E-book: Payment Fraud: Assessing and Responding to an Escalating Threat
Know what you're up against to develop fast, effective responses to cybercrime in treasury
To guard organizational liquidity effectively, treasury bears a responsibility to keep watch over all elements that affect payment security, even if those elements don't fall within treasury's mandate. To lead your organization's tactics, you must stay on top of news in the war on fraud. Our recent e-book in collaboration with Strategic Treasurer can help.
This eBook discusses:
- the current situation surrounding fraud and the efficacy of average organizational defenses
- new methods and technologies that criminals are using to defraud organizations
- new methods and technologies that treasurers can use to defend themselves
- regulations such as PCI-DSS and SWIFT DSP, which aim to protect those who use payment platforms
- examples of common types of fraud
- multiple ways to protect your organization.
To appropriately guard organizational liquidity, treasury bears a responsibility to keep watch over all elements that affect payment security, even if those elements themselves are not their responsibility.
This eBook is intended as a tool to help treasury understand the current situation, the threat levels of various types of fraud, common areas of vulnerability, and frameworks and tactics for constructing a solid defense.
FAQ
Why are treasury professionals in an "all out war" against fraud?
Many of the risks that treasury guards against, from market fluctuations to currency devaluation, are impersonal, passive threats that can affect the value of assets incidentally. While these passive threats are dangerous and complicated enough, treasury faces one very intentional threat: fraud. There is nothing incidental about this risk. More than idly threatening liquid assets and data, cyber criminals are waging all-out war against organizations.
In such a war, there is no room for uncertainty regarding roles. Everyone must know their responsibilities. Unfortunately, the responsibilities for payment security can be scattered and unclear, and treasurers often find themselves unsure what role they are to play. They realize that payment fraud is a significant risk, and they know they must manage risk. That said, however, the mechanics of payment security fall at least partially to other departments, such as IT.
This situation raises an important question: What is the treasurer’s role in managing the risk of payment security when some parts of the enactment of payment security fall outside the treasury function?
To draw an analogy, the proper role of the treasurer in payment security is that of superintendent. The superintendent in a school does not drive the bus, teach all the children or perform custodial services. However, the superintendent is responsible for making sure all these tasks are being performed and are meeting or exceeding standards.
In the same way, treasury is not in charge of everything. Treasury does not choose what firewall to buy, make all the payments, set the router passwords or install the access card system at the entrance points to the building. To appropriately guard organizational liquidity, however, treasury bears a responsibility to keep watch over all elements that affect payment security, even if those elements themselves are not their responsibility.
Since this may be easier said than done, we’ll discuss more details surrounding the appropriate performance of treasury’s role as superintendent of payment security in a later section. For now, however, it’s clear that to carry out this role, treasury must keep abreast of news in the war on fraud and must be involved and proactive in leading their organization’s tactics. This eBook is intended as a tool to that end, helping treasury to understand the current situation, the threat levels of various types of fraud, common areas of vulnerability, and frameworks and tactics for constructing a solid defense.
In such a war, there is no room for uncertainty regarding roles. Everyone must know their responsibilities. Unfortunately, the responsibilities for payment security can be scattered and unclear, and treasurers often find themselves unsure what role they are to play. They realize that payment fraud is a significant risk, and they know they must manage risk. That said, however, the mechanics of payment security fall at least partially to other departments, such as IT.
This situation raises an important question: What is the treasurer’s role in managing the risk of payment security when some parts of the enactment of payment security fall outside the treasury function?
To draw an analogy, the proper role of the treasurer in payment security is that of superintendent. The superintendent in a school does not drive the bus, teach all the children or perform custodial services. However, the superintendent is responsible for making sure all these tasks are being performed and are meeting or exceeding standards.
In the same way, treasury is not in charge of everything. Treasury does not choose what firewall to buy, make all the payments, set the router passwords or install the access card system at the entrance points to the building. To appropriately guard organizational liquidity, however, treasury bears a responsibility to keep watch over all elements that affect payment security, even if those elements themselves are not their responsibility.
Since this may be easier said than done, we’ll discuss more details surrounding the appropriate performance of treasury’s role as superintendent of payment security in a later section. For now, however, it’s clear that to carry out this role, treasury must keep abreast of news in the war on fraud and must be involved and proactive in leading their organization’s tactics. This eBook is intended as a tool to that end, helping treasury to understand the current situation, the threat levels of various types of fraud, common areas of vulnerability, and frameworks and tactics for constructing a solid defense.
What are 8 actions that treasury professionals should consider to effectively respond to threats of payment fraud?
Each of the following actions are highly recommended. Implementing even one of these can significantly bolster your stance against fraud and can open the door for future security improvements as well.
#1. Create a comprehensive inventory of payment paths: This is one of the first steps in assessing payment security. Make a list of every single payment path running through your organization, no matter how small or obscure.
#2. Identify top problems with each payment stream: A logical follow-up to the inventory, this action shows you areas where you are most likely to be exploited so you can shore up the defenses.
