Tag Archive for: cybercrime

Trending treasury topics from the Treasury Barometer 2019

| 29-11-2019 | Enigma Consulting | Bas Kolenburg

While the treasury has always managed changes in both financial markets as in the businesses, the pace at which changes now need to be managed is accelerating. In a time of increased digitalisation, payments acceleration and new business models in the whole value chain of payments processes and bank connectivity, treasurers are becoming increasingly keen to leverage on the opportunities.

Treasury Barometer – the report

In the 6th edition of the Treasury Barometer, developed by Enigma Consulting and Rabobank, the trending topics that are shaping the treasury in 2019 and beyond have been explored drawing on feedback from the survey held in mid-2019. This report presents the latest trends and developments and provides a unique and representative understanding of the Dutch corporate treasury landscape.

The Editor Panel consisting of 6 members of the Dutch treasury community,  set the direction of this year’s Treasury Barometer and to monitor the quality and relevance of the content. The 4 content-interviews were again a great added value to the results of the survey, as they gave more insight into the subjects.

Trending treasury topics

This year’s edition walked readers through many of the hot topics that the treasury face nowadays.

Fraud & Cybercrime

Fraud & Cybercrime are actual trending topics as the treasurers are still trying to find the right responses to the increased cyber and (payment) fraud activity, advanced technology techniques and social engineering that is being used nowadays. Although an astonishing 82% treasury departments have been a victim of attempted or actual payment fraud/cybercrime, only 5% of the fraud (attempts) are being reported to the police. People seem to be afraid to be open about the fact that this happened to them so that it will be difficult for the police to solve fraud cases committed by large scale operating gangs.

KYC requirements

Because of the focus on anti-money laundering (“AML”) and the financing of terrorism (“CFT”), there is a lot of pressure on financial institutions to meet their compliance expectations, being forwarded to their clients in the form of increased KYC requirements and more intensive transactions screening.
From all respondent , 91% see that the increased KYC requirements are hindering operational efficiency, the growth and the management of its business and even 24% of all respondents has considered changing banks due to bank-specific KYC processes.

LIBOR phase out

The LIBOR phase out effect will be temporary but will lead to a total rebuilding of the bank’s infrastructure which will be pushed through to their corporate clients, who are just beginning to become aware what is ahead of them. The Barometer reported that only 42% have performed an impact analysis and even 15% was not aware of the LIBOR phase out at all. Industry experts recommend that corporates perform an impact analysis and become operationally ready for the IBOR phase out as soon as possible.

Technology/Innovation

The instant payments schemes and new technology around the world are transforming treasury departments into a world of real time 24/7 liquidity, based on a shift towards more centralised control with local empowerment. With new business models in the whole value chain of payments processes and bank connectivity, banks are rapidly embracing innovations and developing fintechs. The adoption in treasury departments is a mixed bag with an increasing group of early adopters, but also a large group that has difficulties to steer away from current older technology and interfaces.

Treasury Barometer results

Sustainability seems to be established as a core value and has moved beyond the initial hype, but the results of the Barometer showed no increased activity.

Bas Kolenburg from Enigma Consulting concluded: “From this year’s Treasury Barometer, the Fraud, KYC, LIBOR and Technology/Innovation themes are clearly very much on the radar of Dutch corporate treasurers and we are confident that this year’s report is motivating and inspiring for treasury departments. We aim with the Treasury Barometer not to provide an one-way publication but that this will be part of a multi-stakeholder conversation with the Dutch treasury community. The invitation is therefore open for persons to be engaged in future editions of the Treasury Barometer”

The full report is available for download here.

 

 

Bas Kolenburg

Senior Consultant at Enigma Consulting

 

Payment threat trends

| 12-6-2017 | Lionel Pavey |

In the article ‘payment threat trends’ on FinExtra.com you can read that the European Payments Council provides an insight into the latest developments on threats affecting payments, including cybercrime. You can also download the document, which is divided in two sections. One analyses threats including denial of service attacks, social engineering and phishing, malware, mobile related attacks, card related fraud, botnets, etc… Another section aims to include early warnings on threats related to emerging technologies which could lead to potential fraud, including cloud services and big data, internet of things and virtual currencies.

Payment policies

Generally, companies will have a secure, written policy for making payments. These will be generated from the purchasing and bookkeeping systems and should be reconciled. Beneficiary static data should be restricted to view only for the staff – only authorized staff can make and amend the data.
Payments relating to creditors should only be processed if a purchase order has been originated internally and is approved. All payments should be uploaded to recognized bank systems and verified with a six-eyes doctrine.

