fraud Archives - Page 5 of 5 - treasuryXL

Tag Archive for: fraud

Identity fraud, COVID-19 and the Pivotal role of Digital Identity

16-11-2020 | treasuryXL | Refinitiv |

Financial crime, including identity fraud, is growing as sophisticated criminals exploit the ever-expanding capabilities of emerging technology. The COVID-19 crisis has only served to increase opportunities for criminals to benefit from fear, uncertainty and desperation, but digital identity solutions offer banks and financial institutions (FIs) a chance to fight back.

Financial crime and identity fraud: fueled by the digital revolution

As digital connectivity continues to redefine every aspect of our lives, quick, seamless digital experiences have come to embody our new normal. This digital revolution is being driven by a host of interconnected factors, including a changing regulatory landscape and emerging technology that creates an environment with low barriers to entry. Other factors are also at play, including ever-increasing connectivity between entities, increased cross-border activity, and tech-savvy consumers who demand choice, fairness, flexibility, and an omnichannel experience across all areas of their lives. Consumers accustomed to digital retail experiences expect the same 24/7/365 digital experience in other areas of their lives, such as banking and wealth management. Moreover, they increasingly expect tailored, highly personalized experiences.

The result of enhanced connectivity, convenience and increased consumer engagement is a real need to protect against highly sophisticated financial criminals who are harnessing the same digital capabilities to defraud both organizations and individuals. Put simply, the technological advancements that make our lives easier can also benefit criminals, making it easier for them to commit financial crime. According to the World Economic Forum, fraud and financial crime constitute a trillion-dollar industry, and private companies spent approximately US$8.2 billion on anti-money laundering (AML) controls alone in 2017.

Refinitiv’s own research, presented in our 2019 report, Innovation and the fight against financial crime, confirms that financial crime is indeed pervasive and costly. Our findings were collated from a survey of more than 3000 managers with compliance-related responsibilities at large global organizations. We found that nearly three-quarters (72%) of respondents were aware of financial crime taking place in their global operations during the 12 months preceding the survey, even though the same companies spent an average of 4% of turnover on customer and third-party due diligence checks. Looking specifically at identity fraud, the Federal Bureau of Investigation (FBI) has revealed that synthetic identity fraud – where criminals manufacture a new identity using both legitimate and false information – is the fastest growing crime in the U.S.2

COVID-19 has upped the ant

Following the rapid spread of the epidemic , financial crime has accelerated as criminals have found new opportunities to exploit fear, uncertainty and desperation. The FBI provides various innovative examples relating to how criminals are using COVID-19 to defraud individuals, including government impersonators who aim to extract personal information for illegal purposes. And work-from-home fraud, in which victims are asked to send or move money, effectively becoming money mules and enabling criminals.

Forward-thinking banks and FIs are already beginning to accelerate their existing digital transformation programs to mitigate the higher levels of risk anticipated during and after the pandemic. In particular, we expect a significant uptick in the use of digital onboarding and digital identity solutions as more consumers are forced to transact online as a result of lockdown and social distancing requirements; choose to do so for fear of contracting or spreading the virus; and/or are seeking better security when asked to prove their identity.

Even before the pandemic, many firms were increasingly using digital innovation to fight financial crime, including digital identity solutions in the client identification space. Digital identity solutions offer fast, reliable digital identity verification and screening; transcend geographies; boost operational efficiency; and remove the human error factor. Moreover, digital identity helps financial institutions optimize compliance models, improve risk mitigation and protect customers from identity fraud. As the world grapples with the effects of the pandemic, banks and FIs have a real and immediate opportunity to review their systems and controls, while simultaneously accelerating digital transformation and moving away from old-school manual Know Your Customer (KYC) processes.

The far-reaching effects of identity theft

Organizations across the financial services industry are facing a range of common challenges, including rising competition, tightening margins, strict regulatory expectations, the need for greater operational efficiency, and pressure to reduce costs. There is the added fundamental requirement to ensure that the client experience is positive. Customer abandonment levels remain unacceptably high, with over half (56%) of consumers in the UK abandoning bank applications in 2018. Our research suggests that traditional KYC and due diligence processes – which can be time-consuming, inefficient and costly – have contributed to this.

While firms are increasingly aware of the need to ensure better experiences for clients, they also need to consider the ever-growing security threats such as large-scale data breaches, phishing and social engineering attacks. These crimes have made it easier for fraudsters to assume the identities of legitimate account owners via account takeover fraud. The impact of identity fraud is far-reaching, with victims experiencing both financial and psychological damage that can severely impact their behavior and future brand loyalty.

There is therefore an urgent need for banks and FIs to prioritize customer identity protection alongside the accepted need to ensure a positive experience. Many banks and FIs are not moving fast enough to address this issue – and need to become more aware of the wider social risks of identity fraud.

On a more positive note, a highly encouraging finding from our survey was that technology, including digital identity solutions, is increasingly able to help organizations fight back against financial crime while improving client relationships. A significant 94% of survey respondents agreed that the technology they use to detect financial crime is also enhancing customer engagement.

Digital identity: who can benefit?

Digital identity solutions continue to grow in popularity and offer numerous benefits to different industry participants, including retail banks and wealth managers.

Retail Banking

Retail banks, for example, can benefit from enhanced speed, efficiency and security when using digital onboarding and digital identity solutions during customer account opening, where it is necessary to verify and prove the identity of new customers who apply for new bank products and services. Digital identity is also invaluable for customer re-verification and authentication in instances where existing customers seek to make changes to their personal information.

Wealth management

Turning specifically to the wealth industry, the benefits are equally clear. The wealth arena is operating against a backdrop of unprecedented uncertainty as wealth transfer from baby boomers to millennials brings far-reaching changes to business models, in line with the expectation that a new generation requires new strategies and alternative data.

We commissioned research from global research and advisory firm Aite Group, which collated the findings from executive interviews with leading wealth management firms around the globe. The research found that 100% of respondents consider wealth transfer to be one of their top-three concerns. This report also revealed that financial advisors are becoming less product-focused and more relationship-oriented. As the wealth industry continues to shift away from products and towards services, the role of financial planning is taking center stage in the client/advisor relationship. Advisors are increasingly shifting focus from administrative duties and investment selection to client service. Digital identities can enable the shift of work from financial advisor to less expensive parts of the value chain, enabling them to concentrate on areas of added value.

A strong belief in technology

Our research shows that firms overwhelmingly believe in the power of technology in the fight against corruption: 97% of all respondents in our innovation survey said that technology can significantly help with financial crime prevention. There are of course still challenges in adopting digital solutions – nearly three-quarters (73%) reported concerns or obstacles when harnessing technological advancements to reduce risks and costs.

Respondents revealed that only about half (51%) of the data and legal documentation needed to carry out due diligence is obtained, but creating more difficulties, only 54% of this is in a digitized format. While remedies will take time, the digitization outlook is positive with 60% of organizations prioritizing automation and digitization for investment. Respondents indicated that spending on customer and third-party due diligence checks was expected to increase by 51% in the year following the survey, with technology being the biggest investment area. This data was gathered prior to the onset of COVID-19 and is expected to accelerate further as a result.

Digital identity solutions deliver diverse benefits

Digital identity solutions tick many boxes, including:

Faster turnaround times. Using digital identity accelerates the pace of business, benefits all stakeholders, and means that banks and FIs can onboard and service more customers, more efficiently.
Improved accuracy. Human error is unavoidable in manual identity procedures, but digital equivalents reduce manual keying errors, ultimately leading to better compliance.
Better security. Old school security features, including passwords and knowledge-based authentication (KBA), not only cause high levels of frustration among clients, but are also often unsecure.
More streamlined operational costs. Digital identity solutions boost efficiency levels, leading to more optimal deployment of resources and cost savings.
A more favorable customer experience. Faster turnaround times, fewer touch points and a seamless digital experience all contribute to higher levels of customer satisfaction.

Refinitiv’s digital identification and verification solution, Qual-ID delivers in each of these areas. Built specifically for FIs, Qual-ID enables secure, digital identity verification and screening to boost compliance team efficiency. The solution focuses exclusively on consumer identity. Qual-ID helps with identity verification, document verification, enables anti-impersonation checks to be performed in a variety of robust yet consumer friendly ways.Qual-ID also leverages our market-leading World-Check Risk Intelligence Database to enable screening for financial crime risk within the same solution.

World-Check delivers accurate and reliable information compiled by hundreds of specialist researchers and analysts across the globe, adhering to the most stringent research guidelines as they collate information from reliable and reputable sources, including watch lists, government records and media searches. Incorporating World-Check capabilities into Qual-ID means that customers can verify identity against trusted sources, proof legal documents and screen for regulatory and financial risk – all in one transaction, via one API.
This unique combination of elements delivers a holistic digital identity and screening solution that assists our clients to comply with their legal and regulatory requirements at the time of onboarding.

