Open a newspaper, turn on the TV or click on a link, and you’ll see any number of headlines — seemingly every day — that shine a spotlight on just how vulnerable our data can be, and how hackers are leveraging business email compromises and other scams to commit payments fraud.
One key area of urgency for businesses across all manner of verticals, nsKnox Director of Global Operations Cela Farhi told PYMNTS, lies with validating and sharing banking details.
These same firms may be investing significant amounts of time and money on building firewalls and protecting other types of data.
“But when it comes to sharing bank account details — whether you are sending payments or receiving out payments — there is not enough awareness of the vulnerabilities,” she said.
See also: nsKnox Debuts Bank Account Certificate
To get a sense of how fraud can play out in the digital age, Farhi relayed a story about an attack that happened to an acquaintance just a few weeks ago. That individual, a controller at a well-known venture capital (VC) firm, received an email purporting to be from the CEO of another well-known firm, providing bank details and requesting payment — a ruse that was successful in siphoning off 10 million euros (about $11.3 million) from the VC.
“I assure you, it is very difficult to get that money back once it’s gone,” said Farhi.
Mistaken Assumptions
All too often, we make the mistake of assuming that when we are sending information over banking and payment providers’ channels, those channels are secure. There are many ways to hack into those channels, Farhi said, which underscores the importance of verifying critical information at either end of a transaction.
After all, hackers can manipulate those details, steering payments to their own accounts before disappearing into the ether. One might assume that the bank receiving the payment would be able to flag a suspicious payment or that a provider might be able to have mechanisms to effectively catch fraudsters in the act, but that isn’t always the case.
“If we can have a secure way of transferring those sensitive details from one point to another and making sure that they are also verified — that this is the right vendor and the right client, and the bank details belong to them — well, that solves the issue,” she added.
It’s crucial to make sure that verification happens before the payments are made, that compliance, due diligence and know your customer (KYC) checks are done at that initial point of contact, and that the owners are who they say they are.
See also: B2B Security Provider nsKnox Wins US Patent
Farhi pointed to bank account certificates (as issued by nsKnox) as an effective line of defense against hacks and a key means of validating those details. She explained that those certificates verify account ownership and banking details, assuring those details are encrypted and secured.
“We are the ones going through the validation process and making sure the account is valid — that it is owned by the entity,” she said.
The certificate resembles a document issued on bank letterhead or a PDF file that is traditionally sent over email, she said.
The right encryption tools ensure that the details on a certificate can only be decrypted by the receiving party. The technology nsKnox offers breaks data into separate pieces across a range of databases, which in turn can be pieced together only by the back-end systems of the sending and receiving parties, Farhi said.
Such account verification will be an important technology and process to have in place, as fraud will only continue to get more complex.
At the same time, an increasing number of companies and industries will embrace the bank account certificates as a secure way of sharing sensitive information — in what she called an “unhackable” way.
“These details hold the keys to companies’ most valuable assets,” Farhi told PYMNTS, adding that “there is no reason to share details in any other way.”