PwC’s 2019 Global Treasury Benchmarking Survey, see, found that only 15% of the 181 companies surveyed had no fraud in the last year while 9% had daily fraud attempts. When respondents were asked about who is responsible for payment fraud risk in your organisation:
Source & Copyright©2019 - PwC
How can treasurers deter payment fraud and cyber-attacks?
PwC advises that “Effective protections utilise a layered combination of defences that reinforce each other.” Best practices include:
- Raising awareness of employees. Many frauds are facilitated by simple human error or social hacking, so staff vigilance is important.
- Managing process and controls. Consider approved payment methods (e.g., no paper-based or voice-only payments). Establish independent callback requirements for master data changes or large transactions.
- Securing technology. Centralise and secure bank communication (payment hubs) as a way to focus investment and expertise, and provide structure to payment processes. Switch off electronic banking systems when not required (e.g., after business hours).
- Collaborating with IT. Work with IT partners on minimum security controls around data encryption, authentication, ensuring robust interfacing, regular penetration testing, and adequate network segregation.
- Creating a disaster recovery plan. Work with IT and financial operations to have a plan that includes training employees and testing of scenarios.
- Advising the enterprise. Manage the disaster recovery plan and serve in an advisory role across departments.
CTMfile take: Commonsense and this excellent list will serve you well, but remember relentlessly sticking to it is essential.
Like this item? Get our Weekly Update newsletter. Subscribe today