Fraud Prevention Month Special Edition
Sophia Carlton, CFE
Fraud Risk Executive | Fraud Magazine Columnist | LGBTQIA+ ERG Leader
Did you think you were only getting one Fraud Thoughts this month? Well, I am happy to say that you are receiving a second special edition in honor of Fraud Prevention Month; cue cheers ??
In this edition, Suzanne Carlson and I share insights from 摩根大通 Payments Trust & Safety Leaders Ryan Schmiedl and Steven Bufferd . We focused on the fraud landscape specific to treasury management, but the lessons here apply across departments and industries.
In our conversation with Ryan and Steven, we discussed:
Without further ado, let's dive in...
Introducing Our Esteemed Guests
Ryan Schmiedl is the Global Head of Payments within Trust & Safety at J.P. Morgan. He is responsible for protecting the bank and its clients from the impacts of fraud and financial crimes. Specifically, Ryan oversees product, engineering, and machine learning functions for fraud detection, validation services, authentication, and sanctions screening for JP Morgan Payments. Ryan also leads embedded banking products. He has extensive expertise in product management, software engineering, machine learning, and operations.
Steven Bufferd is a Managing Director responsible for Trust & Safety products in the J.P. Morgan Payments unit. In 2019, Steven's team launched the Account Validation Services product to support the bank's clients. He has contributed to the payments industry during a time of transformational growth and evolution through various positions on industry operating committees. A veteran of the financial services industry, Steven has held a number of senior product executive roles in J.P. Morgan within Payments.
Fraud Threat Landscape
Let's take a look at our takeaways from the discussion with Ryan and Steven:
Wouldn't it be nice if every in-depth conversation translated into an easy-to-reference image? Well, Fraud Thoughts readers, lucky for you, our snapshot above does just that. The discussion with our guest stars of this edition revealed some interesting insights.
The numbers also back up the trends our guests noted. Below, we will dive into BEC and check fraud a bit deeper, including exploring recent statistics on losses and trends.
Business Email Compromise (BEC)
BEC scams are still highly prevalent and have been found to be the root cause of payments fraud at a majority of organizations. Let's take a look at what the 2023 AFP Fraud and Control Survey found related to BEC fraud:
How does emerging technology impact BEC threats? The answer is simple: it adds fuel to the fire. Generative AI has fueled the phenomenal growth in BEC threats, facilitating incredibly well-crafted and targeted social engineering-based attacks that are challenging to detect.
A report by cybersecurity platform Perception Point revealed that generative AI advancements fueled a 1,760% surge in BEC attacks in 2023. According to the report, cybercriminals can craft creative emails leveraging generative AI that impersonate companies and business executives, fooling their victims into handing over their data and money. The report indicated that BEC attacks accounted for only 1% of cyberattacks in 2022. However, this number rose drastically to 18.6% last year and this trend will likely continue in 2024.
Remember, generative AI may be a weapon for fraudsters. However, it is also a new tool in the fight against fraud; it can help improve the efficiency and effectiveness of investigations, analytics, and models and support fraud prevention and detection efforts.
Want to learn more about generative AI's impact on the fraud landscape and how you can leverage it as a new tool in your organization's fight against fraud? Check out the Inaugural Edition of Fraud Thoughts.
Check Fraud
In line with one of our key messages in the visual above, ensure emerging technology doesn't lead to you taking your eye off the ball. Historical threat vectors do remain strong and steady, like check fraud. The 2023 AFP Fraud and Control Survey survey found that checks are the payment method most vulnerable to fraud - a trend that has remained consistent since the first AFP survey. Additionally, the survey also found that:
Here at Fraud Thoughts, we have had our share of discussions related to Check Fraud, including trends in check fraud, novel approaches to mitigation, and predictions for 2024 in past editions. There was an expectation that checks would become a way of the past; as noted above, three-fourths of organizations that use checks plan to keep using them. This means this threat vector will remain open for bad actors for the foreseeable future, making strong fraud mitigation the key to preventing loss.
With all of this in mind, let's shift gears to how you can build fraud prevention into your business to combat the current and emerging fraud threat landscape.
领英推荐
Top 4 Proactive Fraud Prevention Tips
Our guest's top 4 tips for fraud prevention for CFOs and Treasurers are:
Let's explore each one below...
1??| Build a mosaic with layered defenses - There is no silver bullet; fraud prevention (and everything that follows) requires a layered approach.
For example, when thinking about vendor payment validation in a B2B context, what kind of process can your company implement to verify a change in payment information for a known vendor? How can your team ensure the change is authentic, such as leveraging available validation services? Validation Services can be built into your payment flows to verify accounts, businesses, and individuals in real-time so you can proactively safeguard payments before they are made.
2??| Focus on education - Education is a powerful tool that enables understanding, awareness, and more effective fraud prevention. There are plenty of resources (like this Newsletter) if you are just getting started; there is no need to start from scratch. Education also goes beyond internal awareness efforts. You can and should leverage forums, industry events, and other connection points to compare notes with peers: Are they seeing what you are seeing? Are they experiencing an emerging threat you haven't seen yet that you can start to prepare for?
It is essential to approach education strategically as a formal effort encompassing an internal and industry analysis program. This will lead to a more substantial impact than ad hoc efforts.
3??| Don't forget the power of influence - Our guests shared stories of fraud prevention going awry. Instances where fraud was not taken seriously until it was too late, leading to CFOs or Treasurers losing their roles and the organization facing unrecoverable losses.
Influence can help you build buy-in for fraud management before a fraud event occurs. The goal is to leverage influence to gain buy-in from peers and key stakeholders around the need for fraud management, its benefits, and why it is important to act now rather than later.
4??| Defense is as important as offense - Prevention is the goal, but inevitably, things slip through the cracks. This is where a strong defense is imperative. Things like transaction monitoring, anomaly detection, and rule-based alerts, among other techniques (or a combination of them all!), can provide insight into what 'normal' is. If we understand the baseline, we can also define what an outlier looks like, enabling us to detect potential red flags or suspicious activity proactively.
CFOs and Treasurers should consider their business, define what 'normal' is (e.g., working hours, currencies, payment locations), and then leverage this type of monitoring to look for outliers (e.g., a transaction made outside of working hours in a currency not usually used directed to a location where transactions are not typically sent). Emerging technology, such as generative AI, can also enhance these defenses. For example, you can ask generative AI to define your 'normal' based on your data.
The final piece of the pie when talking about your defense is your response. If an anomaly or outlier is identified, what is your process? How are you ensuring timely follow-up to foster potential recovery? The longer a follow-up or action takes, the less likely recovery is.
What is your favorite tip? Share your thoughts in the comments; we would love to hear from you!
Final Advice for CFOs & Treasurers
Steven Bufferd provided an excellent framework that we also see variations of in the fraud community. CFOs and Treasurers should build a framework that captures prevention, detection, investigation, remediation, and containment.
Check out a visual of what this framework looks like in practice from our friends at 摩根大通 :
Considerations for Developers
Ryan Schmiedl has a few considerations for developers to keep in mind related to fraud prevention; check them out below:
On the last point, Ryan noted that developers are proud of their work and want to share it with the community; however, in some cases, sensitive information is not scrubbed beforehand. He provided a good example: cloud-based account keys. These should not be included in open repositories, but there have been instances in which developers did not scrub them before sharing. This type of mistake or oversight can lead to identity theft, account takeover, and other harm to the customer and the business.
What did you think about this special edition of Fraud Thoughts? Share your thoughts in the comments; we would love to hear from you!