Fraud Protection Strategies - SunTrust...Fraud comes from many sources, some internal and some external to your company. Regardless of the source, when you have assets on the move
Post on 05-May-2020
2 Views
Preview:
Transcript
The fight against fraud can neither be ignored, nor won. Over half of North American companies experienced fraud and/or economic loss within the last 24 months, a 50 percent increase from incidents reported in 2016.1 While fraud can take many forms, from asset misappropriation to cybercrime, it continues to attack companies from a multitude of directions. When it comes to payments, paper-driven processes and checks are still the number one form of business payment fraud,2 but as technology advances, an upsurge in electronic fraud schemes are appearing in an increasingly digital financial environment. Criminals have adapted new ways to exploit system weaknesses with advanced phishing schemes, business email compromise, and other creative fraud plots. Fraud prevention should play a leading role in your organization’s payment strategy, meaning that understanding common types of fraud, the risks involved, and the best prevention measures has never been more important.
UNDERSTANDING AND ATTACKING THE SOURCES OF FRAUD
Attacking fraud includes deploying process and technological solutions while boosting the portion of payments sent electronically. It involves working with a team who understands your business, the threats and countermeasures to defend against those threats and how to guide you through recovery from a fraud event. The SunTrust OneTeam Approach® delivers end-to-end financial solutions that help simplify financial management and point to ways your business can grow and succeed, while making suggestions about systems and payment methods that can help reduce your fraud risk. Visit the Fraud Protection section of the SunTrust Resource Center for the latest strategies.
Employee morale
Business relations
Reputation/brand strength
Relations with regulators
Share price 16%
30%
36%
38%
48%
Share price
Relations with regulators
Reputation/brand strength
Business relations
Employee morale
Impact of fraud across the business1
% of organizations that rated level of impact as high to medium:
FRAUD PROTECTION STRATEGIES
loss up to .5% of total revenue
experience losses greater than $1,000,000
no fraud loss fraud loss greater than .5%
SunTrust Bank, Member FDIC. © 2019 SunTrust Banks, Inc. SUNTRUST, THE SUNTRUST ONETEAM APPROACH and the SunTrust logo are trademarks of SunTrust Banks, Inc. All rights reserved.
UNDERSTANDING FRAUD
Businesses of all sizes are at risk for fraudulent activity, especially when their cash flow relies on paper payments. In total, 82 percent of organizations have experienced actual or attempted fraud, with one-third of those companies reporting an increase in fraudulent activity and less than 10 percent reporting a reduction in fraud.2
FRAUD BY THE NUMBERS
Losses when fraud strikes2
% of organizations that experienced payments fraud:
ACH debit and credit fraud attempts on the rise2
% organizations experienced actual or attempted ACH fraud:
Sources of fraud by payment method2
% of organizations that experienced attempted and/or actual payments fraud:
Ass
et
Mis
app
rop
riat
ion*
Con
sum
er F
rau
d**
Cyb
ercr
ime
Consumer ★ ★ ★ ★ ★ ★
Financial services ★ ★ ★ ★ ★ ★ ★
Industrial products ★ ★ ★ n/a ★ ★
Professional services ★ ★ ★ n/a n/a
Technology ★ ★ ★ ★ ★ ★
8% 66% 26%
17%
45% 43%
70%
Prevalence of paper check fraud incidents2
% of organizations that experienced check fraud:
experienced actual or attempted check payment fraud
Wire transfer fraud attempts2
% of organizations that experienced actual or attempted wire fraud:
exposed through Business Email Compromise (BEC)
experienced wire payment fraud
2018 2017
1 Pulling Fraud out of the Shadows, Global Economic Crime and Fraud Survey 2018, PricewaterhouseCoopers (PwC)2 2019 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals (AFP)
*Third parties or employees who steal funds or actual assets from company**Includes mortgage, credit card, claims and check fraud
1-5 incidents
6-10 incidents
21+ incidents
11 – 20 incidents
Most frequently reported fraud across industries1
% of organizations reporting this method of fraud in last 24 months
★ ★ ★ High risk ★ ★ Medium risk ★ Low risk
Check fraud
Wire fraud
ACH debits fraud
Corporate card fraud
ACH credit fraud
16%
20%
25%
38%
11 – 20 incidents
21+ incidents
6-10 incidents
1-5 inciden ts
28%
13%
33%
20%
ACH Debit
ACH Credit
20%
29%
33%
45%
70%
ACH credit fraud
Corporate card fraud
ACH debits fraud
Wire fraud
Check fraud
2
As technology advances, it is easier for companies to digitize their payments and financial tasks. Unfortunately, that means new opportunities for enterprising fraud criminals. External threats are still the primary fraud source; however, more than two-thirds of external fraud is conducted by “frenemies” – those vendors, suppliers and other businesses with whom you have a working relationship.1 These threats can materialize directly through a "frenemy's" illegal actions or as a result of a trusted vendor being manipulated by an outside fraudster. The threat from non-related cyber criminals is also on the rise, as fraud-as-a-service (underground fraud hosting services purchased as a subscription or for flat-rate fees) continues to proliferate with the rapid sharing and sale of information through underground channels.
