Large cash management banks cover a wide range of companies from the smallest SME to global multinationals who have very different systems and approaches to preventing fraud and to cyber security. They range from SMEs who consider having antivirus protection is all that is needed to cover themselves, to large corporates have a full range fraud and cyber security, yet they are all exposed to the same fraud and cyber security risks. For banks, the reputational risk and the problems of being associated with a company that had a major fraud incident are huge and long lasting.

So banks have a range of services and facilities and education to help their customers avoid and prevent fraud. How they bring it together is where the banks differ.

Scary numbers and types of fraud

All banks have their version of the scary numbers in cyber fraud. Barclays, for example, highlight that in 2016 there were:

• 65% of large firms detected a cyber security breach or attack in the past year, some 25% experienced and least once per month
• cyber security incidents cost UK firms £34 billion last year.

Barclays also explain to their corporate customers that there are two basic sources of cyber fraud:

• social engineering-based fraud where the fraudster misleads people into revealing centres for information, e.g., CEO impersonation, phishing, visiting and smashing
• digital attacks which use, for example, Trojans, spyware, malware and ransomware to spy and/or take over corporates’ computers.

Like other banks, for both types of fraud Barclays give education and awareness training plus offering suggestions on suitable controls and techniques to prevent cyberfraud. Barclays bring all their fraud prevention technologies and practices in a holistic approach.

Barclays holistic approach to cyber fraud

Barclays have developed a multi-layered security model to prevent, detect and recover the stolen funds which combines six key aspects of fighting cybercrime, see figure below:

Source & Copyright©2016 -Barclays

In this holistic model, no one procedure or technique is sufficient on its own. Barclays have also found that it is particularly important to:

• use the new behavioural matching technology to check whether the user is complying with their behavioural pattern, e.g. how fast they move the mouse 
• employ payment profile monitoring to check whether a payment doesn't match the norm
• ensure that all processes and systems are user-friendly, i.e. frictionless
• have a team to react immediately when a fraud occurs. (Barclays team have been able to collect the majority of the money in most frauds. Although they have found that there is a problem with the Faster Payments Service which, although it is not international, is so quick they often cannot trace the payment.)

Pavan Nagori, Director, Digital Client Access, Barclays believes that there are three key questions corporate treasurers should ask of their company and department:

1. “Do we have the latest anti-malware software and processes in accounts payable and Accounts Receivable?
2. Do we have an appropriate level of education about cyber fraud in all parts of the company/department, where everyone knows for any payment or financial transaction that, “if in doubt query”.
3. Do we have the adequate procedures and controls, e.g. at least two people and two machines to approve online transactions?”

---

CTMfile take: There is no single fraud prevention practice or technology that works on its own, using a multi-layered holistic approach is vital in combating cyberfraud. Not only every bank should use this approach, but corporates should too. Are you …..?