8 May, 2020
The operational chaos caused by a crisis is creating ripe conditions for fraudsters.
The Secret Service and a who’s who of organizations with well-known acronyms – the FBI (Federal Bureau of Investigation), IRS (Internal Revenue Service), DOJ (U.S. Department of Justice) and WHO (the World Health Organization) – are sounding the alarm about COVID-19 payment scams. These watchdogs are reporting a steep rise in business e-mail compromise (BEC) attacks – where fraudsters spoof real e-mails – and phishing scams for harvesting credit card numbers and other data.
The Current Landscape of Payment Fraud
Organizations on the frontlines of combatting COVID-19 – healthcare organizations, insurers, government contractors and pharmaceutical firms – are an especially appealing target for fraudsters.
The FBI has seen growing fraud related to the procurement of personal protective equipment (PPE), medical equipment, pharmaceuticals, and other suppliers during the crisis. Bad actors have tricked state government agencies into wire transferring funds to domestic and foreign accounts controlled by fraudsters in advance of receiving COVID-19 equipment. In one case, the FBI says the fraudster claimed to represent a supplier with which the payer had an existing business relationship.
INTERPOL’s Financial Crimes Unit says it is receiving information from member countries on a near-daily basis regarding fraud cases and requests to assist with stopping fraudulent payments.
It may be a while before the curve in fraudulent incidents flattens.
With more businesses pre-paying for goods and services in the current environment, there is a substantially higher risk of a buyer being defrauded with limited possibility of recourse.
Authorities also warn that bad actors who typically focus on card skimming will likely shift their efforts elsewhere – potentially to online payments fraud – because of retail store closures.
And the pressure to generate revenue or to quickly get much-needed raw materials or finished goods into the country may tempt well-intentioned employees to ignore red flags on new suppliers or fraudulent e-mails that appear to have been sent by established suppliers or senior managers.
5 Ways an Omni-Channel Payment Solution Mitigates Risk
Mitigating the risks of payments fraud and compliance issues during a crisis starts with reviewing internal controls, reminding employees of relevant policies and procedures, and remaining vigilant.
But an omni-channel payment solution also helps mitigate payment risks.
- Unwavering controls. It is tempting to relax or ignore policies, procedures, and internal controls when operations have been disrupted during a crisis. But that could leave a business vulnerable to fraud and compliance issues. For instance, cutting corners on checking suppliers against sanctions lists such as the Office of Foreign Assets Control (OFAC) could throw the door open wide for bad actors in far-off countries.
Omni-channel payment solutions ensure that procedures are consistently followed, no matter the circumstances. Leading omni-channel solutions allow for defined roles and permissions and privileges, separation of duties, hierarchical access, and administrative controls for security settings.
- Configurable workflows. It is not just suppliers that have not been vetted that businesses must be mindful of. Businesses should be diligent when it comes to approving any payment. That is why omni-channel payment solutions include built-in administrative workflows that allow for supplemental documents to be attached to payments pending approval while providing digital signatures and dynamic verification of a user’s identification.
Businesses can configure workflows based on the amount of the payment, length of time the company has done business with the supplier, where the supplier is located, whether the supplier’s banking details have recently changed and other criteria. With an omni-channel solution, it is easy to lower the dollar threshold for payments that require additional review. Dynamic spend controls allow businesses to slam the brakes on suspicious transactions. And built-in business intelligence tools and audit logging enable administrators to keep tabs on things.
- Virtual cards. Virtual cards help ensure that key suppliers can get paid fast during a crisis. But virtual cards also have built-in features that safeguard payments, even when operation are disrupted. Unlike purchasing cards, virtual cards are plastic-less, so businesses do not have to worry about lots of high credit-line cards being in circulation. In fact, a complete 16-digit virtual card number is never transmitted from a buyer; suppliers only receive 10 digits of the card number.
Virtual cards also are designed for single use. And payers can define the supplier, date range, amount, and other criteria for the transaction; a virtual card can never be charged for more than it was authorized for, and the payee can never be changed. Finally, virtual cards do not require buyers to manage banking account information for their suppliers.
- Managed services. Social distancing makes it nearly impossible to physically monitor the activities that may prevent payments fraud or compliance issues. And social distancing will continue as more and more businesses are considering the potential work-from-home capabilities bring to non-crisis situations. But physically monitoring fraud is particularly difficult in an environment where businesses pay their suppliers with paper checks.
Omni-channel payment solutions incorporate managed services that mitigate risks, even when staff work remotely. These services include identification verification (Know Your Customer and Know Your Bank), fraud and chargeback management, real-time reconciliation, and more.
- Industry standards. Electronic payments can be a tantalizing target for fraudsters. That is why leading omni-channel payment solutions have built-in widgets that help ensure compliance with the Payment Card Industry (PCI) Data Security Standard. The PCI DSS was developed by Visa, Mastercard, American Express and other card industry leaders. It requires organizations that collect, process or store card information to implement a set of security control standards to protect cardholder information.
Maintaining compliance with PCI DSS requires an annual certification compliance audit, quarterly security scans, an annual penetration test and completion of a self-assessment questionnaire with attestation. The National Automation Clearing House Association (NACHA) also requires financial institutions, FinTechs and businesses that use the ACH Network for sending and receiving electronic transactions to meet rigorous standards for safeguarding payments and data.
The operational disruption caused by a crisis raises the risk of payments fraud and compliance issues.
Using suppliers that were not fully vetted and screened, not validating changes to an established supplier’s banking information, making payments without the usual invoice approvals, and not being able to physically monitor payment processes are some of the vulnerabilities that businesses face.
An omni-channel payment solution will mitigate the risks of payment fraud and compliance issues, during good times and bad. The technology combines unwavering controls, administrative workflows, card payments, managed services, and industry standards to protect payments and related information.
Want to learn how an omni-channel payment solution can help mitigate your organization’s risks during a crisis?