People and businesses expect access to their money and payments when and wherever they want, and as a consequence the number of programmes and apps to transfer funds electronically has grown hugely in recent years. New technology offers vendors, clients and partners a convenient and quick way to send and receive payments.
In tandem with this growth however, fraudsters are more aware of the high potential transaction value of transferring funds electronically and are turning to subversive means, such as impersonating executives, to fraudulently steal huge amounts of money from corporations.
This relatively new but rapidly increasing type of electronic funds transfer fraud - called "CEO fraud" - has crippled many organisations over the past few years. Individuals create bogus messages seemingly from a senior leader, for example the CEO, which ask employees to wire funds across to them. The messages ultimately trick employees into transfer large amounts of cash electronically.
Fraudulent transactions such as these average around £50,000 ($67,000) although individual incidents targeting fewer people in a company can easily reach seven figure sums. It is therefore easy to see how CEO fraud has the potential to bankrupt a major business, particularly when you consider recently one CEO lost £42million ($55million) to wire fraud. In addition, according to a recent FBI report, CEO fraud has cost organisations more than £2.3billion ($3 billion) in losses over the past three years alone, and the FBI has also estimated that the potential amount firms could lose to CEO fraud has increased by a staggering 1,300 per cent since January 2015.
Criminals are committing more and more CEO fraud because of the exponential payoff and high probability of success, as technology makes it easier to impersonate a company executive. To combat these attacks, organisations need to implement advanced and accurate security controls that are capable of analysing patterns and flagging potential frauds before transactions are completed. These are some protocols that C-level executives and other financial leaders within organisations can put in place to reduce the threat, and ultimately prevent CEO fraud. These include:
- Creating special, risk-based processes for approving unusual transfer requests. For example, organisations should implement a system that flags requests larger than a particular amount (e.g. greater than £10,000); leverages analytics to uncover deviations in behaviour; and recognises when the location of the request is unusual; (eg. outside of the content). Processes such as this can trigger a second review of the transaction request and adds an additional layer of security when the organisation’s behaviour differs to usual.
- Outsourcing the review of transfer requests. Using an external accountant or financial assistant to perform in-depth reviews of wire transfers can assist in preventing unintended fraudulent activity.
- Performing scans of email system regularly. Fraudsters hack into email servers and send counterfeit requests from authentic C-level email addresses which then become virtually untraceable when outgoing messages are deleted by the criminal. To aide in combatting this, organisations can run routine tests of their servers, as well as update passwords regularly.
- Using analytics and predictive techniques for real-time detection. Companies can partner with outside vendors who can help them build predictive models based on either their specific data or consortium data to detect and combat CEO fraud in real-time.
Wire transfers are typically large, fast and difficult to repudiate, and with the introduction of more and more real-time settlement systems globally, the transfers are often final.
Fraud involving these types of transfers is an ever-increasing threat to organisations of any size, and it is critical that companies recognise this and incorporate strategies into everyday practices to mitigate fraudulent losses.
Andrew Davies, Vice President of Global Market Strategy and Financial Crime Risk Management at Fiserv
Image source: Shutterstock/alexskopje