PwC’s 2019 Global Treasury Benchmarking Survey, see, found that only 15% of the 181 companies surveyed had no fraud in the last year while 9% had daily fraud attempts. When respondents were asked about who is responsible for payment fraud risk in your organisation:

Source & Copyright©2019 - PwC 

How can treasurers deter payment fraud and cyber-attacks?

PwC advises that “Effective protections utilise a layered combination of defences that reinforce each other.” Best practices include:

1. Raising awareness of employees. Many frauds are facilitated by simple human error or social hacking, so staff vigilance is important.
2. Managing process and controls. Consider approved payment methods (e.g., no paper-based or voice-only payments). Establish independent callback requirements for master data changes or large transactions.
3. Securing technology. Centralise and secure bank communication (payment hubs) as a way to focus investment and expertise, and provide structure to payment processes. Switch off electronic banking systems when not required (e.g., after business hours).
4. Collaborating with IT. Work with IT partners on minimum security controls around data encryption, authentication, ensuring robust interfacing, regular penetration testing, and adequate network segregation.
5. Creating a disaster recovery plan. Work with IT and financial operations to have a plan that includes training employees and testing of scenarios.
6. Advising the enterprise. Manage the disaster recovery plan and serve in an advisory role across departments.

---

CTMfile take: Commonsense and this excellent list will serve you well, but remember relentlessly sticking to it is essential.