#3. Benchmark your security at least every other year: When it comes to payment security, what was paranoid last year may be standard now, and falling behind your peers makes you an easy target.
#4. Assign specific responsibility for monitoring fraud types in the news: To stay ahead of the criminals, you need to watch their movements carefully. To make sure that happens and to simplify the matter, divide and assign the monitoring of developments in various fraud types among treasury staff.
#5. No less than quarterly, hold a fraud and control briefing with your full staff: A quarterly meeting, if not a more frequent one, focused on security helps staff keep each other informed and provides a space for discussing vulnerabilities and potential solutions.
#6. Be intentional about research and learning: Every month, listen to a podcast, watch a webinar, read an article, or learn by whatever means suit you. Whatever you choose to do, be intentional.
#7. Get payment security specific training: While general training on security can be quite helpful, a good training course specifically for securing payment processes pinpoints the unique challenges you need to know about and shows you how to address your organization’s most pressing payment security needs.
#8. Consider technological support: Take the opportunity to familiarize yourself about what a treasury management system with integrated controls, secure payment gateway, and other fraud prevention technology can offer.
#1. Create a comprehensive inventory of payment paths: This is one of the first steps in assessing payment security. Make a list of every single payment path running through your organization, no matter how small or obscure.
#2. Identify top problems with each payment stream: A logical follow-up to the inventory, this action shows you areas where you are most likely to be exploited so you can shore up the defenses.
#3. Benchmark your security at least every other year: When it comes to payment security, what was paranoid last year may be standard now, and falling behind your peers makes you an easy target.
#4. Assign specific responsibility for monitoring fraud types in the news: To stay ahead of the criminals, you need to watch their movements carefully. To make sure that happens and to simplify the matter, divide and assign the monitoring of developments in various fraud types among treasury staff.
#5. No less than quarterly, hold a fraud and control briefing with your full staff: A quarterly meeting, if not a more frequent one, focused on security helps staff keep each other informed and provides a space for discussing vulnerabilities and potential solutions.
#6. Be intentional about research and learning: Every month, listen to a podcast, watch a webinar, read an article, or learn by whatever means suit you. Whatever you choose to do, be intentional.
#7. Get payment security specific training: While general training on security can be quite helpful, a good training course specifically for securing payment processes pinpoints the unique challenges you need to know about and shows you how to address your organization’s most pressing payment security needs.
#8. Consider technological support: Take the opportunity to familiarize yourself about what a treasury management system with integrated controls, secure payment gateway, and other fraud prevention technology can offer.
Who are Coupa and the Strategic Treasurer?
Coupa and Coupa Treasury
Coupa empowers companies around the world with the visibility and control they need to spend smarter and safer. By breaking down silos and unifying the procure to pay process, Coupa provides greater visibility, control, and scalability of payments, working capital and treasury. Coupa Treasury helps businesses to optimize liquidity and spend by achieving greater visibility and transparency, increasing agility and improving forecasting and planning. Businesses are empowered to improve operational performance with automation across multiple subsidiaries, currencies, accounts and users and to mitigate security, compliance and liquidity risk. To learn more about Coupa, visit www.coupa.com.
Strategic Treasurer
Strategic Treasurer provides consulting, research, and professional services for treasury management, security, technology, and compliance. Since 2004, corporate clients, banks, and fintech providers throughout the world have relied on their advisory services which are backed by a deep awareness of current practices, plans, and perceptions through their annual surveys and decades of treasury experience. The mission of Strategic Treasurer is to elevate and enhance the practice of treasury by advising individual clients and informing the industry at large. Headquartered in Atlanta with consultants based out of Philadelphia, Cleveland, and Washington DC, Strategic Treasurer guides treasury and finance professionals through real-world, mission-critical issues that organizations face today.
Coupa empowers companies around the world with the visibility and control they need to spend smarter and safer. By breaking down silos and unifying the procure to pay process, Coupa provides greater visibility, control, and scalability of payments, working capital and treasury. Coupa Treasury helps businesses to optimize liquidity and spend by achieving greater visibility and transparency, increasing agility and improving forecasting and planning. Businesses are empowered to improve operational performance with automation across multiple subsidiaries, currencies, accounts and users and to mitigate security, compliance and liquidity risk. To learn more about Coupa, visit www.coupa.com.
Strategic Treasurer
Strategic Treasurer provides consulting, research, and professional services for treasury management, security, technology, and compliance. Since 2004, corporate clients, banks, and fintech providers throughout the world have relied on their advisory services which are backed by a deep awareness of current practices, plans, and perceptions through their annual surveys and decades of treasury experience. The mission of Strategic Treasurer is to elevate and enhance the practice of treasury by advising individual clients and informing the industry at large. Headquartered in Atlanta with consultants based out of Philadelphia, Cleveland, and Washington DC, Strategic Treasurer guides treasury and finance professionals through real-world, mission-critical issues that organizations face today.
