Treasury News Network

Learn & Share the latest News & Analysis in Corporate Treasury

  1. Home
  2. Fraud Prevention
  3. Minimizing Payment Fraud

Industry roundup: 3 December

Deutsche Bank and Merck India partner on an all-inclusive, premier, state-of-the-art treasury system

In efforts to support Merck India’s cross-border business, Deutsche Bank ( delivered a state-of-the-art solution that includes integrating cross-border payment flows, regulatory validations, FX execution & risk management, liquidity management, and automated reconciliation into one central system. This solution will provide Merck a savings in the low millions EUR annually. According to Deutsche Bank, Merck will be able to further automate its current information flow, eliminate FX risk, and avoid the labor-intensive manual involvement from shared service centers with this innovative treasury solution.

Rajesh Thakur, Co-Head of Global Transaction Banking, Deutsche Bank of India, commented that they have worked diligently to help achieve Merck's primary objectives and requirements by implementing an innovative and automated treasury system driven by artificial intelligence (AI), particularly the receivables matching and analytics solution. Deutsche Bank’s treasury system is able to integrate with Merck’s enterprise resource planning (ERP) system, enabling up to 95% automation by matching all types of incoming payments to their accounts receivable reconciliation processes.

Jörg Bermüller, Head of Cash and Risk Management in Group Treasury, Merck, noted that the project has transformed Merck's financial processes into those of a state-of-the-art organization through cross-departmental collaboration and the use of new technologies, in addition to offering the benefits of automating outdated systems, preventing fraudulent activities, and realizing significant cost savings.


Settlement Discipline Regime (SDR) to take effect 1 February 2022

Deutsche Bank updated the Central Securities Depositories Regulation (CSDR) Settlement Discipline Regime (SDR) toolkit, providing clients (from investors to Central Securities Depositories) with pertinent information needed prior to the implementation date of 1 February 2022. The SDR toolkit is a set of measures to prevent and correct errors in the settlement of securities transactions. Furthermore, this regulation is expected to improve the security and efficiency of securities settlement in the European Economic Area (EEA).

Paul Maley, Global Head of Securities Services and Regional Head of Corporate Bank UK and Ireland, Deutsche Bank, stated how important it is, specifically in the post-COVID recovery era, to work together to improve the efficiency of securities trading into the post-trade and to promote and secure the European capital markets.

The toolkit provides the following information:

  • History of CSDR.
  • SDR overview, preventative measures, cash penalties information and repercussions.
  • Operational discipline (internal and external obligations, operational efficiencies, and operational essentials).
  • Deutsche Bank solutions.

Emma Johnson, Director, Market Advocacy, Securities Services Europe, Deutsche Bank, stated the importance of market participants to expand their knowledge of the regulations and impacts on business and operational processes while upgrading their operational, communication and escalation functions.

For more details on the CSDR: Settlement discipline regime client toolkit, please click here. Internal (


Bexs Banco and Thunes partner to bring real-time payments to Brazil

Bexs Banco, Brazil-based international digital payments platform, partners with Thunes, Singapore-based global payments firm, to bring real-time payments to Brazil (Bexs Banco | Leader in Digital Payments Processing and FX transactions in Brazil).

The partnership enables greater speed and transparency to domestic transactions to recipients in Brazil via Thunes, and Pix's over 112 million users will receive instant payments and interoperability between Brazilian banks and Fintechs. Pix’s contactless payments platform, ​​developed by the Central Bank of Brazil, generates more than a billion transactions per month (about nine out of every ten bank transfers).

Luis Henrique Didier Jr., CEO, Bexs Banco, stated they are the first payment service provider in Brazil to integrate Pix technology in cross-border transactions and now are able to process payments through Thunes, which enables payment processing for global businesses such as large technology firms and banks.

One example Didier Jr. mentioned was how Bexs Banco is able to accelerate payments to Airbnb hosts in Brazil from global payers, exemplifying global trade relations growth (increased network base), reduced processing time, and significant cost reductions in the Brazilian market.

According to Thunes, forecasts indicate global cross-border transactions will reach $156 trillion by 2022, of which about $150 trillion will be business-to-business (B2B), and Latin America will yield a greater share of that total.


Good security is not enough: Triple ransomware protection to increase defenses

According to the US House Committee on Oversight and Reform, the major 2021 ransomware cases (CNA Financial Corp., Colonial Pipeline Co., JBS Foods USA) all involved cyberattacks detecting minor missed security parameters set by the companies. Some of the missed security procedure situations exploited were single user accounts controlled by a weak password, employees accepting false web browser updates from the website, and stolen passwords from an outdated user account. One ransomware attacker used an old administrator account that was not disabled and was protected by a weak password.

Robert Bigman, President, 2BSecure Inc. and former Chief Information Security Officer, Central Intelligence Agency, commented that good security is no longer enough. He has witnessed a large company with good compliance security measures forced to pay ransom.

As sophisticated ransomware attacks continue to expand, Cybereason, a provider of defensive mechanisms to prevent ransomware attacks, discusses three layers of predictive ransomware protection:

  1. Machine learning: Behaviour-based protection beyond signatures to block malicious behaviour across the organization that is unique to unprecedented ransomware. Old and new strains of ransomware must be protected against.
  2. Behavioral document protection: Protection against document-based attacks where hackers will attempt “to hide malware in a document by using malicious macros that build a foothold in the network once an unsuspecting user clicks on the document.”
  3. Anti-ransomware platform must address script-based attacks: “A prevention layer for attacks leveraging PowerShell, .net, living-off-the-land techniques, fileless, and in-memory attacks.” According to Cybereason, integrating with AntiMalware Scan Interface (AMSI) provides additional insights into native scripts (JScript and VBScript), Office macros, and Windows Management Instrumentation (WMI) that attackers use for lateral movement. Ransomware protection platforms without fileless protection represent a major security gap. Attackers can bypass AMSI and older operating systems such as Windows 7 that do not require AMSI. Bigman stated a cyber attacker leveraged a memory-based attack in a recent case he observed.

Cybereason further explained the best predictive ransomware platforms always expect attackers to find ways to evade detection, and it is critical to be able to foresee the encryption stage of the ransomware attack. With the combination of Cybereason’s artificial intelligence (AI) and cloud technology, organizations can detect attacks quickly due to the ability to identify encryption activity at the earliest stage.

With cyber attackers constantly upgrading their methods to avoid detection, Cybereason’s Global File Manipulation Detection, known as fuzzy matching, actively tracks and identifies malicious changes by calculating substantial discrepancies between file contents. Dual monitoring of file contents is critical to detecting arbitrary files representing malicious activity.

Anti-ransomware platforms should not rely solely on data backups and rollbacks, as this suggests that cyber attackers can escalate into enterprise-wide hacks.

For more information, please visit Cybereason Predictive Ransomware Protection.

Like this item? Get our Weekly Update newsletter. Subscribe today

Also see

Add a comment

New comment submissions are moderated.