Payment fraud rises following the SVB bank crisis: How to protect your company.

TL;DR:

• In the wake of the recent banking crisis, cyberattacks are on the rise, especially relating to change of accounts.
• Vigilance and careful practices are the first and most important lines of defense.
• The transaction software you use for payables is key to identifying and thwarting attacks.
• Airbase provides additional levels of security that can be especially helpful in this environment.

It didn’t take scammers and cybercriminals long to try to profit from the fallout of the Silicon Valley Bank crisis. Fake SVB domains sprung up over the weekend following the bank being put into receivership on the preceding Friday. Twitter also became a haven for those looking to accelerate hysteria and push worried customers toward fake cryptocurrency and other “safety net” links. Some more thorough fraud efforts included phony DocuSign notifications via email, which prompted affected customers to re-authenticate themselves with “SVB.” These more built-out fraud attempts capitalize on a sense of legitimacy, which often leads to action from customers that lacks a certain standard of authentication or risk assessment. It takes careful attention and due diligence from customers and vendors to avoid falling victim to these more calculated fraud attempts.

The risk and the number of instances of payment fraud wildly increased when the market destabilized. But payment fraud is an ever-present risk — in 2021, 95% of companies dealt with attempted payment fraud. Staggeringly, three out of four attempts were successful. Managing this risk is something that should always be prioritized, and choosing tools and partners that can provide an additional layer of security can help. 

Conditions are right for scammers following the SVB collapse.

Since the crisis, there has been a mass movement to open new bank accounts by companies that relied on SVB. As companies scrambled to pay bills and make payroll, a huge sense of urgency ballooned, and the bank’s customers were left attempting to make decisions with little access to information directly from the bank. 

“During this time, we are going to see many finance teams bombarded with account change requests and asks to urgently modify wire destinations. This havoc fuels attackers.” — Ofer Maor, Chief Technology Officer, Mitiga

The crisis highlighted the need for clear and accessible communication lines with banks. Bank customers experienced an overnight shutdown of communication — no guidance on how and where they would hear from them, what website to use, what emails to expect, or who might be reaching out. Companies found themselves having to interpret the occasional FDIC press releases to assess the situation. The resulting communication gaps left an opening for scammers to move in. 

In unprecedented times like these, communication from vendors, banks, and solution providers needs to step up. As a payments company that partnered with SVB, we at Airbase launched an immediate and concerted effort to call every one of our customers to update them and provide alternatives. We were gratified to see how much that outreach was deeply appreciated by CFOs, controllers, and accounts payable managers who were operating in a very challenging environment. However, it is in these times that emergency contact lines and protocols must be accessible and clear to not only offer much-needed transparency but to ward off bad actors. 

Vigilance and best practices are the first and best line of defense. 

Whether a situation arises overnight or emerges from ever-changing vulnerabilities in the way we operate, how do you combat cybersecurity threats and attempts at payments fraud? There are best practices that companies can implement as a first line of defense. 

Security company Arctic Wolf offers the following recommendations to help users avoid falling for these attacks:

• Ensure users know how to identify a phishing email and where to report it.
• Provide examples of what users could expect and remind users to remain vigilant when receiving an email from an unknown or external source.
• Be wary of messages that create a sense of urgency and ask you to do something quickly, especially pertaining to SVB.
• Be cognizant that threat actors may use personal social media accounts or text messages to contact you.
• Review policies for verification of any changes to existing invoices, bank deposit information, and contact information.

According to Tonia Dudley, CISO of Cofense:

“Companies must be well-equipped to recognize possible dangers by understanding when it is okay to share credentials and reporting any errors to the security team. Organizations should also employ two-factor authentication or secondary security controls to validate requests for changes to account information and maintain system updates.”

Although nobody can predict overnight collapses or sudden cybersecurity threats, all of the above highlights that companies can implement robust tools, measures, and procedures pre-emptively. Secure systems and tools, supported by two-factor authentication and other robust controls, can serve as a bulwark against fraudulent activity and sudden requests for change. The right systems and tools will have a solid wall around them, meaning even the most stealthy and fast-acting scammers will be met with diligent security measures.

Your payables software can offer additional levels of protection.

Your payables software — or any software that handles cash flow and company expenses — provides a crucial opportunity to reinforce the controls around the money that leaves your company. 

Fraud protection, security, and robust controls have always been central to the infrastructure of the Airbase platform, which is SOC 2 Type II compliant. Our platform is protected by two-factor authentication, card locks, spend limits, potential fraud risk filters, fraudulent vendor flagging, notifications upon first payment to a new vendor account, and more. Our risk team constantly monitors activity to detect potential risks and develop mitigation strategies. 

In the wake of the recent banking crisis, Airbase has further enforced security and fraud protection, in particular around best practices regarding changes to vendor bank account details. We’ve rolled out two new features which provide extra support to our vendor portal and security features:

• Approval workflow for vendor payment detail changes. Airbase will now allow you to require approvals for changes to vendor payment details so that a single employee cannot update payment details by themselves. This is good internal control in general, but will also reduce the risk of a single employee falling for a phishing or other kind of fraudulent attack.

• Two-factor authentication for vendor portal. Vendors you have invited to Airbase can use the vendor portal to manage their payment details themselves. We are now introducing a second factor of authentication by sending a code via text message when they try to update their payment details. We will be collecting mobile phone numbers when vendors next log in to the portal. This will help prevent fraudulent updates of payment details if a vendor’s account is compromised.

Best practices when it comes to updating your vendor details.

Being extra vigilant of changes to the details of any bank accounts your business interacts with can help keep your company funds safe. When it comes to changes to your vendors’ bank account details — or any changes to your vendors’ details — here are some best practices encouraged by Airbase:

1. Always require two confirmation sources from the vendor to verify payment details.

2. Don’t have vendors call you to confirm details. Always be the one to make the call to them.

3. Closely review email addresses and be aware of how characters can be replaced noticeably (e.g., upper case “I” for lower case “L”).

4. Always be suspicious of payment detail change requests that come close to a large payment deadline.

Beyond the security features we provide and continue to improve, Airbase maintains a conscious awareness of fraud and security risks. We produce content to help you do the same. Here are some more resources to help you explore these topics further:

• Should I pay this bill? How to prevent fraudulent, erroneous, or duplicate bill payments.
• It’s more important than ever to protect your company from payment fraud.
• FTX: When everyone ignores fiduciary responsibility.

Check out an overview of Airbase’s security and fraud detection features here. We keep your money safe so you can focus on your business.