The fraud threat doesn’t end with payments. Simple but lucrative social engineering attacks, such as phishing and ransomware along with more sophisticated data breaches and account takeovers, require vigilance. The good news is that technologies that protect against these increasingly frequent schemes are more common and more sophisticated. The bad news is that fraud criminals are innovating faster in the development and deployment of scams than countermeasures are being purchased and deployed by businesses.
Impact of business email compromise (BEC) fraud% of organizations that experienced BEC attacks:3
lost between Oct 2013 and May 20182
increased rate of incident4
$12.5B 200%
of that:
Experienced BEC
80%
Check fraud
20% Wire transfer
43%
FRAUD PROTECTION STRATEGIES
NEW AND RISING THREATS
BUSINESS EMAIL COMPROMISE (BEC)
Spoofed emails have become one of the most prevalent schemes used to hack into a business, accounting for a 136% increase in global dollar losses in less than two years.2 Criminals study a top executive’s email behavior, and with access to company directories, online calendars and email schedules, create an email that closely mimics the language and style of the executive. They send an
3
email instructing a subordinate to wire transfer money to a certain account – at a time when the “real” executive is in a meeting, traveling or simply unable to be contacted to confirm the instructions. For help combatting BEC, visit the Fraud Protection section of the SunTrust Resource Center.
BUSINESS IDENTITY THEFT
Consumer identity theft often takes center stage when breaches occur, but business identity theft is increasing at an astonishing rate – 46 percent year over year during 20174 – becoming an ongoing and growing concern for companies of all sizes. Fraud criminals steal company information, such as Employer Identification Number (EIN) and other identifying data, to commit a variety of financial, tax, website or trademark frauds. Most common are schemes to open card accounts, initiate wire transfers and commit tax fraud in the company’s name. Increased awareness, strong internal controls and vigilance in accounts review can help minimize identity theft. Conducting a risk assessment with your company's auditor, accounting or advisory firm can help identify weaknesses as well as point out the best ways to mitigate them.
SYNTHETIC FRAUD
Like business identity fraud, synthetic fraud combines real information, often stolen EIN or other business identifiers, and falsified information to create a completely new company identity. Harder to find and trace than business ID fraud, this new “synthetic” company can conduct many fraudulent activities, including becoming a guarantor for loans or lines of credit, before disappearing with its ill-gotten funds, leaving the unsuspecting company with the ensuing debt/liability. The SunTrust Resource Center Fraud Protection section provides additional strategies to fight fraud.
SunTrust Bank, Member FDIC. © 2019 SunTrust Banks, Inc. SUNTRUST and the SunTrust logo are trademarks of SunTrust Banks, Inc. All rights reserved.
