Protecting Accounts Payable From Smarter, Faster Fraudsters

Accounts Payable

Payments are getting faster, fraudsters are getting smarter — and AP departments are often unwitting victims of phishing and other schemes. Bottomline’s Doug Cranston, VP of product management, tells PYMNTS that machine learning and other technologies can help wage effective battle against the bad guys.

Faster and emerging payments systems are gaining traction, as nearly half of corporates are using or interested in using new payment services. Among these new services, the top focus is real-time payments (55 percent), followed by same-day ACH (44 percent) and blockchain-based networks (35 percent), according to Bottomline Technologies’ 2019 B2B Payments Survey.

In an interview with Doug Cranston, vice president of product management at Bottomline, the executive noted that in the age of speed, fraudsters are able to more easily exploit firms’ vulnerabilities, compromise their accounts payable process and get away with ill-gotten gains, often to vanish without a trace.

“Fraudsters are getting smarter. They understand the payments space, they understand the settlement systems, they understand accounts payable,” he said. As banks provide new payment options to their business customers, he added, it’s important that they also help protect their clients from fraud.

It turns out the deck may be unfairly stacked against accounts payable (AP), treasury and other payments professionals as they do battle against fraudsters, especially if they have not yet been spurred to action because of fraud losses or attempts. Banks and their solution providers can help level the playing field by bringing to the table fraud expertise, as well as machine learning that can help detect and deter attacks.

But the bad guys, armed with that very wealth of knowledge, schooled in what works in victimizing companies across sophisticated avenues such as business email compromise scams, are conducting asymmetrical warfare. That asymmetry also gets a boost in an increasingly mobile age, where fraudsters can ply their trade across executives’ mobile devices through text messages.

There are several points of attack, Cranston said, spanning the AP continuum of receiving invoices to paying them. There is also a wealth of public and private data that can be amassed in order to launch an offensive against a company. In particular, businesses today must be leery of business email compromise scams, social engineering, and, as more transactions convert to electronic means, fraudulent bank account information provided by their suppliers or tampered with by inside employees.

“Accounts payable is certainly not the only part of the organization that is making payments,” Cranston told PYMNTS, “but very often, a significant majority of the payments” come from that part of an organization.

Each payment type — even if looking at legacy payments systems — has its own set of associated risks, according to Cranston. Paper checks can be altered, signatures forged. Wire transfers can be steered toward fraudsters’ bank accounts. “The fraudsters are not shooting in the dark here,” he said, adding that “these are people or groups who can leverage public and private information to quickly assess and attack an organization.”

Turning AP Challenges Into Revenue Opportunities

Clearly, security presents a mounting challenge for firms, especially when it comes to shoring up AP operations. As has already been well-documented in this space, AP remains mired in paper-based processes, where inefficiencies have a ripple effect, translating into security vulnerabilities, unnecessary costs, and less than optimal cash flow management. Technology, said Cranston, has the ability to improve performance across all of those avenues including helping to identify and stop fraudulent behavior throughout several points of the purchase-to-pay process.

There are four keys ways in which the right electronic payments technology solution (the executive pointed to Bottomline’s Paymode-X integrated payables network among them) can help businesses secure their payment processes: They include preventing account takeovers and unauthorized account changes. Across those efforts, multi-factor authentication and device fingerprinting help ensure that only authorized changes are made to critical bank or other account details. In other safeguard initiatives, some solution providers will store supplier bank account data in a highly-encrypted and secure network, taking the onus off businesses to do this themselves and reducing risk.

Other onboarding services include cutting-edge digital identity verification methods and manual expert reviews, solutions that can help businesses thwart identity theft and fraud attempts.

Separately, technology can also be used to identify characteristics of fraud attempts and automatically apply controls to protect against those attempts, without requiring end-user intervention.

Banks are becoming involved with parts of the payment ecosystem that they traditionally have not been involved with. Invoice automation is not an area where banks have had much presence, he said, and offering that option to corporate clients enables differentiation. There’s an increasing expectation for banks to do more than just provide the pipes for data or help corporations move money. The mindset of their corporate clients now, Cranston said, is “I need you to help me run my business,” and fraud protection is a great example of how a bank can do that, either through internal means or by partnering with a FinTech provider.

As Cranston told PYMNTS, “A solution that uses machine learning and other advanced technology to identify fraudulent behaviors at points throughout the AP process is almost like hiring a security consultant to sit with the AP all day, every day.”