Payment fraud…

According to the “2020 Report to the Nations Global Survey” published by the ACFE[1], “Fraud is a global problem affecting all organizations worldwide”. Certified Fraud Examiners estimate that organizations lose 5% of their revenue to fraud EACH year.

Protecting your business against sophisticated, persistent and constantly evolving fraud attacks is one of the greatest challenges for any organization today. Opportunities for cyber criminals are abundant, as companies have increased their global footprints, face fierce market competition, operate in decentralized fashions, and now are operating with further challenges when conducting business as caused by the current pandemic; these and so many other issues and rapidly changing situations can prevent “normal” controls from being performed effectively.

What are the most prominent types of fraud schemes within organizations?

Answer: Asset misappropriation. This is the most common form of fraud, and “cash schemes” are the most common type scams among asset misappropriation. Asset misappropriations fall into the following categories:

  • DIVERTED PAYMENTS: compromised payment information, compromised source for payment confirmation, fraudulent banking coordinates, etc.
  • FALSE PAYMENT REQUESTS: false payment instruction with unauthorized signature, compromised business email, false invoices, etc.;
  • CHEQUE FORGERY: theft of cheques, counterfeiting cheques, etc.;
  • BILLING SCHEMES: overbilling customers, use of fictitious suppliers, record of false transactions, etc.;
  • MISUSE OF ACCOUNTS: wire transfer fraud, employee account fraud, unrecorded sales/receivables, etc.;
  • CYBER FRAUD: malware, phishing attempts, etc.

person with credit card entering information on their phone

As the risk of payment fraud and related IT threats are at the top of the list of concerns across industries, a mature control environment is required. Organizations need to be flexible and able to react quickly to any potential new fraud attempt.

The followings are the minimum controls a sound cash management department should foster to reduce the risk of fraud and/or attempt for quicker detection:

  • Fraud awareness through employee sensitization and training;
  • Multi-factor authentication on banking platforms (i.e., token and password);
  • Dual approval requirements for banking platforms administrators and transaction approvers;
  • Thorough validations (voice confirmation, independent confirmation) prior to any cash transactions with new vendors and vendors with modified information (address, banking coordinates, etc.);
  • Test payments (random and low value initial payment) prior to sending the full payment amount;
  • Additional validation process through PIN or password verification for significant transactions;
  • Segregation of duties between initiators and approvers of transactions;
  • Frequent reviews of payment limits, physical and logical access rights;
  • Increased monitoring and scrutiny of overseas activity to validate that controls are operating effectively.

No one is immune; the threat of fraud is everywhere! Organizations need to stay current and agile to fight the status quo and prevent or detect any new fraud attack.

Wondering where to start? Having proper controls in place, cultivating employees’ awareness, and fostering the communication and implementation of appropriate response plans are key in the battle against fraud. As stated by the “2020 Report to the Nations Global Survey” published by the ACFE, “A lack of internal controls contributed to nearly a third of frauds.” A combined assurance approach between cash management and internal audit functions is key to understanding the gaps in controls which allow for the increased chances of fraud to occur.

How can Richter help?

  • Risk assessment of your cash management activities;
  • Thorough review of your cash management process and procedures in alignment with best practices;
  • Optimization of your current cash-related controls;
  • Implementation of monitoring controls required for overseas sites;
  • Awareness campaigns on most recent fraud schemes;
  • Training/workshops with your organization to better understand how to prevent and detect fraud attempts.

[1] Source: