or blockchain club. As people around the world continue to learn about and invest in cryptocurrency,...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery