Proactive strategies against payment fraud

March 2024 Financial (Industry), Security Services & Risk Management

Ryan Mer.

“Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent,” says Ryan Mer, CEO of eftsure Africa , a Know Your Payee (KYP) and payment fraud prevention platform provider.

In April 2023, three former bank employees received jail sentences of 15 years each for R190m JSE fraud. The trio accessed JSE portfolios without authorisation, making changes to the banking portfolio and transferring funds to their own portfolios.

In September 2023, two sisters from Pretoria were charged with fraud and money laundering for purportedly stealing R137 million from their employer. They allegedly used their senior positions to divert payments from customers to their own company, creating fake debit and credit entries to hide the theft.

Further spotlighting the severity of the issue, in December 2023, a former accountant from Boksburg was sentenced to 50 years after allegedly stealing over half a billion rand from her employer over a period of 13 years. At times, she stole almost R20 million a month without it being noticed.

Says Mer, “What often shocks people about such cases is how long perpetrators get away with their crimes and how much money they manage to steal before being caught. These individuals are often well-versed in their organisation’s payment procedures and exploit areas where picking up their activities is difficult, but with good controls, fraud can be prevented. Unfortunately, many companies do not carry out the necessary checks until it is too late.”

Here are three ways you can stop fraudsters in their tracks:

Implement strict protocols

“The right internal controls are essential in creating an anti-fraud company culture,” says Mer. “There should be a very clear chain of command and step-by-step methods for business practices that are vulnerable to fraud, such as procurement, onboarding and Payee Master and Payment Data Management. Unfortunately, in many organisations there is a concerning disconnect between the theoretical controls and what happens in everyday business contexts.”

Ensure that protocols are strictly adhered to. For example, organisations should take KYB checks seriously. “If you are doing business with another company, you have every right to ask them for their company documentation for internal verification purposes. There should be strict mechanisms at the point of onboarding, and approval processes must be consistent enough to make it very difficult for payment fraud to happen at all,” says Mer.

Prioritise training

Of course, even with clear processes and a chain of command that limits loopholes, fraudsters often manipulate people to get their way. Mer says that it is a myth that only gullible, unskilled professionals are susceptible to scams. “The misconception that only foolish individuals fall victim to cybercrime and payment fraud leads to complacency. Criminals are often well-skilled and armed with enough industry knowledge to appear legitimate.”

That is why training is essential. “Sound business processes can only protect a business so far. Sophisticated phishing and Business Email Compromise (BEC) scams can defeat the internal controls of even the most vigilant teams because scammers use psychological manipulation to get their way. It is essential to stay on top of the latest scams and share those tactics with staff members, as well as train them to develop a keen sense of suspicion. Anything that sets off alarm bells should be checked, re-checked and verified within teams – not independently.”

Automate and integrate

The surprising result of increased digital fraud and BEC is that many companies opt to solve this problem by introducing more manual processes, such as another person overseeing crucial checks. While training and checks are essential, digital threats must also be fought with digital solutions.

For example, in recent fraud cases in the news, attempts at duplicate payments could have been identified by automatically checking for duplicated payment amounts, dates or invoice numbers. A Software as a Service (SaaS) provider like eftsure can help enhance processes and limit payment fraud risks by providing an integrated onboarding, verified master data management and payment screening solution. This can be integrated into anything from ERP and accounting systems to sales and customer relationship management systems. The platform alerts you to any potentially compromised payment details, at point of payment, allowing you to deal with the problem before the flow of funds has occurred.

“While fraudsters are continuously finding new ways to exploit even the safest systems, having these measures in place will help you catch potential instances of fraud from different angles, so that none can slip through the cracks,” says Mer. “Such an integrated and automated fraud prevention ecosystem in your company is the best way to mitigate risk and stop payment fraud before it costs millions.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

How to prevent and survive fires
Fire & Safety Security Services & Risk Management
Since its launch in August 2023, Fidelity SecureFire, a division of the Fidelity Services Group, has been making significant strides in revolutionising fire response services in South Africa.

A long career in mining security
Technews Publishing Editor's Choice Security Services & Risk Management Mining (Industry)
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.

Risk management: There's an app for that
Editor's Choice News & Events Security Services & Risk Management
Zulu Consulting has streamlined the corporate risk management process with the launch of Risk-IO, a web-based app designed to consolidate and guide risk managers through the process, monitoring progress as one proceeds.

Integrated information platform for risk management
Editor's Choice News & Events Security Services & Risk Management
Online Intelligence recently launched version 7 of its CiiMS risk and security platform. Speaking to SMART Security Solutions after the launch event, the company’s Arnold van den Bout described the enhancements in version 7.

Global Identity Fraud Report revealing eight-month ‘mega-attack’
Editor's Choice Security Services & Risk Management
AU10TIX recently released its Q4 Global Identity Fraud Report, with the research identifying two never-before-seen attack patterns, with the worst case involving 22 000+ AI-generated variations of a single U.S. passport.

Linking of security officers by security businesses
PSiRA (Private Security Ind. Regulatory Authority) News & Events Security Services & Risk Management
[Sponsored] By law, all security businesses are required to declare their employees to PSiRA so that they can be accounted for administratively. Failure to link employees by security businesses is a contravention of the Code of Conduct and a criminal offence.

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

What you can expect from digital identity in 2024
Access Control & Identity Management Security Services & Risk Management
As biometric identity becomes a central tenet in secure access to finance, government, telecommunications, healthcare services and more, 2024 is expected to be a year where biometrics evolve and important regulatory conversations occur.

PSiRA Introduces the printing of certificates as an interim measure
PSiRA (Private Security Ind. Regulatory Authority) News & Events Security Services & Risk Management Associations
[Sponsored Content] The introduction of digital certificates was welcomed by the security industry; however, it also led to the exploitation of unsuspecting clients by third parties who print certificates at exorbitant fees.