Payment fraud is becoming more and more costly and sophisticated. According to the latest report from American Financial Professionals, sixty-two percent of finance professionals report that their organisations were targets of payment fraud in 2014.
The damages were high for the victim organisations, including Ubiquiti which reported a $46.7 million loss, Xoom Corp. that lost $30.8 million, and Irish airline Ryanair that claimed $5 million in losses.
Payment fraud extends across all payment types including SWIFT/Wire, Faster Payments, BACS SEPA payments, ATM/debit transactions, ACH/bulk payments, bill payments, P2P/email payments, checks? and all the different forms of domestic electronic transfers available in various markets.
There are dozens of ways to commit payment fraud including creating bogus customer records and bank accounts, initiating false payments (Automatic Clearing House Fraud), and intercepting and altering payee details and amounts on checks and payable orders are just a few examples.
Fraudsters stay under the radar
Attacks are becoming more complex and increasingly difficult to detect. In addition to taking over employee accounts directly, attacks are often socially engineered. For example, hackers can impersonate managers to withdraw money themselves, or request employees to make fraudulent wire transfers on their behalf.
In addition, after taking over employee accounts, hackers are often aware of common policies and controls that have been implemented to prevent fraud, and they can thereby circumvent them making their activities even more difficult to detect.
Take for example this payment fraud scenario:
Typically, in order to avoid fraud one employee cannot perform all the steps in the payment process. Different individuals are authorized to open accounts for payees, authorise payments and then initiate payments.
Once hackers have this ability to manipulate IT systems, new users can be created with the ability to initiate payments, and another to authorize payments and even a third user can be created to add new payees or suppliers. Since all the organizational rules are being followed, the transactions are committed without issuing any warning that fraudulent transfers have taken place.
This type of fraud can not only result in high amounts of damages for the initial attack, it also enables the hackers to perform multiple fraudulent transfers over an extended period of time resulting in extensive financial damages.
Inspect from from angle: four types of fraud indicators
Since payment fraud involves many different types of activity, the best way to identify suspicious patterns is to integrate disparate data sources, and cross check data from multiple angles.
The sooner a payment fraud incident is identified, the lower the likelihood that the attack will be repeated.
The best way to uncover this type of activity is to look for anomalies in the four types of fraud indicators; user behavior, physical location, security authorizations, and account activity.
When all of this information is collected and correlated, it’s possible to detect this type of fraudulent activity sooner.
> See also: Top 8 ways to fight mobile banking fraud
For example, the e-payment fraud scenario could have been detected if all of the following observations were combined; there were new security authorizations granted, payments were authorised to a supplier whose bank account number had been recently changed, and the IP address for the individual executing these transactions was not a typical one.
Each of these factors alone is not enough to pinpoint fraudulent attempts. But by analyzing activities across departments over different systems, the right conclusions can be reached.
When all four angles are analysed and correlated, there is a good chance that the fraudulent activity can be uncovered. Fraudsters can take over identities and try to hide their tracks but they can’t cover up their abnormal behavior.
Hackers will continue to create new methods for taking over employee accounts and committing fraud. However, by monitoring online behaviour suspicious activity can be identified earlier in the process, thereby keeping the organisation’s assets and reputation intact. Proactively capturing and analyzing a combination of suspicious activities across every angle can be the key to preventing fraud.
Sourced from Hagai Schaffer, Cyber Fraud and Risk Management VP Marketing and Product Management, Bottomline Technologies