This article was originally published in the Autumn 2019 issue of The Record. Subscribe for FREE here to get the next issues delivered directly to your inbox.
Fraud poses a threat to all business organisations, irrespective of size – and the high value and volume of transactions throughout the manufacturing sector can make these companies especially attractive to fraudsters. With so much on the line, it’s imperative to identify the risks and take action to counteract the threat.
There are many types of payment fraud threats to consider, but three types of fraud have grown to pose a significant threat to manufacturers.
CEO fraud, or Business Email Compromise (BEC), involves an imposter posing as a senior figure within an organisation. Using digital communication, this individual uses false credentials to contact a member of staff within the company’s finance department. The staff member then follows the instructions supplied and transfers payment to a fraudulent bank account. This is a significant threat to manufacturing companies as large transactions and a low barrier to entry makes the risk worth the lucrative return.
Payment diversion involves the manipulation of account details for a customer or a supplier. Once an account has been compromised, the fraudster can change beneficiary bank details and transfer payments to unauthorised accounts. Payment diversion can be committed internally, externally or collaboratively.
Payroll fraud, a form of internal fraud, involves the altering of the payroll system in order to divert funds to an unauthorised employee’s account. With a high churn throughout the workforce, manufacturing companies are particularly vulnerable. As temporary workers are used regularly, presenting false data as genuine is typically easier to achieve, and this increases risk.
The end-to-end payment journey needs to be monitored and adjusted accordingly to reflect the evolving level of risk.
To effectively reduce their risk of fraud, manufacturing businesses need to encourage collaboration between their departments and assign joint responsibility. When operating with such large payments, the teams with visibility of the payment journey must be coordinated. Working together, the audit team, IT department and Treasury can pre-empt attempts to commit fraud, weed out payment anomalies and identify infrastructural weaknesses throughout the system.
Beyond improved collaboration, manufacturing businesses need to implement regular review periods to assess and update the processes and safeguards in place. This helps to detect new vulnerabilities in the system before they can be abused. As circumstances change throughout the business, the payment journey needs to be monitored and adjusted accordingly to reflect the evolving level of risk. Manufacturing organisations must have the right systems in place to query and monitor abnormal behaviours and scrutinise 100% of payments at each stage of the journey. By automating the process, only the anomalies are flagged for investigation. Using cloud-based technologies, the system is air-gapped, isolating it from unsecured third-party networks and potential intrusion. For example, Bottomline’s Secure Payment solution resides on our network, so if a client’s system is infected our solutions will remain unaffected.
The origination of fraud can be categorised into two sectors: internal and external. While external fraud is regularly covered in the media, internal fraud is rarely acknowledged. This is particularly problematic as internal fraud makes up a disproportionate amount of the losses incurred by overall corporate fraud. Many companies overlook this risk and fail to consider the threat their own employees pose to economic security. This may be in part due to overconfidence in the systems in place and a reluctance to suspect internal staff.
Put yourself in the shoes of a fraudster: how would you take advantage of the systems in place? What vulnerabilities would you exploit? Sometimes the best way to weed out a fraudster is to think like one. Irrespective of the target, companies need to improve their internal communication to flag up vulnerabilities, sooner rather than later. This must also include supply chain partners. We are all used to only opening attachments from trusted sources, but what if the trusted source has been compromised?
To further reduce the threat of fraud to the organisation, manufacturers need to ensure processes are regularly updated to reflect the changing nature of their business. With regular evaluation, loopholes can be recognised and closed before they are exploited.
Left unchecked, fraud has the potential to cause significant damage to your business. To minimise the risk of fraud in your organisation, manufacturers need an infrastructure that coordinates their people, processes and technology to proactively recognise and detect vulnerabilities. With a well-managed fraud prevention strategy, the company can radically limit fraudulent activity and reduce the losses incurred.
Julien Laurent is market development manager, cyber fraud and risk management at Bottomline Technologies
Share this story