From the Magazine

Building Protection from Payments Fraud

Can an organization afford to lose 5 percent or more of its revenue each year?

For a $500-million company, that represents a $25-million loss. Though the answer seems obvious, the reality is that nearly 50 percent of organizations that admit their risk oversight processes are “immature to minimally mature” are doing just that, states a study by the Poole College of Management.

Payments fraud is one of the most common risks that businesses face. But there are several easy-to-implement tools available to protect against payments fraud.

■ Make Payments Electronically. While most businesses use electronic banking platforms, a surprising number still opt for the paper check route. Not only is electronic banking cost effective, using an Automated Clearing House network to make payments electronically is the single-most effective way to protect against fraud.

This is because paper checks are involved in an estimated 90 percent of payment fraud issues given their longer payment verification times and the fact that they are more easily copied and reproduced. ACH blocks and filters can also be established to validate all attempts to remove funds from a company’s account.

■ Positive Pay. Positive Pay is a check fraud loss-prevention tool that makes sure that every check paid out of a company’s account matches its corporate check register. When a check reaches the bank for payment, any discrepancies trigger an alert. This allows Positive Pay to identify fraudulent checks before a financial loss occurs.

Many companies experienced payments fraud in the past year, but perhaps the most frightening risk management challenge is the threat posed by increasing stealth cyber attacks. Because of the severe financial risk associated with cybersecurity breaches, nearly 42 percent of chief financial officers now directly manage their company’s information technology, according to a recent study by Gartner and Financial Executives Research Foundation.

Major data breaches recently have set alarm bells ringing about businesses’ online security, or lack of it. But it’s not just consumers’ information that’s in danger of being stolen.

A new form of cyber fraud comes in the form of “spearphishing” scams. Most spearphishing scams are aimed at the “big fish” — CEOs and CFOs — in the form of emails that appear to be from the Internal Revenue Service, the national courts system or another government entity. Once opened or clicked on, these emails download malware that collects sensitive information from the executive’s computer.

Not only do these security breaches open an enterprise up to huge vulnerabilities, the financial cost can be overwhelming. The Ponemon Institute concluded that the average cost of a data breach in 2010 was $214 per compromised record. Multiply that by the thousands of customer files businesses maintain; the end tally can be enormous.

To protect against costly online security breaches:

■ Establish a culture of security. Have a defined and widely distributed policy that covers all IT-related issues, from authorized use of a company’s database to appropriate use of email, Web browsing and social networking, to utilizing a need-to-know policy and restricting employee access based on job position. This should be regularly monitored and enforced.

■ Practice Layered Security. While there is no silver bullet for effective security, utilizing both physical and technical layers of security protection is a good start. Several experts recommend using a separate computer for online banking. Since this is not always feasible, many banks historically issued their customers “tokens” to strengthen their validation process. A token is a key fob with a digital screen displaying a security code that changes every 30 seconds based on a unique mathematical algorithm specific to the token.

While widely used, the tokens system is far from foolproof. An executive’s physical token could be lost or stolen, and in March 2011, the largest provider of tokens — RSA Security — was hacked, releasing extremely sensitive financial information and security codes.

Some of the most critical tools treasurers and other financial executives can invest in are those that help safeguard their business from the negative impacts of fraud. Smart financial executives will hope for the best and prepare for the worst to ensure protection for the business and customers.

Todd Adler is Senior Vice President and Director of Treasury Management at Associated Bank.

This article first appeared in Financial Executive magazine.