Payment threat trends

| 12-6-2017 | Lionel Pavey |

In the article ‘payment threat trends’ on FinExtra.com you can read that the European Payments Council provides an insight into the latest developments on threats affecting payments, including cybercrime. You can also download the document, which is divided in two sections. One analyses threats including denial of service attacks, social engineering and phishing, malware, mobile related attacks, card related fraud, botnets, etc… Another section aims to include early warnings on threats related to emerging technologies which could lead to potential fraud, including cloud services and big data, internet of things and virtual currencies.

Payment policies

Generally, companies will have a secure, written policy for making payments. These will be generated from the purchasing and bookkeeping systems and should be reconciled. Beneficiary static data should be restricted to view only for the staff – only authorized staff can make and amend the data.
Payments relating to creditors should only be processed if a purchase order has been originated internally and is approved. All payments should be uploaded to recognized bank systems and verified with a six-eyes doctrine.

The biggest area of concern relates to electronic payments outside of the abovementioned process – namely via credit cards. If inventory levels are not correctly monitored then it can occur that a one-off purchase order is made. Payment should be made through a recognized payment provider such as Ideal or PayPal. Furthermore, the issuing of credit cards to key personnel leads to many more risks that can not be directly controlled by the company.

Risks for companies

When using a credit card in a public area, there are a few obvious dangers:

  • Card being stolen
  • Open WIFI in the area
  • Skimmers applied to hand held card devices

Up to now, the majority of payments have occurred on stand-alone bank software. As we enter the electronic age of disintermediation, there are many companies offering payment services. Blockchain and bitcoin are the obvious examples. No system is completely secure but, in the past, banks have made good on any loses if it was shown that the banks systems were at fault. However, hacking into Blockchain wallets and taking electronic coins has occurred and the losses are not covered as they are not run by banks or governments.

For a company this leads to direct risks such as monetary loss, fraud and loss of reputation. Also of concern is the danger of company data being stored by external third parties.

Clearly defined doctrine

Despite all the technological advances being made that make payments easier, companies need to stick to a strong clearly defined doctrine for payments:-

  • Only payments via purchasing and bookkeeping systems
  • Restricted use of credit cards
  • Elimination of petty cash
  • Secure protection of the static data relating to creditors
  • Payments offered only through recognized bank software

Blockchain

Blockchain is a reality – its uses go far further than just payments. The technology can not be stopped – the major issues (in my opinion) revolve around the electronic currencies (Bitcoin).
Companies would do well to investigate the advantages that Blockchain offers and consider how it can be implemented within a company. Some of the potential uses include compliance, insurance, finance, energy, supply chain management, human resources, accounting, data, taxes etc.

As for payment threats – stay alert, identify and manage risks, and keep abreast of changes.

Lionel Pavey

 

Lionel Pavey

Cash Management and Treasury Specialist


Safety of payments

Payment fraud – Leoni case