Stopping Third Party Payments Risk in Its Tracks
Third-party payment risk exposures receive the most press and attention from corporate treasury and risk management professionals—especially over the past few years with the explosion of business email compromise (BEC) scams. If we look at the top sources of attempted/actual payments fraud as reported in the 2017 AFP Payments Fraud & Control Survey one thing is clear—third-party payments risk exposures have more than earned that focus.
The high-risk of BEC scams across multiple payment types (including online payments) should inspire companies of all types and sizes to invest in educating their employees. Startups, eCommerce businesses, and technology firms alike should be teaching their operations teams how to mitigate these risk exposures—including partnering with their IT team to prevent data compromise and ensuring that a response plan is in place to mitigate the cost of a data breach. The following graph from the 2017 AFP Payments Fraud and Control Survey illustrate the prevalence of BEC scams across payment methods including ACH, wire transfers, and credit cards:
Effective third-party risk mitigation can not only be achieved through employee education but with the right processes and controls in place. The following represent specific techniques companies are currently using to mitigate operational risk and improve fraud prevention:
- Education of all employees involved in payments processing reactive to BEC scams
- Education of employees on how to protect company data that can be compromised via mobile devices and laptop computers when traveling on company time
- Real-time reporting of payments activity above certain thresholds
- Daily account reconciliations
- Multiple layers of security for access to bank services that facilitate payments and/or payments reconciliation
- Investment in upgrading security to access the company network
- Restrict payments activity to company-issued laptops
- Invest in direct company access to the SWIFT network
- Leveraging purchase cards with authorization for only specific restricted MCC codes for each user
Technology is also a key tool for companies in mitigating payments risk exposures. Payment systems that minimize manual data entry and number of parties involved in a transaction can help to prevent payment fraud. FinTech can also be leveraged to strengthen the level of security relative to the authentication of actions that affect payments risk management by automating reconciliations and reporting.