Fighting bank fraud, a constant challenge for companies
In 2021, 2 out of 3 companies have been victim of at least one fraud attempt according to the Euler Hermes Barometer, and 1 out of 5 has been victim of more than 5 attacks. Whatever the size and sector of your company, it concerns you. What are the different types of fraud? And above all, how can you strengthen your banking security to fight against fraud?
How to recognize a banking fraud attempt
Bank fraud has always existed, but with emerging technologies and the current context of crisis and tensions (due to Covid-19 with teleworking, or the war in Ukraine), the phenomenon is increasing as the practices, more and more elaborate, are diversifying.
We might think that cyberattacks on computer systems are the most common frauds, but this is not the case. Social engineering seems to be the preferred technique of cybercriminals. Social engineering covers all the techniques used by cybercriminals to entice unwary users to send them their confidential data, or their access to the company’s information systems. The cybercriminal then uses this information to commit a fraud. The most common examples of social engineering fraud are:
- False supplier fraud: fraudsters impersonate a supplier or a company’s landlord, and then use the change of banking details as a pretext to divert the payment of services or rent to their own benefit. 48% of frauds in France are frauds with false suppliers (source: Sis ID).
- Fake president fraud: fraudsters try to convince an employee to make an urgent and confidential transfer to a foreign account by pretending to be the company’s director. It is difficult to detect the fraud since the interlocutor will be hesitant to demand identity verification.
- Fake banker fraud: fraudsters pretend to be your banker and ask for the execution of a “test transfer” that will be blocked in theory, but in reality, the transfer goes through another channel that authorizes exchanges between the company and a structure that will recover the funds.
- Ransomware: a ransomware is installed in the computer system. It encrypts all of the company’s data and asks for a large sum of money in exchange for decryption.
- Phishing: it was the most used fraud technique in 2020. It consists in sending mass emails asking for validation or updating of personal information in order to extract money.
Adopting the right reflexes to avoid cyberattacks
Social engineering techniques used by fraudsters are based on internal weaknesses of the company, or by putting pressure on an employee who is informed of fraud attempts.
Barrier measures that are fairly simple to implement can help you fight bank fraud.
Keeping up to date on fraud techniques
When fighting bank fraud, it is important to regularly monitor corporate scams and fraud techniques. Indeed, the fraudsters’ operating methods are constantly evolving to counter the new security measures implemented by companies.
Raising fraud awareness on your employees
Information is your best ally for prevention, so inform your employees of the fraud techniques they may encounter. Remind them to be alert to unusual situations. Here are the security measures to keep in mind:
- Use private and professional social networks with caution
- Do not leave sensitive information or documents unattended
- Not divulge information about the company’s operations to third parties
- Verify the contact information and identity of their interlocutors
- Do not open unsecured attachments
- Never act over the phone
- Do not divulge your login and password to anyone
- Use unique and strong passwords and change them regularly
Controlling your information distribution
Be careful not to divulge sensitive information to the general public:
- Limit or be careful with the information you make public
- Limit access to sensitive documents within your company
- Don’t hesitate to shred your obsolete confidential documents before throwing them away
- Store your sensitive documents in a safe place
Keeping your computer security system updated
The majority of fraud attempts are made via the Internet. Having a secure computer system is essential, and updating it regularly is even more so! As we have seen above, fraudsters are constantly innovating and perfecting their techniques, so you too must constantly improve and strengthen your computer security to avoid bank fraud.
Securing payments through a secure platform
The security of your payments is crucial, so it is wise to opt for a secure payment platform.
Security has always been a major focus for Exabanque. New functionalities are continuously developed to improve the security of our users’ payment procedures. In order to fight bank fraud, we have implemented:
The term “strong authentication” refers to the combination of two authentication factors. To connect to the Exabanque application, you can for example combine:
- Login / password + FIDO key
- Login / password + authentication grid
- Biometrics + Fido key
Possibility of defining the rights
You can define the rights and limits of each user. This ensures that no single employee can do the entire payment flow (create the beneficiary, create the payment, sign it, send it to the bank), and therefore significantly reduces the risk of fraud.
Setting up a white list
Exabanque gives you the possibility to set up a white list of countries to which transfers are allowed, and to block fraudulent transfers to unauthorized countries.
Single digital signature
It allows you to validate your payments securely. When you digitally sign your remittance from Exabanque, the file is automatically sent with the certificate of your validator to avoid any identity theft.
To this, you can add an additional step to ensure even more security: the validation “by click” in the software. This is an internal validation that confirms that the payment has been checked before signing.
A third party control system
Exabanque uses an anti-fraud system: third-party auditing, which allows us to control each step of your payment chain. We have chosen to collaborate with Sis ID and Trustpair to bring you additional security during your transactions. The Sis ID and Trustpair platforms audit the bank details of your beneficiaries directly in the Exabanque software and detect fraudulent bank accounts, thus avoiding any bank transfer fraud.
The company’s administrator benefits from a traceability system that makes it possible to quickly and accurately find an action as well as its operator, regardless of its nature. It is then easy to spot a potential fraud attempt and to act accordingly to stop it.