Technology’s significant and tangible impact

Only 53% of respondents in our innovation survey confirmed that they conduct KYC checks on client identity during onboarding but worse still, only 46% of these checks are considered successful. While these figures are alarmingly low, our research did reveal that those organizations that use technology are almost twice as successful at performing KYC checks on client identity (47%) as their counterparts who don’t use technology (28%). These findings are a clear indication of the significant, tangible impact that the right technology can have in the client identity space, and ultimately in thwarting financial crime.

What is certain is that the digital transformation will continue to gather momentum – digital commerce is expected to grow globally at more than a 20% CAGR by 2022, reaching nearly US5.8 trillion in value. Alongside this growth, another certainty is that sophisticated criminals will continue to exploit emerging technology to advance their illicit activity, both now and after the COVID-19 pandemic. Forward-thinking banks and FIs must therefore harness the power of the best available technology and solutions to prevent financial crime and protect their customers – and digital identity solutions offer an immediate opportunity for success in this critical area.

Kyriba Webinar: Modernising Global Corporate Payments to Prevent Fraud

04-11-2020 | treasuryXL | Kyriba |

These last few months have highlighted that Payments Fraud continues to be a major problem, with fraudsters quick to leverage the global pandemic, with the amounts involved considerable.

In this session Kyriba’s Paul Simpson will be joined by Helen Alexander from SWIFT and James Bushby from MasterCard, to explain what institutional payment fraud is, with a specific focus on the technology and processes that treasury and finance teams can employ to minimise risk.

In particular, the agenda will follow:

What institutional payment fraud is and the internal processes and technology to consider, with SWIFT
How a payment hub mitigates against Fraud for Corporates, with Kyriba
Introduction to how MasterCard is helping fight Financial Crime

Register your place by filling in the form to your right and we will be in touch!

Date:

November 12th, 09:30- 10:30 (CET)

Contact:

[email protected]
+44 (0)20 3965 1870
Website

Webinar | July 16 | Mitigating Fraud With a Corporate Payment Hub

| 22-06-2020 | treasuryXL | Kyriba |

In today’s changing IT environment, we see more corporates exposed to the risk of fraud, due to legacy controls and manual processes. With many companies applying a new ‘working from home’ strategy, the risk of fraud is bigger than ever before.

During this webinar we will hear:

How does a payment hub support you in mitigating fraud?
What is rules based fraud detection?
Why is machine learning an important part of our fraud detection?
How does fraud detection fit in your overall payment processes?

Paul Simpson, Strategic Payments Director at Kyriba, together with Value Engineer, Alroy D’Cruz, will discuss these most important questions and will give you an insight on how Kyriba is supporting over 2,300 of your peers worldwide with our SaaS Payment Fraud solutions.

Presenters:

PAUL SIMPSON

Strategic Payments Director, Kyriba

ALROY D’CRUZ

Value Engineer, Kyriba

Submit on the registration page and save your place.

About Kyriba

Kyriba empowers CFOs and their teams to transform how they activate liquidity as a dynamic, real-time vehicle for growth and value creation, while also protecting against financial risk. Kyriba’s pioneering Active Liquidity Network connects internal applications for treasury, risk, payments and working capital, with vital external sources such as banks, ERPs, trading platforms, and market data providers. Based on a secure, highly scalable SaaS platform that leverages artificial and business intelligence, Kyriba enables thousands of companies worldwide to maximize growth opportunities, protect against loss from fraud and financial risk, and reduce costs through advanced automation. Kyriba is headquartered in San Diego, with offices in New York, Paris, London, Frankfurt, Tokyo, Dubai, Singapore, Shanghai and other major locations. For more information, visit www.kyriba.com.

How to Solve the 4 Main Payments Challenges

| 18-07-2019 | BELLIN |

Sascha Kopp has been a Consulting Director with BELLIN for over 10 years. He has successfully accompanied and implemented well over 100 payments projects in international groups. In this interview, based on our on-demand webinar, he outlines the 4 main payments challenges for corporates and how to best tackle them.

#1 payments challenge: a complex set-up

What is the biggest challenge for international businesses in handling their payments?

