Trustpair: Implementing the right cybersecurity strategies
FinTech Magazine speaks to Baptiste Collot, Co-founder and CEO of Trustpair about the implication of the US Securities and Exchange Commission’s (SEC’s) new regulations on cybersecurity incidents for companies’ payments fraud prevention strategies.
In the half-decade he spent as a treasurer at a large multinational organisation, Collot saw first-hand the daily struggles – manual controls, siloed teams, poor collaboration – finance teams face in preventing vendor payment fraud, leading him to co-found Trustpair in 2017.
Today, he works with 250+ large, global companies, helping them protect their businesses again.
What do the SEC’s new rules on material cybersecurity incidents mean for companies’ payment fraud prevention strategies going forward?
The SEC’s new rules require public companies to disclose material cyber incidents and their impact within four days.
With payment fraud incidents spiking - six out of ten large US companies were a victim of payment fraud in 2022 – and the costs rising (payment fraud is a US$20bn annual problem), companies are at greater risk of getting hit with an attack and the associated financial burden considered “material” to investors.
The vast majority of cyberattacks are perpetrated to commit financial crimes such as payment fraud. Fraudsters attack companies with the least effective defenses and highest financial gain.
Large companies are a target for fraudsters to commit payment fraud because of how their payments processes are organised: 90% of financial departments use manual processes such as phone calls and emails to validate bank accounts before paying their vendors.
These manual processes make it easy for breakdowns to occur and for fraudsters to pose as suppliers and collect their payments. With thousands of vendors across the world, it’s difficult for these companies to validate they are paying the correct vendor and not a fraudster.
Many companies also worry that disclosing breach information could create additional security concerns or severely impact their reputation. In fact, 34% of US companies impacted by payment fraud faced reputational damage from customers and investors.
Companies are realising the need to be more vigilant to combat evolving cyber risks and that they need strategies to prevent fraud altogether.
Companies can avoid fraud incidents, even if a cybercriminal infiltrates the organisation, by having processes in place that validate supplier bank accounts before payment so that they catch fraudsters trying to usurp supplier identities and switch bank account information - before falling victim to fraud.
How do today’s latest developments in artificial intelligence impact fraud attacks in light of the SEC’s new regulations?
AI will play an outsized role in driving material breaches. In fact, a new report shows there is a more-than-fourfold (427%) increase in account hacking attempts fueled by AI in the first quarter of 2023 compared to all of 2022.
For example, we’re seeing an increase in AI-generated deepfakes being used for fraud. Some cybercriminals are using AI voice generators to sound like the CEO at the large company you work for, tricking you into sending a fraudulent payment to a vendor.
Criminals are even sophisticated enough to use a combination of an AI-generated video with their voice disguised to pose as your boss on a video call, asking for your password to compromise your accounts.
It’s getting harder to know when you’re falling victim to fraud, and as the sophistication of attacks increases, companies’ strategies and approaches to defending against fraud need to become more advanced and sophisticated as well.
How can companies mitigate fraud and cyber risks, potentially averting the need to disclose a material breach?
Manual controls are no match for AI-based fraud attacks. Relying on manual controls puts companies at a severe disadvantage. But with the right tech, it’s possible to ward off attacks before they become a fraud event and hurt a business financially.
Implementing automated account validations across your vendor network can ensure you are paying the right bank account every time. For example, over half of successful fraud attempts are perpetrated through credentials or information changes on legitimate payments.
If you use a phone call to confirm a bank account, you might not get someone on the phone right away. When you do, a fraudster could intercept the call and pretend to be the supplier using a voice disguising device.
If you use email for bank account validation, a fraudster could easily hack into a supplier’s email account, monitor how they talk with business partners, impersonate the supplier, and change the bank account information.
Even if you are hit with an AI-based fraud attempt, automation can help flag those risky payments in real-time before you pay the fraudster and ensure you don’t fall victim to a major breach that would then need to be disclosed to the SEC.
Companies can implement strong internal systems like double approval processes to ensure there are multiple layers of controls before a payment is made and regularly clean their vendor data to avoid anything being out of date or incorrect.
Frequent fraud awareness and cybersecurity training can help teams understand when cybercriminals have breached their organisation and fallen into the trap of paying the wrong vendor. With the right approach, companies can mitigate and manage the risk of payment fraud.
******
For more insights from FinTech Magazine, you can see our latest edition of FinTech Magazine here, or you can follow us on LinkedIn and Twitter.
You may also be interested in our sister site, InsurTech Digital, which you can also follow on LinkedIn and Twitter.
Please also take a look at our upcoming virtual event, FinTech LIVE London, coming on 8-9 November 2023.
******
BizClik is a global provider of B2B digital media platforms that provides executive communities for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare, and Food & Drink.
BizClik – based in London, Dubai, and New York – offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.