The biggest area of concern relates to electronic payments outside of the abovementioned process – namely via credit cards. If inventory levels are not correctly monitored then it can occur that a one-off purchase order is made. Payment should be made through a recognized payment provider such as Ideal or PayPal. Furthermore, the issuing of credit cards to key personnel leads to many more risks that can not be directly controlled by the company.

Risks for companies

When using a credit card in a public area, there are a few obvious dangers:

  • Card being stolen
  • Open WIFI in the area
  • Skimmers applied to hand held card devices

Up to now, the majority of payments have occurred on stand-alone bank software. As we enter the electronic age of disintermediation, there are many companies offering payment services. Blockchain and bitcoin are the obvious examples. No system is completely secure but, in the past, banks have made good on any loses if it was shown that the banks systems were at fault. However, hacking into Blockchain wallets and taking electronic coins has occurred and the losses are not covered as they are not run by banks or governments.

For a company this leads to direct risks such as monetary loss, fraud and loss of reputation. Also of concern is the danger of company data being stored by external third parties.

Clearly defined doctrine

Despite all the technological advances being made that make payments easier, companies need to stick to a strong clearly defined doctrine for payments:-

  • Only payments via purchasing and bookkeeping systems
  • Restricted use of credit cards
  • Elimination of petty cash
  • Secure protection of the static data relating to creditors
  • Payments offered only through recognized bank software

Blockchain

Blockchain is a reality – its uses go far further than just payments. The technology can not be stopped – the major issues (in my opinion) revolve around the electronic currencies (Bitcoin).
Companies would do well to investigate the advantages that Blockchain offers and consider how it can be implemented within a company. Some of the potential uses include compliance, insurance, finance, energy, supply chain management, human resources, accounting, data, taxes etc.

As for payment threats – stay alert, identify and manage risks, and keep abreast of changes.

Lionel Pavey

 

Lionel Pavey

Cash Management and Treasury Specialist


Safety of payments

Payment fraud – Leoni case

How to combat Payment Fraud

| 29-3-2017 | Mark van de Griendt | sponsored content |

 

Payment Fraud is one of the biggest threats to a treasurers’ reputation and career path in an organization. One of the most common ways to reduce payment fraud is to reduce human intervention and to increase the levels of automation in payment structures. With cyber-attacks and payment fraud regularly making headlines, treasurers must be vigilant in safeguarding financial assets. Only 19% of treasurers list cybersecurity as a critical concern. By contrast, 45% of CFOs name cybersecurity as a priority, pointing to a significant misalignment in CFO and treasury agendas in this regard (PWC Global, 2017).


That is why it’s really important for treasurers to know what they can do to reduce payment fraud. There are two ways to lower the risk of payment fraud in payment processing:

  • Increase the level of Straight Through Processing
  • Implement a Payment Hub

Higher level of Straight Through Processing
Corporates sometimes have hundreds of banking relationships and thousands of bank accounts, all managed manually on spreadsheets. Redesigning these treasury processes based on STP creates an integrated treasury workflow that streamlines processes effectively and provides treasurers with timely access to financial information. No more manual entries, no more errors.

Implementing a Payment Hub
A centralized payment platform combats payment fraud while also ensuring treasurers of having the money they need to manage day-to-day business obligations.

Some key benefits include:

  • Centralized monitoring and control
  • Flexibility and efficiency in payments
  • Reduced banking costs
  • Global Visibility
  • Easy access and more transparency

Please refer to our company page on treasuryXL or contact Mark van de Griendt if you’d like to receive more information about reducing payment fraud by a corporate payment hub.

 

Mark van de Griendt

Cash Management Expert at PowertoPay

Payment fraud – how companies can protect themselves

|13-2-2017 | Joerg Wiemer | sponsored content |

Information about the opportunities and risks of digitalization is widely spread. In general, risks occur when there is a chance of losing a competitive advantage or falling behind.  However, one of the biggest risks is without doubt cybercrime. Attacks on IT systems worldwide increased yet again by 38 percent in 2015, according to the consulting firm PwC in their “Global State of Information Security Survey 2016”. If these attacks are aimed at the payment transactions of a company, the entire existence of the organization is easily threatened. Therefore, security measures in treasury and payments processes should be at the very top of the agenda. Jörg Wiemer, CSO of TIS, explains how companies can ensure increased security.

In general, when does a risk exist for companies during payment transactions?

JW: In principle, in any situation that involves a lack of transparency across bank relationships and activities. In these cases, cash positions and liquidity are not clear. Let’s assume that a branch transfers ten million dollars at the beginning of the month. If these bookings rely on manual processes and the balance is only checked once at the end of the month, it takes a full thirty days until the fraud is detected. Time is literally money.  By monitoring treasury in real time, it is possible to detect these procedures much earlier, thereby solving them in many cases.   

It can take a lot of time until the head office of the branch gains knowledge about such cases.

JW: This is the heart of the problem: The prevailing regional division of labor makes it easy for fraudsters. If the account statements in paper are collected locally in each branch, it takes weeks until those responsible in the head office notice that an account statement is missing, and with it, the positions written on it. This is exactly why a company should collect all account statements from every bank account worldwide automatically and assess liquidity positions in real time with a software like TIS.

What else facilitates frauds?

JW: Fraud can occur if there is no complete overview of the electronic signing authorities, if there is no dual control principle during payment transactions or during the administration of payment recipients and, in general, during every user administration, which is particularly prone to fraud. These are the typical gateways.

How can I detect that I am at an increased risk?

JW: One reliable indicator of a low level of security in payment transactions is a high amount of manual transactions. Normally, the assumption is that every payment has to be recorded in the accounting system according to the best practices – no booking without receipt, and no payment without a previous booking. Nevertheless, under certain circumstances, there are deviations and exceptions of this principle. The key term here is “exception handling”, which results in a manual payment. An exemption is necessary for these cases, which includes comprehensive process documentation. The possibility of recording and authorization of non-automatic payments should be restricted to certain recipients of the payment and internal user groups. Furthermore, the user should only be allowed to use unchangeable payment templates that have been approved in advance.

How can companies reduce risks?

JW:  A general rule is to standardize and and automate processes across the group of companies! Payment related tasks can be executed on local level, however, based on a standardized and automated process. A central directory of every existing account and a payment governance should be mandatory for every company. Security in payment transactions begins with the professional management of the bank accounts. Otherwise, those responsible run the risk of fraudulent payments through accounts that are not registered in the ledger. The next step is to centralize the payment transactions. Digital payment platforms like TIS pool the cash flow and standardize and automate it. This way, payment procedures and the cash flow are controllable at all times.

What has payment looked like in practice up until now?

JW: Heterogeneous and confusing. Companies have a lot of different systems in each part of their organization and they use different e-banking tools to connect to the banks. The SAP system then generates payments. This is complicated and complex and there are many different protocols and formats. This is the reason for high costs as well as increased fraud risk.

In light of this, which solution approach does TIS pursue?

JW: We provide a payment transactions platform especially for medium and large-sized companies in any industry. The platform connects their accounting system with the respective bank. It then operates between the core systems – which the client does not have to change –  and the bank. Therefore, the platform is the single point of contact, allowing all automated and standardized payment transactions to be combined in a uniform way for the entire company. This makes the management, monitoring and assessment of payment transactions tremendously easier.

The TIS solution runs completely in the cloud. What about the topics of control and secure data storage?

JW: A server as such is either secure or not secure, no matter if it runs in the cloud or in your own house. It is also possible to dial into an in-house server with the banking tools of a company from anywhere as long as the person has the appropriate authorization or the right amount of criminal energy. This is why the server has to be permanently protected from non-authorized access with a high level of modern technology. The big data centers, with which TIS also cooperates, have totally different possibilities than a single company. Let me say a few words regarding the topic of online banking:  the idea that banking tools on a private notebook which runs offline are somehow more secure is an illusion. This computer provides a much bigger gateway for viruses and Trojans than any e-banking solution that runs in the cloud. It speaks volumes, that the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) has recently started receiving a much higher amount of reports from the general public regarding e-banking frauds.

The right software is one part, but what can be done to ensure risk is handled correctly and that the right methods of payments processing are put into place?

JW: Good governance must be established and implemented. Companies need globally valid rules for their payment transactions with detailed guidelines on the following: how accounts are managed, who can open new accounts, who must give permission for this, and the documentation necessary to do so. There are always bad examples for what can happen if the company does not follow the guidelines. Remember the case of the automotive suppliers Leonie mid-2016? Cybercriminals acquired documents and assumed somebody else’s identity. They were then able to divert 40 million euros from accounts of the company to accounts abroad.

My advice on how to minimize risk? Establish governance guidelines and use a central platform for the management of bank accounts and payment transactions. Through automated and standardized processes, companies can protect themselves against manipulation and fraud and, ultimately, the loss of money.

If you are interested to read more about this topic please click on security in payments

joerg wiemer

 

Joerg Wiemer

CSO and Co-Founder of  Treasury Intelligence Solutions GmbH ( TIS)