When it comes to payments, the biggest challenge for companies is usually their existing set-up. Very often we witness the following: You have banks on one side, ERP systems on the other side, and the individual entities in the middle. They all exchange payment data, generated by various technologies and in different formats, communicated by several channels. Companies find it difficult to manage this complexity.

How can companies make sense of this complex set-up of several e-banking systems, payment platforms and communication channels?

A payments solution, such as BELLIN’s integrated payments platform in the tm5 treasury management system, allows corporates to leave complex set-ups behind: instead, they experience simplicity with one platform that is accessible to all group companies and connected to all ERP systems and banks. tm5 can be used with any payment format.

You can access it on a desktop computer, mobile phone or tablet. All you need is Internet access. One of the many benefits of this solution is that it is scalable and can be adapted to changing company requirements – and we all know companies change all the time. Every time a new entity is added, no matter where in the world, this company and its banks can easily be connected to the payment platform. There is no need for an additional solution. The tm5 platform handles it all and is easy to use, transparent and secure when communicating data.

#2 payments challenge: fraud and cyber crime

How important is payment fraud?

Fraud, cyber crime and internal manipulation have been increasing dramatically for years. In 2016, the Leoni Group lost 40 million euros to payment fraud. In 2017, ABB reported a fraud case amounting to 100 million dollars. Companies lose more and more money and the number of attacks has been growing. This was confirmed by the AFP Payments Fraud & Control Survey published in April 2019: 82% of companies report having fallen victim to payment fraud.

How can companies best protect themselves against payment fraud?

Organizations currently invest a lot of time and money in fraud prevention. The best way of achieving payment security is to eliminate vulnerabilities, i.e. by using a multi-bank payments platform with integrated user permissions management such as BELLIN’s tm5. Thanks to a single point of entry and an additional security measure by way of 2-factor authentication in the BELLIN Connect app, tm5 protects companies from external threats. The integrated permissions functionality enables companies to define and manage user rights and implement dual approval for payment processing, thus ensuring compliance.

#3 payments challenge: cost

How can companies save money in their payment process?

In addition to bank fees, payments processing eats up resources. For most companies a centralized set-up is the most efficient – as well as the most secure – option to manage group-wide payments with only one team. As a web-based system, tm5 also enables decentralized cooperation using a central platform. We refer to this approach as Load-balanced Treasury.

What is the most affordable payments set-up for companies?

The most cost-efficient combination of formats and connectivity always depends on the countries in which payments are processed as well as on the volume of payments. tm5 offers all types of connectivity, be it local standards such as EBICS, host-to-host connections to main banks or a global solution such as SWIFT. BELLIN consultants offer advice on how to find the most affordable solution.

#4 payments challenge: new banking partners

What is the impact of changes to the banking landscape on corporate payments?

Companies are hit hard by changes to the banking landscape. In recent years, some banks have discontinued their services in some countries over night. But even when the selection of a new banking partner is driven by strategic and cost reasons, this change usually goes hand in hand with a new, additional e-banking system.

But it could be so much simpler: Companies who process their payments on the integrated payments platform in the tm5 treasury management system always work with the same user interface. This user interface is independent of the banks, channels and payment formats a company uses.

All in all:

Make the move to a central, multi-bank payments platform and benefit from:

compliance
security
reduced cost and effort
100% visibility and transparency
100% cash flow visibility
100% independence thanks to self-administration

Sascha Kopp
Consulting Director at BELLIN

Testing Treasurers for Integrity

| 06-09-2018 | by Pieter de Kiewit |

Last month Dutch newspapers published about two convictions that made me further think about the combination of treasurers and integrity. In the Vestia case, derivatives fraud within the largest social housing corporation of The Netherlands, the treasurer and broker were sentenced to time in jail. With ABN Amro, staff was being let go for falsifying signatures in mortgage documentation. The severity of the two cases is very different, but integrity of staff was relevant. Could these cases have been prevented?

In the development of the Treasuer Test (https://www.treasurersearch.com/blogs/3/s66ebd-getting-ready-to-launch-the-treasurer-test!), one of the most asked features is an integrity test of the testee. The development partners have scanned the market for the availability of such a test and received very mixed messages. Some parties offer questionnaires that pretend to measure this personality trait, others say it cannot be measured at all. Between these two there are service provider that do full day assessments, not just questionnaires, and claim good results. We have pondered on the subject and decided not to include this element in the test.

