The latest set of survey results show how fraud levels are a major problem and its getting worse:
- EY’s latest survey - ‘Global Information Security Survey 2013’ revealed
- more than half (59%) of surveyed companies globally reported an increase in external threats
- 31% of companies agreed that the number of security incidents had increased over the past 12 months
- 32% said that phishing had changed their risk exposure most significantly.
- respondents admitted that cyber-attacks are here to stay
- AFP Payments Fraud and Control survey in the USA, published this month, revealed:
- 60% of respondent organizations were exposed to actual or attempted payments fraud in 2013, similar to 61 percent in 2012
- 82% - of respondents reported cheques were the primary target
- 43% - of respondents reported Credit/debit cards (corporate and consumer and up 29% in 2012) were targeted
- ACH fraud: debits decreased from 27% in 2012 22% in 2013, and credits increased from 8% in 2012 to 9% in 2013
- wire transfers increased to 14% from 11 % in 2012
- 80% of respondents that experienced actual or attempted payments fraud found it originated outside the organisation.
Fraudsters focus on the easiest, the most vulnerable point in all systems and processes. If it is or gets too difficult they move on. These surveys show that today fraudsters believe that the most productive sources of fraud are one of the oldest - cheques - and newest - e-commerce/cyber-systems.
Being reactive is not enough
Preventing fraud is an on-going battle. The fraudsters keep devising new ways of overcoming the security systems and procedures. Paper cheque systems keep changing to reduce fraud, but it seems unlikely that cheque fraud will be as low as ACH fraud due to nature of the cheque systems.
In cyber-system fraud, the basics still apply: the fraudsters attack the weakest link, the least secure player, e.g. the huge fraud at the Target group was because they had one of the least secure merchant processing systems. Hackers go round the electronic world just trying to see - the equivalent of - ‘is the door is locked’. If it is open then they have a look inside, and, if they can, they plant some malware to sniff out important information and slowly extract this information from the organisation - usually in encrypted form, so that it is harder for organisations to figure out what is happening.
It is not enough to react when this type of fraud occurs. Instead organisations need to consider holistically how security should be managed. The required holistic fraud prevention framework needs to include many departments: operations, procurement, payables and receivables, finance and treasury. The weakest link is where cyber system fraudsters will focus, and, once they are in, they can cause havoc.
CTMfile take: Cyber attacks are here to stay. Almost all organisations are becoming more inter-connected across whole group. So, is the link from your TMS to the subsidiary in Russia your weakest link? What is weakest link in your organisation and how could it affect treasury? These are serious questions that need to be considered across the whole organisation, not just treasury, but at least treasury could start the ball rolling.
Like this item? Get our Weekly Update newsletter. Subscribe today