1 Pulling Fraud out of the Shadows, Global Economic Crime and Fraud Survey 2018, PricewaterhouseCoopers (PwC)2 “Business E-mail Compromise, The 12 Billion Dollar Scam,” January 2018, Federal Bureau of Investigation3 2019 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals (AFP)4 Business Identity Theft in the U.S., 2018 Report, The National Cybersecurity Society (NCSS)
increase in number of fraudulent business returns to IRS 2016 - 2017
250%
increase in losses 2015 to 2016
200%
RISE OF BUSINESS IDENTITY THEFT4
4
Fraud comes from many sources, some internal and some external to your company. Regardless of the source, when you have assets on the move in the form of payables and receivables, your company is more vulnerable to fraud. Awareness of the tactics and scams that fraudsters commonly use and a thoughtful control environment around your payments processes make the best fraud deterrents.
HOW PREPARED IS YOUR COMPANY?
The prevalence and increasing incidence of fraud puts your company at risk every day, yet nearly half of organizations have not performed a general fraud risk assessment, and more than half have not assessed their cyber-attack vulnerabilities in the last 2 years.1 “Helping our clients reduce the risk of a financial loss due to fraud is paramount,” explains Michael Maza, Head of SunTrust Treasury & Payment Solutions. “Our solutions incorporate preventive measures such as account monitoring, identification of suspicious items and alerts to the client to make decisions on questionable transactions. The best defense is always a great offense, so we strive to detect potential fraud before it occurs.”
SUCCESSFUL FRAUD PREVENTION
Payment fraud prevention measures2
% of organizations using these measures:
Positive pay
Payee positive pay
88% 68%
You can put in place many simple procedures to help protect your company from fraud. The SunTrust Resource Center Fraud Protection section provides additional helpful information in the fight against fraud.
From a payment perspective, increasing the penetration of electronic payments and collections can be an asset in combating check fraud. “Many CFOs realize that they can mitigate paper payment risks as well as electronic fraud with a series of basic controls, such as automatic reconciliation of accounts, blocks and filters on ACH payments or instituting UPIC (Universal Payment Identification Code),” emphasizes Katie Saez, Head of Sales for Treasury & Payment Solutions at SunTrust.
FRAUD PROTECTION STRATEGIES
FRAUD PROTECTION STRATEGIES
Segregation of accounts
72%
Daily reconciliations/other internal
processes
68%
5
USING TECHNOLOGY TO YOUR ADVANTAGE
More advanced technology brings an efficiency boost to payments and financial processes; however, those improvements come at the price of increased risk of attack by fraudsters. This is the double-edged sword of technology: no matter how many improvements are made, there will always be fraud criminals out there ready to try to beat your systems with newly-engineered attacks. As new technologies and systems are deployed, their weaknesses haven’t been mapped and defensive strategies have yet to be devised. It is precisely for this reason that it is vital that companies partner with their accounting, audit or advisory professional services firm to assess new technologies for their impact on fraud risks.
Fighting fraud needs a combination of process and technological solutions. The first step involves staff education about the importance of fraud detection and prevention. According to David Sawyer, a Certified Fraud Examiner and Managing Director at Sawyer & Co.,
“Many organizations don’t train managers or employees to understand why rules are put in place. Sometimes employees will override policies and procedures that were put in place for a reason that they don’t understand.” Workers often just want to get the job done and may see protective procedures as barriers. One-time “workarounds” to circumvent these barriers can, over time, become business as usual, providing weaknesses for fraud criminals to exploit.
Managers are responsible for addressing internal fraud by setting up the controls and designing fraud training. Responsibility extends equally to employees who must follow fraud prevention procedures and be on the lookout for signs of fraud. “Internal controls have to be embraced, not only from the board room, but they have to extend all the way down to the mail room,” says Sawyer.
The second step in thwarting fraud reduces opportunity by separating duties, reconciling accounts daily and using positive pay or reverse positive pay services for all paper checks. Don’t neglect the “frenemies” threat either. Pay close attention to vendor on-boarding and compliance to ensure fraud protection controls are in place within vendor organizations. Your strategic and operational partners
should have business practices that mirror yours; monitor technology connections and data access; and use strong security defenses.
