Multistep Validation Helps Buyers Slam the Gate on B2B Payments Fraud
Originally appeared in PYMNTS.com
The fraudsters just keep getting more brazen.
Data shows that the average online storefront experienced 344 fraud attempts in 2020, up 24% from the prior year, highlighting the importance of security measures for those involved in eCommerce.
While 59% of companies build fraud detection into digital payments processes, all too often, the bad actors still get through.
Robert Johnson, senior vice president of Corcentric Payments, told PYMNTS in an interview that supplier validation offers a robust line of defense in B2B interactions — especially as the criminals move from check fraud to electronic payment fraud.
“Supplier validation,” he said, “is the gate to identifying and preventing fraud attempts against companies.”
The “gate” is where a supplier needs to be onboarded by a buyer into its enterprise resource planning (ERP) system — making sure that there is fraud mitigation in place before that supplier is added, or as changes are made to that supplier’s details once they are linked to a buyer. Criminals are proving adept at sending emails that look and feel like they are coming from suppliers asking to make changes.
“Once they get through that gate,” he said, “that’s when the havoc starts.”
That havoc may be most acutely felt by smaller firms, which may not have the resources on hand to get proper validation efforts in place. He said that using third-party relationships and business networks can help offload the onus of validation and can become a trusted source of security for client firms.
Those same networks can also benefit the suppliers, ensuring that they are being paid properly and that funds are not being misdirected.
Taking Necessary Precautions
Johnson said all companies need to evaluate their internal processes, including how information is stored and whether they are using third parties to house that data (or are hosting it themselves).
Having the right lines of defense in place can ensure that when a supplier makes an e-mail request to be added by a buyer or to change in-place details, the partnering firm can make calls in order to make sure the request is legitimate — and the fraudster doesn’t get through the gate.
Criminals are getting smarter, using old tricks like texts to unsuspecting victims or phishing e-mails to lure victims into clicking on links and unwittingly installing keyloggers. With those keyloggers in place, the fraudsters can compromise a company’s credentials, usernames and passwords and accounts.
Education represents a key line of defense, he said, as do advanced security mechanisms that require the validation of users, such as multifactor authentication. With all of these lines of defense — education among stakeholders, alerts, independent verification and advanced technologies — an idealized and safe onboarding process can take shape.
Johnson said that when enterprises get requests to add new suppliers, there are steps — indeed, best practices — to take to make sure that the supplier is valid and that data is stored and secured.
“Segregation of duties is important because that supplier is going to have to be manually keyed into the ERP system,” Johnson said.
That separation, he said, can help guard against insider fraud. Ideally, he added, an enterprise will not want the person who has manually keyed in that supplier’s information to be able to pay the same supplier. There are also other lines of validation across third-party sources, such as Internal Revenue Service databases and the Office of Foreign Assets Control list. Independently verifying information with several callbacks can be key, too.
Over the longer term, we may see a consolidation of these providers and data sources into a global network that a supplier joins, where information is constantly and consistently verified. But for now, the more checks and balances, the better, said Johnson.
“I would recommend at least six to 10 steps in any validation process,” he said. “The more steps you have, the more likely you are to uncover fraud attempts.”
At Corcentric, we stand ready to help. To learn how we can help, contact Corcentric today.