In recruitment we rely on past behaviour when wanting to make a statement on integrity. Reference checks and screening of documents by companies that offer private-investor-like services will bring the most solid results in my opinion. In The Netherlands one can ask for a “verklaring omtrent gedrag (VOG)” at the municipality that report about criminal behaviour. That would be proof something is not good, not proof things are good.

All in all it is a tricky subject. One thing one can be sure of: the candidate that lacks integrity will not inform you about this. Furthermore one can ask if integrity is solely in the person or that an environment can create non-integrity. Perhaps pushing for results and at the same time doing the right thing is a hard task. I would like to read about your thoughts about the subject.

Pieter de Kiewit
Owner Treasurer Search

TIS – the single source of truth

| 29-03-2018 | treasuryXL | TIS Treasury Intelligence Solutions |

On Tuesday 27^th March 2018, treasuryXL attended a seminar in Amsterdam organised by TIS. TIS stands for Treasury Intelligence Solutions and, during this seminar, Christian Werling from TIS gave a very informative presentation about their services which focus on cloud solutions for managing the administration of bank accounts. These solutions offer real-time reporting on all bank accounts – worldwide – and the ability to use just one system to validate and release all payments. In a world where a treasury department might hold more than 100 bank accounts, dispersed over more than 10 banks spread out across different time zones and having to maintain the possession and custody of numerous bank tokens and log in protocols, a one stop solution is very enticing.

Why?

In today’s world, companies can find themselves with a physical presence in a multitude of countries and locations. In the current environment, a corporate treasury would need to log on to the website of every unique bank where they hold accounts and extract the bank statements for the previous day. Using separate bank tokens and log in protocols, this process can quite easily take up to 1 hour. Furthermore, all the separate data needs to be collated and then uploaded into 1 system, Various subsets of the information need to be given to different internal departments so that they can perform their daily tasks – reconciliation, data input and verification.

The reality

In the modern age, you could find yourself as a Treasurer, within a large complex organisation, consisting of a head office, subsidiaries, legal entities and shared service centres. The underlying platforms can consist of book keeping systems, ERP, HR and different databases. Additional data flows come from e-banking systems, TMS and stand alone projects. The output from all these systems are then used to connect to the banks. Furthermore, all these layers of connectivity can be subject to fraud or attack from outside sources.

TIS provides a single point of contact via a SaaS (Software as a Service) platform that connects to all these systems, thereby offering a simple and effective control over the data flows in real time.

Advantages

Real time information
Control from a single point
Centralised bank account management
Centralised bank account mandates
Transparency
Cost efficiencies

After this we were informed about how the system works in the real world. Bas Coolen is the global head of treasury at Archroma – a colour and speciality chemicals company based in Switzerland. They have a physical presence in over 35 countries and 3,000 employees. Formed 5 years ago, they wanted a minimal IT solution to their legacy banking operations. These operations stretch from Asia, via Europe to the Americas and involved many different banks. They concluded that no single bank could provide the service they required within every country and that they needed a solution. By adopting the platform offered by TIS, they have been able to implement a global system that encompasses all their bank accounts – this provides them with a single source of truth. Importantly, the security aspects can now be maintained from one source – all the relevant authorisation matrices are now contained in one platform, along with the capability to perform all global e-banking operations from one location.

TIS were joined at this seminar by Cashforce, who presented their Smart Cash Forecasting and Treasury system – that will be the topic of our next blog.

treasuryXL would like to thank TIS for allowing us to participate in this seminar. If you have any questions, please feel free to contact us.

Internal Fraud – or how not to cheat yourself

| 22-02-2018 | Lionel Pavey |

Most companies, regrettably, experience internal fraud. The financial value of the loss can be small or large – however the impact is the same. Internal investigations, procedural reviews, the time spent on detection, possible prosecution, together with the potential loss of reputation are significant factors above and beyond the monetary loss. Fraud can never be eliminated, but the threat can be minimised through proper procedures.

Fraud is normally caused by false representation, failure to disclose information and abuse of power and position. As fraud is performed by people and their actions, a first step to prevent fraud would be to look at the current working environment within a company. If a company is putting extra stress on employees – bigger targets, loss of overtime payments, reductions in secondary benefits, no pay rises nor promotions etc. whilst the directors receive bonuses– this can lead to employees becoming aggrieved and seeking retribution. Furthermore, employing more temporary staff and external contractors, can distance the remaining employees and challenge their allegiance and loyalty.

