Optimizing Fraud Prevention through Payments Centralization

Optimising Fraud Prevention through Payments Centralisation

David Stebbings, Head of Treasury Advisory, PwC UK

A high level perspective on the payment fraud environment

© 2016 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL.

The payment fraud challenge - it’s big news!

PwC Global State of Information Security survey 2016

38% increase in cyber security incidents in 2015

PwC Global Economic Crime Survey 2016 20% of UK companies had a significant fraud event in past two years

Recent high profile incidents Bangladesh Bank lost USD 81m early 2016Recent reported incidents at Ecuadorian and Vietnamese Banks

But the effect is not just financial !!!Regulatory, reputation and also potential criminal effects

Treasurer and team control cash and are often responsible for treasury and commercial payments - so this is an area of increasing focus


Your money paid into a bank account of a fraudster. Fraudster launders money so not recoverable.

Can happen on all types of payment mechanisms - Cheques, Credit / P Card and Electronic Payments.

Focus on electronic payments - fraudster needs to create fraudulent payment or change details of a genuine payment.

What is payment fraud and how might it happen?

Third parties - Banks, SWIFT etc. Within control of company - systems maybe externally hosted

Payment initiationPayment approval

and releasePayment execution to final

destination

Cyber HeistExternal

Phone / Business Email Compromise (BEC) - e.g.. UBIQUITI

Hacking into internal systems

Hacking into internal or external systems. Or connectivity between systems. E.g. BANGLADESH CENTRAL BANK

Internal -process

More traditional source - either from internal IT, finance etc.,Up to 50% of payment fraud from internal sources. (18% management)False invoices, changing details/data etc. Bypassing internal controls

Fraud more likely when

More decentralised payment processes, many different systems, no defined standards in place, more countries, more banks, more bank accounts. Treasury, finance, legal, IT not aligned. Fraud not taken seriously by executives. People not a focus.


How might you prevent it - you can not rely others !!

Payment initiationPayment approval and

releasePayment execution to final

destination

Your Finance System (s)

TMS may be hosted Swift/Bacs/ACH Bureau

Your bank (s) Receipt bank (s)

Swift

RisksUndertake a payment process review to confirm key risks for your organisation and regulations you must comply with. Then agree what are acceptable and unacceptable risks given your business, your geographies, your culture and your IT landscape.

Yourpayment process

Global standards and policies, segregation of duties within key systems, particular care over settlement instructions and vendor details, approval limits and regular updating of approvers, checking of system audit logs, regular audit / fraud reviews, regular reconciliations and checking of bank accounts (daily or even intra day). Not just Treasury but also finance, legal, IT etc.;

Be suspicious of emails and calls asking for payments that are outside normal process (BEC); Make use of technology solutions for whole business - agreed design and set up of key controls within them, payment factory?; Focus on people - hiring, training, make sure people take holidays, make sure finance/legal / HR linked on this.

IT solutions Cyber controls, surveillance procedures, monitor traffic, up to date versions of software, investigate failures or odd traffic; and Encryption of data going between systems, secure interfaces, use of authentication to validate payments and payment failures.

Use of thirdparties -TMS, Swift Bureau, Banks.

When choosing - thorough selection process - including IT Security. Make sure they comply with your IT / cyber security, requirements. Check regularly. Consider your own penetration testing on their environment; and

Check liability of third parties within payment process if they are compromised and money is taken from your account via a Cyber heist or their negligence. (Banks, SWIFT, TMS, Swift/ACH/BACS Bureau. Consider Cyber / payment fraud insurance.


Its not if but when it will happen so you need a clear incident response plan

Who tells who and who gets involved - particularly internal (HR, senior management, finance, IT etc.)

In what cases should payments be blocked - easier if before release?

If released - how can your banks block a payment?

If the payment can not be blocked from going out - how can it be recovered?

Who liaises with your banks - treasury / legal etc.?

Whilst this is going on how do you make other payments safely?

What are the differences in incident response between jurisdictions?

Identify the cause to learn for next time

Make sure the plan is known by all

A clear incident response plan - tested !!

Payment InitiationPayment approval and

releasePayment execution to final

destination

Your Finance system (s)

TMS providermay be hosted Swift Bureau

Your bank (s) Receipt bank (s)

Swift

‹#›© 2016 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL.

It is “when” not “if”

Process and Cyber heist risk

Not just your systems and process -third parties are important

Centralised process, policies & use of systems generally reduces risk

People are key

Have a response plan

Summary of thoughts…..

Stéphane Curcio - Principal Presales Consultant at Kyriba

Optimising Fraud Prevention Technology

‹#›© 2016 Kyriba Corporation. All rights reserved. PROPRIETARY & CONFIDENTIAL.

Fraud is a current growing concern 62% of organizations have experienced

attempted or actual payments fraud1

20% year-on-year increase in number of companies which recorded an actual fraud2

20% of corporates report fraud committed by employees3 with a maximum loss of $2.5m4

61% of business leaders recognized cyber attacks as a threat to growth5

Cyber attacks as likely as Natural catastrophes and more likely than Large-scale involuntary migration6

Sources: (1,2,4) ACT 2015-16; (3) AFP, 2015; (5,6) PWC Insurance 2020 & beyond, 2015


Five technology areas with preventative measures

Architecture

User Administration

Business Workflow

Information Exchange

Reporting


Rely on a secure architecture for your payments

Be aware of building and physical security

• Building access, CCTV, Intrusion alarm, Visitor security escort

• Environmental hazard protection, Uninterruptible Power Supply

Be trained on network anti-intrusion measures

• Firewalls, Anti-Virus, Network Zoning, Daily Intrusion Testing

• Distributed Denial of Service, Intrusion Detection System, Log Analysis

Demand a resilient hardware architecture

• Password policy, removable and hand-held device management

• Encryption of data at rest & in transit, Resiliency, Latency

Ensure personnel and functions segregation

• IT and System Design Roles & Responsibilities

• “Chinese walls” multi-tenant database, Application Penetration Testing


Kyriba

26% of declared fraud activities are internal*

Open safe passages to computer and applications

IP filtering

Date and time of access per user

One-time password

Dual factor authenticationincl. 3SKey and USB tokens

Workstation timeout

Segregation of duties

Segregation of data

Password policy setup

*2015 AFP Payments Fraud and Control Survey

Single sign-on


Design collusion-free workflows

• Dual admin

• Templates lockdown

Reference Data

• “Robot” user

• Consistency checks

Import• n-eye

• ABC Panels

• Settlement limits

Signature

• Token(s)

• Automated reminders

Release


Enter a maximum file security space

To Bank From Bank

Encryption

Pattern Analysis

Sanction Filtering

Decryption

Handshake (XML)

Checksum (MD4)

ACKs (MT, camt)

From ERP


Craft control reports to close the fraud loop

• Next-day Recon

• Next-day Statement

• Same-day Reports

• Same-day ACKs Export

& Report

Listing & Audit

Trail

Daily Recon

Export &

Report


Be trained

Be demanding

Besmart

Rulein

InquireCheck

Strengthen

NegotiateBe aware

Where to start?


Contact Us

facebook.com/kyribacorp

twitter.com/kyribacorp

linkedin.com/company/kyriba-corporation

youtube.com/kyribacorp

slideshare.com/kyriba

kyriba.com/blog

[email protected]

020 7268 3499

Economy & Finance

Optimizing Fraud Prevention through Payments Centralization