3 Steps Your Organization Can Take to Mitigate Payment Fraud
According to the 2024 AFP® Payments Fraud and Control Survey conducted by the Association for Finance Professions (AFP), payment fraud via ACH, wires, and checks has increased by 65% since 2022, with 80% of organizations reporting fraudulent transactions. The rise of Business Email Compromise (BEC) attacks is a significant contributor, with 63% of organizations surveyed experiencing this type of attack.
Given that payment fraud is often initiated through BEC schemes, it is crucial for organizations to be prepared to combat these attacks, with training and awareness of employees being key. Below are the 3 steps every organization should take to protect itself from payment fraud.
- Develop Robust Internal Controls
Having a robust cybersecurity program and strong internal controls is essential for organizations to identify and prevent payment fraud attempts. Implementing comprehensive policies and procedures, utilizing bank ACH and checking positive pay, regularly monitoring banking activity, and conducting vendor phone call verifications are operational changes that can help protect against payment fraud.
2. Implement Resilient Cybersecurity Programs
In addition to operational changes, certain cybersecurity measures should also be considered. Utilizing Multi-Factor Authentication (MFA) dual control over payments, VPNs, firewalls, administrator activity logs, network traffic monitoring, and other security configurations are key practices that should be implemented to detect and prevent payment fraud. Vigilance in confirming bank account information with vendors, spotting deepfake invoices, BEC attacks, and other fraud schemes, as well as monitoring logs and activity, will help reduce the number of successful social engineering attacks on your organization.
3. Utilize Secure Encryption Protocols
The use of strong encryption protocols can help secure your payment transactions. Implementing strong encryption protocols will better protect payments over generally unsecure mediums, such as the internet or email. Both the National Automated Clearinghouse Association (NACHA) and Payment Card Industry Data Security Standard (PCI DSS) require robust protocols to be compliant with their standards. Security certificates (TLS/SSL certificates) and up-to-date encryption protocols (such as Advanced Encryption Standard (AES) 256-bit encryption) are industry standards that provide an added layer of protection for data in transit. Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificates are the foundation of a safe and secure internet. TLS/SSL certificates secure internet connections by encrypting data sent between your browser, the website you’re visiting (the bank or payment platform), and the website server. This helps ensure that transmissions are private and occur without modifications or loss of data. AES 256-bit encryption is the strongest and most robust encryption standard that is available today and adds a layer of protection to data in storage (or at ‘rest’). Protecting payment data both at rest and in transit will help minimize the number of successful attacks on payments and associated information being stored or transferred online.
How Centri Can Help
At Centri, we’re here to offer you the support, resources, and expertise you need, exactly when you need it most. Unsure about your current cybersecurity practices and the design and operational effectiveness of your internal controls? Centri can perform a comprehensive cybersecurity and/or internal control assessment to identify gaps and help you devise a tailored path forward. Whether it’s drafting policies and procedures, performing risk assessments, or designing controls, Centri’s cybersecurity experts are here to support your business.
Managing Director | CPA, PMP, CISA, CFE
Karyn is a Managing Director in the IT Risk & Cybersecurity Practice at Centri Business Consulting. She has more than 15 years of combined experience in internal IT audit and external audit support (IT controls), third-party assurance (SOC 1 and SOC 2 reporting), internal controls consulting, project management, IT risk and cybersecurity, and system implementation support. View Karyn DiMassa's Full Bio
Managing Director | CPA
Sunny is a Managing Director at Centri Business Consulting. He has more than 14 years of public and private accounting experience. View Sunny Patel's Full Bio
About Centri Business Consulting, LLC
Centri Business Consulting provides the highest quality advisory consulting services to its clients by being reliable and responsive to their needs. Centri provides companies with the expertise they need to meet their reporting demands. Centri specializes in financial reporting, internal controls, technical accounting research, valuation, mergers & acquisitions, and tax, CFO and HR advisory services for companies of various sizes and industries. From complex technical accounting transactions to monthly financial reporting, our professionals can offer any organization the specialized expertise and multilayered skillsets to ensure the project is completed timely and accurately.
3 Logan Square
26th Floor
1717 Arch Street
Philadelphia, PA 19103
530 Seventh Avenue
Suite 2201
New York, NY 10018
4509 Creedmoor Rd
Suite 206
Raleigh, NC 27612
615 Channelside Drive
Suite 207
Tampa, FL 33602
1175 Peachtree St. NE
Suite 1000
Atlanta, GA 30361
50 Milk St.
18th Floor
Boston, MA 02109
1775 Tysons Blvd
Suite 4131
McLean, VA 22102
One Tabor Center
1200 17th St.
Floor 10
Denver, CO 80202
1-855-CENTRI1
virtual@CentriConsulting.com