As the guardians of all things cash management, payments, and bank account related, treasurers have an obligation to command control over fraud and security measures. According to the 2019 Treasury Fraud & Controls Survey Report issued by Strategic Treasurer and Bottomline Technologies, there are several areas of opportunity within treasuries to better combat fraud and close the gap on vulnerabilities. We explore the highlights of the report below.
Popular Fraud Types
Three types of fraud lead the pack when it comes to frequency of attempts: business email compromise, cyber fraud/data theft, and check forgery. Business email compromise attacks are the most common type of fraud attempted against treasury and tend to target large sums of money.
Cyber fraud and data theft typically revolve around phishing attacks and malware, with fraudsters’ main goal being to steal sensitive data that they can sell on the black market or use to financially exploit the company from whom they steal. These attacks are especially nefarious as breaches in this area often fly below the radar when they don’t result in immediate dollar losses.
Check forgery, while one of the more archaic types of fraud in existence today, actually has the highest success rate of the three mentioned. Roughly 18% of those who experienced an attempt suffered an actual loss, making it imperative that treasuries strongly consider switching to e-pay methods and be disciplined about reconciling bank accounts daily.
Corporate security is still lacking and security measures have vulnerabilities that leave organizations exposed. It seems even the simplest measures are sometimes overlooked. In the survey, 11% of companies didn’t implement dual controls and 15% reported not using antivirus software. Data encryption was another major area of concern. The survey showed that under half (41%) of corporates knowingly encrypt data at rest and even less (39%) encrypt data in transit.
Given the spotlight of organizations who have been breached over the past several years, these are jarring admissions. Data theft and breaches pose a prominent threat to organizations—and treasuries in particular. It’s unnerving to know that, should an unencrypted server or other system be jeopardized, the data contained would be extremely vulnerable.
Closing the Gap
The use of emerging security technologies was varied across respondents. While the majority (91%) utilized physical tokens like key fobs or USBs to access payments systems, far fewer leveraged digital solutions like biometrics (12%) and tokenization (21%). Banks have a head start in this area, as they implement these tools much more quickly than their corporate counterparts. In banking, 25% of respondents use biometrics and 46% use tokenization.
At a minimum, treasuries should be employing dual controls, firewall & antivirus software and practicing a policy of least privilege. The next level of corporate security entails multi-factor authentication (MFA), encrypting at-rest data, and point-to-point encryption for data in-transit. Industry-leading treasuries will look a step beyond these measures and employ user monitoring software, biometrics, and tokenization.
A Focus on Training
Even with the best emerging security technologies, training is a vital component to keeping your environment secure. Training and educating employees is an essential security element that shouldn’t be underestimated. Employees must be aware of how systems work, what protocols to follow in the event of a breach, and how to identify and react to fraud attempts.
Even those with training systems in place should explore how they may be more robust. According to the survey, 81% of organizations reported that they train employees on security, but just 66% of organizations were trained on how to respond to a fraud attack. Less than half (48%) tested employees with fake phishing emails. Training should entail the basics, but also extend into more advanced security topics that are augmented with tests and procedures.
Partners in Cyber Crime-Fighting
Arrow Payments is a trusted partner of treasury departments far and wide when it comes to implementing security best practices. Whether you need help managing controls within enterprise payment systems or implementing tokenization campus-wide, we can help. Contact us today.