Payment and bank transfer fraud is no longer an isolated phenomenon. They are more and more recurrent, the swindlers constantly improving their stratagems. Unfortunately, many companies still fall into the trap of fraudsters. They extort huge sums of money from their victims and it is often difficult to apprehend them. Most of the time, frauds are orchestrated from abroad, with the use of false IP addresses and email addresses. Scammers also often use phone numbers that appear to be local, when in fact the calls are made from other countries.
Payment fraud and wire transfer fraud can be carried out in various ways. Here’s a guide that will help you protect your business from fraudulent payment and wire transfer scams.
Types of fraud targeting businesses
There are various types of frauds that target businesses. Knowing about them will allow you to better counter them.
Bank Transfer Fraud
Bank transfer fraud is one of the most common types of fraud experienced by businesses. To carry out this type of fraud, scammers usually use identity theft. To this end, they collect information about their targets through phishing. Using fake URLs, ransomware, viruses, deepfakes and others, they manage to obtain the personal information of future victims through social engineering.
To avoid bank transfer fraud, you must therefore be vigilant in protecting your bank details. You must take specific measures. Not everyone in a company has the same knowledge about bank fraud. As a company manager, be sure to make your employees aware of the different techniques used by scammers. Thus, you draw everyone’s attention to the precautions to be taken to avoid bank transfer fraud.
Secondly, you can restrict employee access to sensitive data to avoid any risk of leakage that could be used by fraudsters. Similarly, you should rely on double validation of transfers, use password protection strategies, etc.. You also have to be careful with the change of bank details of the suppliers, because the RIB (Bank Identification Statement) scam is very common.
False supplier fraud
Fake supplier fraud is widely used by scammers to achieve their goal. It works on companies because it is done in a subtle way. According to the Euler Hermes DFCG 2020 barometer, this payment fraud is the number one cyber attack on companies. The fraudster contacts, often by email, a member of the financial management of the targeted company and informs him of the change in his bank details. He then asks her to pay future invoices using the new contact information he has given her.
The person contacted by the scammer may take the bait, because the scammer is assuming the identity of the real provider. To achieve this, the fraudster creates an email address similar to that of the supplier. It also uses the same invoice and email formatting. The fight against bank payment fraud therefore requires the implementation of a permanent monitoring mechanism. For example, each time you receive emails from a so-called supplier, you should check if the email address matches the one from the previous exchanges.
You should also look at the subject line of the email, the name of the attachment, the pagination of the invoice, the formatting, the bank details, etc. The slightest change in these elements should alert you to be more careful. For the security of payments, think of systematizing the double verification of the bank details of the suppliers, notably through a KYS (Know Your Supplier) system. The automation of identity and banking information checks is also a guarantee of security.
Fraud on the President
President’s fraud or fraud by false transfer order is one of the most vicious frauds targeting businesses. This scam, which is very often used by fraudsters, consists of impersonating the company’s manager and contacting a member of the financial section to request an exceptional transfer. Aware of the authority that the president of the structure may have over his collaborators, the fraudster puts his target under pressure and forces him to send him a certain amount of money urgently and confidentially. It gives him a bank account number to which the transfer should be made.
If he is not trained against this type of scam, the contacted employee does not ask questions to the one who presents himself as the president. He then complies and sends him the money. Large companies have already fallen victim to fake money transfer fraud. As an illustration, Vallourec lost more than 20 million euros in 2013 due to this type of fraud.
However, the schemes used by scammers are becoming more and more sophisticated. Thus, in recent years, a variant of fraud on the president has emerged, namely fraud on the minister. The fraudster impersonates a government minister and may, for example, invite the company to a national solidarity fund. To avoid presidential fraud or one of its variants, it is essential to train employees. They must know the techniques used by scammers, the reflexes to adopt, the reactions to have in case of suspicion of fraud, etc.
False customer fraud
Customer identity theft is one of the ways cybercriminals steal from businesses. Fake customer fraud manifests itself in various ways. The scammer may contact a member of the company as a customer and notify them of the change in bank details or address. The purpose may be to extort money or divert goods. Among other fraudulent customer techniques is the fake quote scam. The scammer presents himself as a prospect and requests a quote from the company.
When the quote is validated, the fraudster pretends to send more than the amount needed. He then tells the company that he made a mistake and requests a refund. The company returns to the false customer the difference between the amount of money he supposedly sent and the total price indicated on the estimate. Afterwards, she will realize that her account was never credited by the client.