Accept and make more payments electronically as one means to reduce vulnerabilities from human touches. Innovative solutions such as Virtual Cards, which remove the need for a physical card by providing the payee with a unique secure token to access payment, improve the likelihood of more secure payments. Adding restrictions and controls to electronic debits from your accounts also helps create a more secure environment for payments. The SunTrust Resource Center Fraud Protection section provides additional strategies to prevent and detect fraud.
SunTrust Bank, Member FDIC. © 2019 SunTrust Banks, Inc. SUNTRUST and the SunTrust logo are trademarks of SunTrust Banks, Inc. All rights reserved.
1 Pulling Fraud out of the Shadows, Global Economic Crime and Fraud Survey 2018, PricewaterhouseCoopers (PwC)2 2019 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals (AFP)3 Report to the Nations on Occupational Fraud and Abuse Global Study, Association of Certified Fraud Examiners (ACFE), 2018
Red flags of occupational fraud3
1. Living beyond means
2. Financial difficulties
3. Unusually close association with vendor/customer
4. Control issues, unwillingness to share duties
5. Divorce/family problems
6. “Wheeler-Dealer” attitude
Identifying occupational fraud3 % of organizations experiencing fraud identified these employee behaviors:
*Acct. reconciliation, document examination, surveillance, confession, and others
Fraud detection methods3
% of U.S. organizations where this method initially detected fraud:
Tip
Other*
Management review
Internal audit
Accident
Multiple red flags
At least one red flag
No flags
50%35%
15%multiple red flags
at least one red flag
no flags
37%
27%
14%
13%9% Tip
other
Management Review
Internal auditAccident
DETECTING FRAUD SCHEMES
6
LIMITING THE FIVE PRIMARY FRAUD THREATS
Check fraud The threat:
• #1 in fraud attempts
• 70% of companies targeted noted check fraud #1
• # of check fraud incidents: 38% 1-5 incidents 25% 6-10 incidents
Solution Positive Pay
How it provides fraud protection
Flags discrepancies against company-supplied, check-issued files to verify the authenticity of checks presented
How it works• Validates against issued date, check number and amount; verifies payee name • Provides automatic pay/return defaults
What it solves
• Quickly identifies check fraud, reducing losses • Notifies of discrepancies through online banking • Provides for online banking pay or return decisions • Reduces staff workload
Wire fraud The threat:
• #2 in fraud attempts
• 45% of companies targeted noted wire fraud
Solution SunView Treasury Manager®
How it provides fraud protection
Execution through online banking provides for multiple levels of control: • Names of wire requestors must match the authorities designated in writing and stored
within the bank's wire facility • Requires user ID and password for login • Requires Trusteer Rapport with keystroke encryption and malware deactivation • All wires require dual approval
How it works
• Wire transfer authorities are approved by the company’s designee (account signer) and submitted to the wire facility
• Wire transfer capability is set up through SunView Treasury Manager giving access to approved initiators/approvers in accordance with the wire facility instructions
What it solves
• Reports are available in real time • Both incoming and outgoing wire information can be pushed to designated staff through
SunTrust Online Courier® at pre-defined thresholds • Allows for the building of wire templates for repetitive wires, decreasing errors and fraud
Account fraud The threat:
• 82% of organizations have experienced fraud
Solution SunTrust Online Courier®
How it provides fraud protection
Provides real-time notification of transaction and balance detail
How it works• Creation of online profiles allows selection of reports, alerts and desired format • Automatic “push” via FTP, PC download, dial-up or fax • Optional wireless alerts to smartphone
What it solves• View transaction detail for potential fraud detection • Monitor account balances for significant changes
ACH fraudThe threat:
• 33% of ACH fraud was due to ACH debits; 20% due to ACH credits
Solution ACH Fraud Control
How it provides fraud protection
Places blocks and filters on all or specifically-identified ACH transactions in designated accounts
How it works
• Ability to block all debits, credits, or both • Approve/decline ACH transactions on occurrence date with Online ACH Control • Reporting via SunTrust Online Courier each morning • Set up specific standing authorizations at the transaction level to allow for payments
like federal taxes, corporate healthcare and other self-insured payments managed by a third party
What it solves• Reduces losses • Improves control over ACH transactions and enhances ACH usage • Minimizes cost
Solution UPIC — Universal Payment Identification Code
How it provides fraud protection
Provides user with a universal routing transit number and a unique proxy account number that can be supplied to payers for incoming ACH payments
How it works• Bank issues a UPIC to relay to trading partners • Transactions using proxy account number automatically routed to correct account upon
receipt of incoming ACH payments; systematically blocks debits
What it solves
• Provides receivables alternative • Accommodates clients who want to remit payments electronically and provide payment
data through EDI (Electronic Data Interchange)• No change in payment routines for trading partners • Blocks sensitive proprietary account information
Source for fraud threat statistics: 2019 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals (AFP)
7
SunTrust Bank, Member FDIC. © 2019 SunTrust Banks, Inc. SUNTRUST, ENTERPRISE SPEND PLATFORM, ESP EXPRESS, SUNTRUST ONLINE COURIER, SUNVIEW TREASURY MANAGER, and the SunTrust logo are trademarks of SunTrust Banks, Inc. All rights reserved.
