Guide on Countering Deceptive Financial Transactions, Drawing Parallels with 'Hitchhiker's Guide'
In the digital age, advanced technology and cutting-edge screening tools are crucial in the fight against fraud, but they only win half the battle. The true effectiveness in fraud prevention lies in the incorporation of robust fraud policies, a lesson businesses must learn to fully understand.
Without proper vigilance, businesses can inadvertently increase their susceptibility to transaction fraud. This often happens when their agreement with financial institutions shifts the obligation to actively screen payments in favour of faster payment processing.
Over the past decade, Business Email Compromise (BEC) and Vendor Email Compromise (VEC) have caused significant financial losses. Between October 2013 and December 2023, total fraud loss due to BEC was $55.49 billion, with the U.S. losing over $20.08 billion.
Many financial institutions still treat fraud control as a need-to-know concern, rather than actively engaging clients in fraud prevention. However, a layered approach combining people, processes, and technology is key to preventing email compromise and transaction fraud in medium-sized businesses and startups.
The FBI Internet Crime Complaint Center (IC3) and the Forbes Technology Council have outlined several strategies for this approach. These include implementing multi-factor authentication (MFA), educating employees on vigilance, verifying payment requests independently, using advanced email filtering and threat detection, adopting DMARC and email authentication standards, leveraging centralized security management, reporting and using authoritative resources, and designing solutions with strong alerting mechanisms, transaction fraud screening controls, and optimally tuned fraud screening methods.
Sunny Banerjee, Business Implementation Manager for Enterprise Fraud at First Citizens Bank, emphasizes the importance of this collaborative approach. He highlights the need for transparency, shared intelligence, and education among all parties involved, including leadership, fraud prevention teams, internal auditors, regulators, solution providers, and well-informed customers.
Data breaches, increasingly common due to the era of AI and emerging technologies, pose a significant threat. In a data breach, fraudsters can obtain email addresses and credentials of employees, including senior leadership, in a company. This underscores the need for fraud prevention controls to become ingrained, intuitive, and behavioural rather than merely obligatory procedures.
Financial institutions should proactively educate clients on fraud threats that could impact their organizations and ways to mitigate the risk. By doing so, they can reshape their clients' views on the necessity of these measures, ensuring a safer digital landscape for all.
Sunny Banerjee, a Business Implementation Manager for Enterprise Fraud at First Citizens Bank, stresses the significance of a collaborative and multilayered approach involving education, transparency, and shared intelligence among all parties, including clients, to effectively prevent email compromise and transaction fraud, especially in the context of finance and technology. Incorporating advanced fraud policies and strategies, such as implementing multi-factor authentication, verifying payment requests independently, and using robust email filters and threat detection, can help medium-sized businesses and startups reduce their vulnerability to Business Email Compromise (BEC) and Vendor Email Compromise (VEC), which have resulted in substantial financial losses over the past decade.
