breadth of opportunity for fraudulent activity puts increased pressure on organizations of all sizes to mitigate the risk of a data breach before it happens. THE SHIFTING FRAUD LANDSCAPE Fraud attempts can occur from both outside or within an organization, but 76 percent of all payment fraud is committed by an outside party2. Cybersecurity is becoming increasingly important. In fact, according to PwC’s Global Economic Crime Survey in 2014, 48 percent of organizations believe cybercrime risk has increased, indicating a need for increased cyber protection for every facet of the organization. Hacker groups are often very sophisticated, diversified and adaptable, and can operate globally across all delivery channels. Therefore, it is imperative that businesses are equipped with the right tools and technology to head off fraud to protect both themselves and their customers. SIX TIPS TO GUARD AGAINST ONLINE PAYMENT FRAUD AND BOOST CYBERSECURITY As a starting point, organizations need to have a better understanding of how sensitive data moves internally throughout the organization, as well as externally with vendors, customers and partners. Criminals will evolve and adapt their methods to target the weakest link in the payment ecosystem, forcing organizations to implement extra security precautions, including:
accessing company information, and the process does not take a significant amount of an employee’s time. Strong encryption is also a solid defense against hacking, but encryption alone is not foolproof. Automate processes: By implementing online payment processes such as remote deposit capture for checks, companies can reduce the number of manual touchpoints, thereby decreasing the opportunities for sensitive information to fall into the wrong hands. Additionally, tracking how employees use and have access to these payments services and records can prevent a fraudulent occurrence or data leak from happening internally. The ability to monitor patterns and changes in electronic payments will help alert teams to potential suspicious activity. Implement multiple controls: Having multiple controls and a clear segregation of duties for payments teams can further minimize exposure to both internal and external fraud, as it decreases the power of any one individual. For example, implementing dual controls on electronic payments such as wire transfers for reviewing and approving ensures that no single person is given disproportionate access, thereby mitigating risk of malicious interference
3
4
from an individual. Communicate clear guidelines and repercussions: What happens if sensitive company data is mishandled? Make sure your employees know the stakes, and establish a fail-safe investigation and recovery plan in the event of an internal breach. These steps will help protect an organization’s assets from being leaked. Safeguard against former employees: Once an employee leaves the company, it’s imperative to disable their data access, update all contact information with clients and vendors so that the former employee no longer has access to or control over any company data. As the payments ecosystem becomes increasingly complex, employees need to stay vigilant and ahead of emerging trends in payment security to reduce occurrences of fraud. Through both internal policies and the implementation of monitoring and reporting tools, organizations can stay one step ahead of fraudsters and ensure the security of their company data. While investing in more secure forms of payment and infrastructure may come at a price, implementing these security features mitigates the risk of a costlier breach in terms of brand reputation, service disruption and the bottom line impact.
5
6
1
Ongoing evaluation: Organizations should regularly evaluate fraud management policy and test security features to accommodate changes in business practices. By conducting this evaluation on a regular basis, organizations will identify gaps where they are most vulnerable to a hacker.
2
Implement firewalls and a n t i - m a l wa r e s o f t wa r e : Implementing and updating firewalls and anti-malware software in a timely manner is a definitive step toward thwarting attempted outside attacks aimed at
source: www.gotcredit.com
Payment Quarterly | Q1 2016
19