Stop Payment Fraud: Best Practice
For every business, 2020-2021 has been a significant new test. We’ve all had to adopt ideas like remote working faster and with less planning than we’d hoped. The journey to digital workflows was already happening, but nobody could have anticipated this catalyst.
Fortunately, most businesses and their employees have shown great adaptability and resilience. In record time, more of us have put digital processes at the heart of how we do business, including how we handle payments. It’s good for efficiency, great for productivity and helps you stay prepared for whatever tomorrow brings.
But while adopting digital payments is good for business, it also significantly increases your risk of fraud.
Every connection creates a risk
Intercepting a piece of paper is harder than it might sound. If your records, payment details and transactions are stored on-premise, they’re protected by the walls of your office and the eyes of your people. In a world where we’re making payments digital and connecting our devices on a global scale, fraud is just a few clicks away.
Historically, digital financial transactions were the preserve of those with the resources to secure them. Today, our highly connected ways of working mean everyone has a part to play in maintaining security and eliminating fraud.
According to PWC’s Global Economic Crime Survey, £156 million worth of fraud exploits digital transactions in the UK alone. It’s a challenge that’s becoming more pressing, year after year – in the past few years, cyber fraud has grown 1000%.
The risks to your business are numerous. Beyond the financial repercussions of fraud, you’re exposed to:
- Possible penalties for non-compliance with standards like GDPR and PCI
- Reputational damage when you disclose that the fraud has happened
- Interruptions to your core business and day-to-day processes
The implications are payment fraud or user account hacking are serious. Few businesses have the resources they need to survive a large-scale incident.
That’s why it’s vital to understand your risk – and where it really comes from.
The realities of your payment fraud risk
We would all like to think that payment fraud primarily comes from malicious attackers, exploiting your technology to divert or steal your money. However, the biggest risk comes from a place that’s closer to home.
According to McKinsey, as many as 50% of all cyber fraud cases come from insider threats.
When it comes to payments, common risks include unauthorised payments, false expenses, and accounting fraud. Troublingly, many digital solutions don’t offer true accountability to an individual, making these types of fraud hard to detect and even harder to eliminate.
Equally, many digital processes still involve a great deal of manual handling, just like their paper-based counterparts. These aren’t just open to abuse, but also rife with human error and mistakes that may leave your payment platforms exposed.
Reducing your payment fraud risk means taking a holistic approach: one that brings clarity and control to every part of the process, inside and outside of your business.
The 5 pillars of payment fraud best practice
Tackling payment fraud is the combination of the right payment technology and structured, anti-fraud processes. Based on our experience, strong protection is based on five key pillars.
Fundamentally, anti-fraud best practice depends on bringing all your payments together under a single point of control. This dramatically increases visibility and accountability, while exerting more due diligence over issuing individual payments.
Without a centralised process, it’s impossible to keep up with all issued payments and spot the signs of potential fraud.
While a centralised point of control is important for accountability, the realities of business mean most people also need to issue payments from local sites. If your payment platform is too restrictive, you may find yourself reducing fraud but struggling to get anything done.
The right platform strikes the balance between security and practicality by blending centralised control with local, role-based payment issuing. All with comprehensive auditing that ties activity to individuals.
Authentication has two primary goals: stopping unauthorised people from accessing your payment system and verifying the identities of the people allowed inside. However, passwords alone are notoriously weak, easy to share, and commonly repeated across multiple accounts or websites.
Two-factor authentication (2FA) complements the need for a password with an additional check. Typically, this is an authorisation code sent to a secondary device like a smartphone. Both pieces of information are required before access is allowed, adding another layer of protection, and tying activity more accurately to individual users.
Many digital payment solutions are like remote islands, completely distinct from the rest of your business. While this can have benefits in the fight against fraud, it often creates the need for re-keying of information or manually creating users and assigning permissions. Faced with this time-consuming process, it’s easy for people to make mistakes or circumvent the entire thing.
Ideally, your payments system will be tightly integrated with Active Directory, pulling useful user data with no need for complex admin. You can then define different roles within the familiar Active Directory system, allowing people to prepare, approve, and sign payments appropriately.
Finally, no payment platform can be fit-for-purpose in 2020 without being mobile-ready. We’re all expanding our ways of working to include remote options, so your payments need to be available whenever and wherever you need them.
A seamless way to eliminate payment fraud
Effective anti-fraud is something that happens for every user, in every location. Role-based permissions, local issuing and a flexible web-based portal are all vital tools for increasing your control of payments and, ultimately, reducing your risk.
However, the single most important thing to consider is how these elements work together. Sophisticated anti-fraud measures are important, but not if they come with the huge expense or leave your people struggling to make payments across multiple systems.
As we continue our journey into a digital future, the most secure businesses won’t just be those with effective anti-fraud – they’ll be the ones who get everything they need in a single easy-to-use, yet feature-rich platform.
Learn more about our secure Digital Payments Web solution.