Cybercriminals now operate on a wide scale, and they use a variety of sophisticated tactics to compromise security measures and commit B2B payments fraud.
The fraud attacks perpetrated by these cybercriminals are especially costly to organizations when they impact B2B payments, and fraud-related costs amount to 2% to 5% of annual revenues, as reported in the “FinTech Risk Management Playbook: Combating B2B Payments Fraud,” a PYMNTS and nsKnox collaboration
Get the report: FinTech Risk Management Playbook
Payments fraud is nothing new, with businesses reporting a rise in breaches even before the health crisis. But as fraud becomes more sophisticated, organizations must continually improve their ability to anticipate and protect themselves against rising numbers of more advanced threats.
Read more: Remote Finance Teams Expose B2B Payments Fraud Vulnerabilities
Cybercriminals now employ sophisticated, data-driven methods, cutting-edge technology and psychological tactics to trick employees and compromise businesses’ trusted partners to get access to firms’ financial information and accounting systems.
Common Sources of Payments Fraud Activity
The primary source of payments fraud activity is the business email compromise (BEC) scam, in which criminals send an email message that appears to come from a known source making a legitimate request. They then try to trick employees into using fraudulent banking details.
Fraudsters also use sophisticated technologies such as phone hijacking, phone spoofing and deepfake artificial intelligence (AI) voice cloning to accomplish the same over the phone.
Once they trick unsuspecting employees or penetrate an enterprise’s security defenses, the organization becomes vulnerable to malware, spyware and other attacks that could compromise otherwise secure systems and business-critical data, ultimately resulting in the transfer of funds to fraudulent accounts instead of the intended recipient.
Problems can also arise in the work-from-home world when workers use their personal devices with traditional authentication. Using stolen credentials most likely gathered through phishing, fraudsters can now breach corporate networks and access internal databases by impersonating employees through their home networks.
An Accurate Assessment of Vulnerability
To counter such attacks strategically, it’s important for companies to have an accurate assessment of just how vulnerable their B2B payment systems are.
For one thing, organizations should implement best-practice processes and technology to ensure payment details are verified when onboarding new payees and processing requests to update banking details.
Also, businesses should protect data at rest — the business-critical, financial and vendor or customer information stored digitally on servers or in the cloud.
As it becomes more common, B2B payments fraud is gaining more attention from security teams.
B2B payments face escalating levels of fraud due to the way firms now handle accounts payable (AP). In many instances, AP staff enter invoice data manually and field invoice approvals via email, which exposes their organization to BEC attacks. Many businesses still rely on paper checks even though more secure alternatives are available.