Source for fraud threat statistics: 2019 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals (AFP)
Corporate card fraud The threat:
• #4 in fraud attempts
• 29% of companies targeted noted corporate card fraud
Solution Enterprise Spend Platform®
How it provides fraud protection
Provides a comprehensive online card management application for managing Travel & Entertainment (T&E), procurement and payables processes for Corporate and Purchasing cards
How it works
• Enhanced reporting to: - Implement pre- and post-purchase controls - Audit spending - Manage program
• Allows for: - Customizable business rules and workflow - Transactional review and “decisioning” - Electronic attachment of receipts/expense reports
What it solves
• Improved spending controls with online account monitoring • Increased control with built-in alerts, email rules and audit features • Online access to automatically activate/deactivate cards and raise/lower individual
spending limits
Solution ESP Express®
How it provides fraud protection
Provides an easy-to-use online card management application for Commercial One Card
How it works• View and manage cardholder detail and accounts • View both transaction detail and statements at the card level
What it solves • Improved spending controls with online account monitoring • Online access to automatically activate/deactivate cards and raise/lower individual
spending limits
Solution Virtual Card
How it provides fraud protection
Provides protection of a client’s Real Card Number (RCN) by creating a unique 16-digit Virtual Card Number (VCN) for a single transaction payment
How it works
• Supplier submits invoice to Buyer• Buyer submits a payment request through Enterprise Spend Platform• An authorization and its associated VCN is created for the total amount of the invoice• Secure email notifications with payment data are automatically triggered and sent
to Supplier• Supplier processes approved amount through Point of Sale (POS) system• Transaction is matched using the VCN, and posted in Enterprise Spend Platform via RCN
What it solves
• Removes the need for a physical card• Eliminates loss or theft of card• Enhanced control over cards and spend with specific authorization limits• VCN expires after 60 days if unused• Reduces exceptions with one to one match of invoice(s) and payment
The SunTrust Resource Center Fraud Protection section provides additional strategies to fight fraud. (suntrust.com/resource-center/commercial-corporate/fraud-protection)
8
SunTrust Bank, Member FDIC. © 2019 SunTrust Banks, Inc. SUNTRUST, THE SUNTRUST ONETEAM APPROACH, ENTERPRISE SPEND PLATFORM, ESP EXPRESS, SUNVIEW TREASURY MANAGER, SUNTRUST ONLINE COURIER, and the SunTrust logo are trademarks of SunTrust Banks, Inc. All rights reserved.
Contact your SunTrust Relationship Manager or Treasury Sales Officer to discuss your business plans for smart growth and your payments needs. The SunTrust OneTeam Approach® delivers end-to-end financial solutions that help simplify financial management and point to ways your business can grow and succeed.
GETTING HELP TO KEEP FRAUD AT BAY
TO FIND OUT MORE , call your SunTrust Relationship Manager or visit the SunTrust Resource
Center for more information at suntrust.com/resource-center/commercial-corporate.
9
top related