PYMNTS-MonitorEdge-May-2024

Travel Managers Battle Growing Fraud Threats

Travel managers are battling against card skimming and other types of fraud — and the instances of fraud are on the rise, according to a recent study. Elsewhere, the U.S. Department of Justice has indicted 10 people for trying to steal more than $100 million from U.S. companies.

Fraud has become an issue to be reckoned with for travel managers, where payments related data breaches have impacted firms, according to a recent study by the Global Business Travel Association and AirPlus International. As reported on sites such as Skift, the survey queried 144 travel managers and buyers.

The data found that roughly two-thirds of respondents have been hit by payments and data breaches in the past year. The threat will grow in the future, said the respondents, with data security the most at risk. The survey found, too, that a majority of firms have taken steps to educate their business travelers of the risks, and 79 percent of the respondents said single-use virtual cards have been useful in anti-fraud efforts. Yet, the virtual cards are not widely used, with only one in five companies having reportedly adopted them. When virtual cards are deployed, limits can be set on transactions.

“We have seen the need to educate around virtual card benefits not just to travel managers, but to corporate finance and procurement departments as well,” said Diane Laschet, president and CEO of AirPlus International. “This method of payment has the strongest level of security controls available on a payment tool, which is critical in the age of data breaches. When you couple that with the comprehensive data associated with each transaction, it is easy to see why this is the future of business travel payment. The benefits really touch all areas of the company from the back office to the traveler.”

Separately, as reported in Fortune, the U.S. Department of Justice (DOJ) said it has indicted 10 people who allegedly tried to steal at least $100 million from several firms, the majority of which are based in the U.S. The DOJ said in a court filing in Pennsylvania this week that the 10 individuals — who hail from Ukraine, Russia, Bulgaria and other countries — utilized malware, known as GozNym, to hack into banking details tied to the 13 firms and organizations they targeted, a roster that included law firms and churches. The attacks had taken place since 2016.

The attacks occurred via the use of phishing emails. Some attachments were conduits to put malware on victim’s computers, having been disguised to look like invoices. Through the use of that method, they were able to transfer significant sums — in some cases, more than $100,000 from bank accounts.

In one case, a church lost more than $217,000 in a single transfer completed by the fraudsters. In other cases, the banks were able to stop the transfers, which means the fraudsters were not able to make off with the full $100 million they had attempted to steal. The exact amount stolen has not been quantified, but, according to reports, the losses were in the millions of dollars. Of the 10 individuals named in the indictment, five have been arrested, with the other five, listed as Russian nationals, remaining “at large.”

PYMNTS-MonitorEdge-May-2024