🔥 HERO raises €11.3 million from US investment fund Valar - Find out more! 🔥
Payment security: companies' number 1 concern
Temps de lecture : 6 minutes
According to the Baromètre Fraude et Cybercriminalité 2021, 2 out of 3 companies have suffered at least one fraud attempt this year, and 1 out of 5 has suffered more than 5 attacks. This upsurge in fraud attempts (according to the same study, 64% of companies report an increase in the number of fraud attempts) is part of a long-term trend, which can be observed in all business sectors. It has to be said that the Covid-19 crisis has prompted companies to digitize at breakneck speed. And while there are real advantages to digitalization, the widespread use of teleworking in recent months (and the subsequent dematerialization of processes) has made companies more vulnerable to fraud attempts. Faced with these heightened risks, payment security is a major concern for companies. For, in addition to the financial cost of fraud, they also face a less tangible but equally real cost: the weakening of their image and damage to their reputation. That's why companies need to make payment security a priority, by identifying the associated risks and combating the potential fallibility of their processes. Detailed explanations.
Sommaire
Why is payment security a major concern for businesses today?
In a fraud study published in 2020, PwC reveals that, over the 2018-2020 period, more than one in two companies fell victim to fraud, for a total estimated loss of $1.4 billion. Fake supplier fraud, president fraud, hacking, embezzlement... The scams are numerous, and the creativity of fraudsters (apparently) limitless.
It has to be said that the digitalization of procedures makes companies particularly fallible. It's true that digital technology is a real opportunity for companies, in that it saves time and increases efficiency. It also facilitates interpersonal relations, thanks to 100% digital software and tools that offer new possibilities for healthy communication. But the risks of fraud, whether internal or external, are also greater when all company processes are dematerialized. The explosion in fake president fraud during the Covid-19 crisis is a sad illustration of this. Why does the digitization of processes increase the risk of fraud? There are many reasons. For example, it is more difficult to verify a supplier's identity from a distance. Furthermore, dematerialization often generates security loopholes: in fact, company computer servers are not infallible and can therefore be targeted by attacks.
Fortunately, the legal framework for payment security is getting stronger. The second European Payment Services Directive (PSD2), adopted in 2015 by the European Parliament and coming into force in 2018, aims to harmonize payment regulations within the European Union. In particular, it should help combat the increase in fraud generated by the massification of online purchases. According to Mercatel, a trade association specializing in payment-related issues, the fraud rate is 20 times higher in e-commerce than in convenience stores. The PSD2, by reinforcing the level of security of payment transactions on the Internet, therefore has an important role to play in the fight against fraud. Since May 2021, strong authentication (a security system designed to certify that the person wishing to carry out an online transaction is indeed the holder of the bank card or payment account) has been mandatory for all payment transactions over 30 euros.
What are the risks for companies?
As we've seen, companies face a considerable financial risk (according to the Euler Hermèst study, 33% of fraud victims suffered losses in excess of 10,000 euros, and 14% suffered losses in excess of 100,000 euros). But this is not the only risk they face.
By drawing up a typology of the most common types of fraud, let's take a look at the risks faced by companies when it comes to payment chain security.
The fraudulent president
Here, the fraudster assumes the identity of one of the executives of the target company and asks an employee to make an urgent transfer to a bank account. Typically, the fake executive insists on the importance, confidentiality and urgency of this operation, to put pressure on the employee with whom he is in contact.
Large companies are the most affected by this type of fraud. Even if it fails in the majority of cases, it can have far-reaching consequences, with financial damage estimated at up to 10 million euros.
To protect themselves against this risk, companies have every interest in securing their bank transfer processes, in particular by ensuring the authenticity of the originator of each transfer, and by not communicating any confidential information about the company in supposedly urgent situations.
False transfer fraud
In this case, the fraudster assumes the identity of one of the company's suppliers and contacts them to notify them of the change in their bank details. The accounting department updates these details in its database, which has the effect of redirecting supplier payments to a fraudulent account.
Once again, this modus operandi targets large companies in particular, and can result in financial losses of up to 10 million euros.
Technician fraud
Less well known than the previous two, technician fraud involves impersonating a technician to carry out false tests on computer workstations with access to sensitive data. The aim is to retrieve confidential information, generate fraudulent bank transfers, install pirate software, and so on. In addition to the risk of financial loss, this also exposes the company to the risk of data piracy and damage to its public image.
Cybercrime (computer hacking)
Hacking can take many forms: phishing, spoofing As in the previous example, the risks are not only financial, but also legal and reputational. In addition to the possibility of having confidential data hacked and used by third parties for fraudulent purposes, the company is also exposed to damage to its image, which is very real, even if more difficult to assess.
A few examples
In February 2020, several French companies, including Bouygues and M6, suffered major cyberattacks. The Lise Charmel lingerie group, also a victim of these massive attacks, was even placed in receivership. The reason? Hacking software took all the company's data hostage, in exchange for a key to decrypt it (all data and files were then encrypted). As the company refused to pay the ransom, it had to rebuild its computer system for months, resulting in lost earnings of several million euros.
A few years earlier, in 2014, it was Michelin which was victim of the fake president fraud. Amount of damage suffered? 1.6 million euros. In the same year, KPMG was also a victim, for a total loss of 7.6 million euros.
These few examples illustrate the concrete consequences of credit transfer fraud (suspicion of negligence towards the company, tarnished reputation, financial cost, jeopardized business...), and the resulting importance of securing the payment chain.
What solutions can be put in place now and in the years to come?
Digitization is set to continue developing over the coming years. We are still in the early stages of a revolution whose opportunities are just as numerous as its risks. Fortunately, there are solutions to counter the latter, including :
investment in supply chains to ensure their solidity;
risk mapping;
setting up internal procedures ;
cash flow management ;
raising awareness of fraud risks at all levels of the company (employees must also be informed);
close collaboration with all company departments in the fight against fraud.
Companies are also well advised to use solutions that digitize the processes involved in checking bank details throughout the payment chain, from entry in the third-party database to payment generation. The combination of human verification and technology delivers optimal results.
In addition, companies need to know who their business partners are, so they don't fall prey to identity theft.
By implementing a wide range of measures and reinforcing collective vigilance, companies will be able to face up to the new payment security risks posed by digitalization.