Internal procedures

One of the least sexy components within a company is internal procedures. They need to be drafted, amended, agreed, published, implemented and reviewed on a rolling basis. Very few people enjoy writing these manuals, but they are essential to ensure that everyone is aware of the correct procedures that have to be followed to perform any tasks. Often there is talk of a “four eyes principle”. Personally, I have always believed in a “six eyes principle” as it requires more independent control and makes fraud less easy to perform. Most of the procedures are, of course, built around common sense. Duties should be segregated – different departments have different roles to perform in ensuring the complete procedure is followed throughout the company. Even within a single department, attention should be paid to segregating duties.

An example would be the administrative function relating to a purchase. There are 4 distinct stages – procurement, arrival, warehousing and dispatch/shipment. If one member of staff was responsible for the relevant data input for all 4 stages, there is an increased risk that fraud could take place. This is not to say that work should be segregated that one employee only ever does one function – this could also lead to fraud either through disenchantment or over familiarity of the systems and procedures used at one specific point in the production chain.

External procedures

Certain departments within a company have contact with external sources – suppliers, clients, financial institutions. Anyone who has contact with an external counterparty can be swayed by opportunity if the controls are not in place. In respect of purchasers – what contact do they have with suppliers outside the office? Are they entertained – restaurants, sports events etc? How often do they have contact? In respect of sales – are they responsible for determining the sales price? How often do they see clients and spend money on them? The same also applies to treasurers, cash managers, risk managers etc.

The necessary checks and balances need to be put into place. A record of all contact with external parties needs to be kept, updated, verified and stored. Temptation can be caused by personal hardship, flattery or grievance at how the person is perceived to being treated by the company.

Standing up to the boss

As stated, a healthy company should have procedures and statutes in place. These need to be adhered to at all times – there can be no exceptions. However, a mechanism for escalation is often missing. Example – someone sends in an expense claim approved by their manager. The treasurer or controller might question the veracity of a particular entry. A proper mechanism to escalate the discrepancy needs to be firmly established. That a manager has signed off on the expense claim does not mean it is correct.

Even directors have to make sure that their claims are signed off by other members of staff. Being at the top does not mean that the procedures do not apply. Requests for a priority payment outside of the agreed procedure should always be questioned. If everyone has agreed to the standard procedures, then there can be no justification to make a payment outside of the normal procedure, just because it has been deemed a priority. If truly deemed necessary, then authorisation must be given not only by management and directors, but also by the legal department. If this occurs, then the existing procedure needs to be examined as to why the incident occurred and where the procedure broke down. This all has to be detailed in writing – fraud can happen at the highest level as well as low down with an organisation.

Static data

Every contact both inside and outside of the company should be recognised and recorded in a data system. Static data refers to all relevant data concerning an entity – full name, registered address, bank details, contact details etc. This data should be fed into all other systems, but data input should be restricted to a small number of employees. These employees should not have access to any of the systems that are used to input data relating to daily operations.

Another key area is in the cash management side – book keeping can be complex and differences not noted until the yearly audit. However, cash movements contain plentiful details – name of beneficiary, account numbers etc. This can be reconciled against the prevailing static data – are the bank account numbers the same?

Fraud can never be eradicated, but by being open, allowing questions to be asked, even performing unexpected checks on the system and its integrity, and creating an atmosphere where staff know that they can question without fear of reprisal, then at least everyone will know that the company is alert and vigilant.

That knowledge and awareness will make a potential fraud think twice.

Payment fraud – how companies can protect themselves

|13-2-2017 | Joerg Wiemer | sponsored content |

Information about the opportunities and risks of digitalization is widely spread. In general, risks occur when there is a chance of losing a competitive advantage or falling behind. However, one of the biggest risks is without doubt cybercrime. Attacks on IT systems worldwide increased yet again by 38 percent in 2015, according to the consulting firm PwC in their “Global State of Information Security Survey 2016”. If these attacks are aimed at the payment transactions of a company, the entire existence of the organization is easily threatened. Therefore, security measures in treasury and payments processes should be at the very top of the agenda. Jörg Wiemer, CSO of TIS, explains how companies can ensure increased security.

In general, when does a risk exist for companies during payment transactions?

JW: In principle, in any situation that involves a lack of transparency across bank relationships and activities. In these cases, cash positions and liquidity are not clear. Let’s assume that a branch transfers ten million dollars at the beginning of the month. If these bookings rely on manual processes and the balance is only checked once at the end of the month, it takes a full thirty days until the fraud is detected. Time is literally money. By monitoring treasury in real time, it is possible to detect these procedures much earlier, thereby solving them in many cases.

It can take a lot of time until the head office of the branch gains knowledge about such cases.

JW: This is the heart of the problem: The prevailing regional division of labor makes it easy for fraudsters. If the account statements in paper are collected locally in each branch, it takes weeks until those responsible in the head office notice that an account statement is missing, and with it, the positions written on it. This is exactly why a company should collect all account statements from every bank account worldwide automatically and assess liquidity positions in real time with a software like TIS.

What else facilitates frauds?

JW: Fraud can occur if there is no complete overview of the electronic signing authorities, if there is no dual control principle during payment transactions or during the administration of payment recipients and, in general, during every user administration, which is particularly prone to fraud. These are the typical gateways.

How can I detect that I am at an increased risk?

JW: One reliable indicator of a low level of security in payment transactions is a high amount of manual transactions. Normally, the assumption is that every payment has to be recorded in the accounting system according to the best practices – no booking without receipt, and no payment without a previous booking. Nevertheless, under certain circumstances, there are deviations and exceptions of this principle. The key term here is “exception handling”, which results in a manual payment. An exemption is necessary for these cases, which includes comprehensive process documentation. The possibility of recording and authorization of non-automatic payments should be restricted to certain recipients of the payment and internal user groups. Furthermore, the user should only be allowed to use unchangeable payment templates that have been approved in advance.

How can companies reduce risks?

JW: A general rule is to standardize and and automate processes across the group of companies! Payment related tasks can be executed on local level, however, based on a standardized and automated process. A central directory of every existing account and a payment governance should be mandatory for every company. Security in payment transactions begins with the professional management of the bank accounts. Otherwise, those responsible run the risk of fraudulent payments through accounts that are not registered in the ledger. The next step is to centralize the payment transactions. Digital payment platforms like TIS pool the cash flow and standardize and automate it. This way, payment procedures and the cash flow are controllable at all times.

What has payment looked like in practice up until now?

JW: Heterogeneous and confusing. Companies have a lot of different systems in each part of their organization and they use different e-banking tools to connect to the banks. The SAP system then generates payments. This is complicated and complex and there are many different protocols and formats. This is the reason for high costs as well as increased fraud risk.

In light of this, which solution approach does TIS pursue?

JW: We provide a payment transactions platform especially for medium and large-sized companies in any industry. The platform connects their accounting system with the respective bank. It then operates between the core systems – which the client does not have to change – and the bank. Therefore, the platform is the single point of contact, allowing all automated and standardized payment transactions to be combined in a uniform way for the entire company. This makes the management, monitoring and assessment of payment transactions tremendously easier.

The TIS solution runs completely in the cloud. What about the topics of control and secure data storage?

JW: A server as such is either secure or not secure, no matter if it runs in the cloud or in your own house. It is also possible to dial into an in-house server with the banking tools of a company from anywhere as long as the person has the appropriate authorization or the right amount of criminal energy. This is why the server has to be permanently protected from non-authorized access with a high level of modern technology. The big data centers, with which TIS also cooperates, have totally different possibilities than a single company. Let me say a few words regarding the topic of online banking: the idea that banking tools on a private notebook which runs offline are somehow more secure is an illusion. This computer provides a much bigger gateway for viruses and Trojans than any e-banking solution that runs in the cloud. It speaks volumes, that the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) has recently started receiving a much higher amount of reports from the general public regarding e-banking frauds.

The right software is one part, but what can be done to ensure risk is handled correctly and that the right methods of payments processing are put into place?

JW: Good governance must be established and implemented. Companies need globally valid rules for their payment transactions with detailed guidelines on the following: how accounts are managed, who can open new accounts, who must give permission for this, and the documentation necessary to do so. There are always bad examples for what can happen if the company does not follow the guidelines. Remember the case of the automotive suppliers Leonie mid-2016? Cybercriminals acquired documents and assumed somebody else’s identity. They were then able to divert 40 million euros from accounts of the company to accounts abroad.

My advice on how to minimize risk? Establish governance guidelines and use a central platform for the management of bank accounts and payment transactions. Through automated and standardized processes, companies can protect themselves against manipulation and fraud and, ultimately, the loss of money.

If you are interested to read more about this topic please click on security in payments

Joerg Wiemer

CSO and Co-Founder of Treasury Intelligence Solutions GmbH ( TIS)