Detour of merchandise is another of the techniques of fake customer fraud. In this case, the scammer presents himself as a customer who has ordered goods from the company and notifies him of a change of address shortly before delivery. Trapped, the company then takes into account the change and delivers the product to the new address indicated. E-commerce sites are particularly targeted by this type of scam. To avoid this, you must use a KYC (Know Your Customer) system. The latter implies a double confirmation, and will be useful to authenticate that a sensitive operation such as change of address has indeed been initiated by the customer.
Internal fraud is probably the most pernicious of all, since it is organized by one or more employees of the company. It manifests itself, among other things, in the sharing of confidential company data with third parties. Thus, the fraudster can directly embezzle assets, steal money, commit corruption, manipulate expense reports, etc. In practice, an employee can assume the identity of a supplier and notify the company that they have changed their bank details. And just like in the case of the fake supplier fraud, he gives a new bank account number and asks that the next transfers be transferred there.
It also happens that the collaborator joins forces with another criminal to set up the scam. He can then entrust sensitive company information to a third party who will impersonate a supplier, a customer or even the president. The consequences of internal fraud go beyond the financial aspect and affect the company’s reputation. To combat this type of fraud, all departments (financial, administrative, legal) must be mobilized. Each company must have a clear understanding of its own role in preventing internal fraud.
How to fight against transfer and payment fraud in companies?
The various frauds that target businesses are preventable. To successfully combat transfer and payment fraud, you need to use the right tools and adopt the right practices.
Solutions to thwart payment and transfer fraud
There are software solutions specially designed to counter fraud attempts. Among the most effective are SEPAmail DIAMOND and KYC LUCY.
SEPAmail DIAMOND is an application whose role is to check the bank details in order to avoid bank scams and input errors. The tool is particularly effective in thwarting fraud techniques relating to bank details and identity theft. It allows companies not to be fooled by so-called suppliers, customers or presidents. The SEPAmail DIAMOND application can be easily installed and adapted to all systems.
From name to VAT number, date of birth, IBAN, SIREN, all information is screened by the tool. The latter analyzes the contact information of everyone who comes into contact with the company. SEPAmail DIAMOND can be used via a generic and customizable web interface. You can also use it as an API, which can evolve into a full-fledged interface via parameterization.
KYC LUCY is a useful solution to fight against payment and transfer fraud. This application is natively compatible with SEPAmail DIAMOND. It is used to reduce the risk of error in financial transactions. KYC LUCY is indicated to set up a KYC (Know Your Customer) and KYS (Know Your Supplier) procedure.
The tool offers several modes of use. You can use it as a mobile application, as a generic web interface to be customized as needed, as an API on a server or as a website. The operating mode can be changed at any time with ease. With KYC LUCY, notifications can be set up.
Check the bank details of your customers and suppliers
Transfer and payment frauds do not have the same modus operandi, but most revolve around bank details. Make sure you check the banking information of your customers and suppliers. When a supplier to whom you usually pay bills informs you that they have just changed their IBAN, ask them for an RIB. This RIB must be integrated into your transfer system for an update. Above all, you must call the said supplier via his usual number to make sure that it is really him who sent you the email in question.
To establish a true anti-fraud policy, make sure to separate the roles of employees to avoid the risk of internal fraud. The accountant should not be the “go-to” person for financial management. You can give it an executive role. He can therefore issue the transfer files using the company’s banking communication software. As for the treasurer, he must check the reality of each announced IBAN change. For this type of work, the use of an efficient tool such as our software solution SEPAmail DIAMOND and our KYC service LUCY is almost indispensable.
Reinforcing the culture of bank fraud risk in companies
You can have all the best anti-transfer and anti-payment fraud systems in the world and still not escape the crooks. The combination of the proper use of these tools and the adoption of the right reflexes is essential to get closer to the goal of zero fraud. Within your company, you need to make everyone aware of the different types of scams. Awareness-raising should be accompanied by training to teach employees the basics of how to deal with attempted scams.
Whenever there are new hires or interns, you should brief them on the company’s anti-scam policy. However, it is not obvious that you have the time or the technical skills to train your employees in this sense. You can therefore call upon a professional trainer who will address all aspects of the fight against fraud. The role of the specialist will be to reinforce the risk culture within the company to allow each employee to be on the alert.
Finally, please note that urgent transfer orders should be banned from your operating mode. In addition, don’t forget to secure the company’s sensitive devices and data with effective antivirus software.