5 reasons secure business payments must be a priority

By Shai Gabay, Co-founder & CEO, Trustmi

Fraud and human errors affecting business payments have threatened companies worldwide over the last decade. However, we’ve seen this trend accelerate over the past four years, with many reports showing that it’s only getting worse. Various activities enable threat actors to steal funds from an organization. Phishing, social engineering, and business email compromise are but a few tactics. These can have a devastating impact on organizations, such as significant financial losses, reputational damage, and even legal consequences.

After speaking with hundreds of companies about issues they’ve experienced, our team at Trustmi discovered that many ambitious organizations recognize the need to eliminate fraud, internal collusion and human errors from their business payment process. However, studies show that while most businesses have experienced invoice fraud, only a quarter recognize it as a significant issue, and the rest cannot assess the full impact on their business.

According to a study by the Association for Financial Professionals and JPMorgan, digital payment fraud for businesses has risen since 2021, increasing up to 10% for different digital payment rails. This report also highlighted that 84% of companies surveyed with at least $1 billion in annual revenue and more than 100 payment accounts experienced attempted or actual fraud in 2022. This is significant.

It’s time for companies to make B2B payment security a priority and address it sooner rather than later, especially since the risks are on the rise. Below are five reasons why this is a bigger problem today for your business than you might think.

New and Cunning AI Tools

The utilization of advanced tools such as ChatGPT, Deep Fakes, Voice cloning, Chatbots, and Generative AI products are transforming the way organizations conduct business. While some of these tools can create efficiencies for businesses, several were built explicitly to assist criminals and are being used for deception. These tools offer threat actors the ability to produce fabricated content that mimics executives and others authorized to make financial decisions, opening the door for social engineering attacks, phishing, impersonation, and other activities that can result in business payments fraud.

The emergence of deep fake technologies is particularly troubling. The remarkably realistic output of these tools makes it difficult to distinguish between genuine and fraudulent activity, especially as these technologies become increasingly sophisticated. The development of new and advanced AI tools continues to accelerate, so organizations need to consider protecting their vendor payment process for the long term today. Businesses embracing AI technologies to combat the dark uses of these generative AI tools can stay ahead of the game and combat payment fraud.

More Payment Rails, More Problems

The growing number of payment rails used for vendor payments today has increased the risk of fraud for fund transfers. A payment rail is a digital platform or network that enables the transfer of payments between two parties. Examples include ACH, wire transfers, Paypal, SWIFT, SEPA, and many others, all of which businesses use to pay their domestic and cross-border vendors. The underlying technologies function in different ways for different payment rails, and they each have unique vulnerabilities that are difficult to detect during a payment approval process. Threat actors might infiltrate ACH transfers by impersonating employees and requesting updates to banking information. Digital payments often have shorter processing times, making it harder to catch fraud before funds are sent to the wrong party. Banks don’t always detect whether payee accounts are legitimate, so they won’t reliably stop incorrect transfers at the last mile.

Monitoring and preventing vulnerabilities within the business payment process is cumbersome and challenging for finance and security teams, increasing the risk of errors and fraud. Managing how vendors are paid, particularly when there are thousands of them, is no easy feat. As businesses use more payment rails to pay their vendors, the complexity of business payment workflows increases, adding new vulnerabilities to the process.

Accelerated Payment Cycles Create Fast Mistakes

More digital payment rails have been introduced in recent years that can move funds in real time, resulting in instant payments. And businesses enjoy being paid in real time because it provides several advantages. With real-time payments, businesses can improve their cash flow by no longer having slow or pending transactions tying up necessary capital. Real-time payments improve a company’s cash position and liquidity by giving them better visibility into when they pay their vendors and when they get paid.

However, while real-time payments allow businesses to pay their vendors faster, using them creates the risk of real-time fraud because there is less time to detect criminal activity before funds go out the door. Mistakes or oversights during quick payment processing can be exploited by bad actors, resulting in immediate losses that often cannot be reversed. This threat will continue to grow as more digital payment rails are introduced, and instant payments become the standard. The balance of efficiency and security is vital for managing payment fraud in fast payment cycles, and yet not many businesses have realized how big of a challenge this has become.

Automatic Payment Approvals Lose Control

Many companies automate their payment approval process to speed up vendor payments and meet invoice deadlines. And it makes sense that businesses would want to automate their payment workflows, especially when they have thousands of vendors and thousands upon thousands of payments they need to process regularly. However, automatically triggering approvals without review means that errors and fraud can only be caught after the fact.

Also, automated payment approval workflows can increase the risk of business payment fraud because these processes won’t catch social engineering activities, business email compromise, and other fraudulent incidents. Bad actors can manipulate these approval workflows by hijacking email conversations, making false requests, and changing payment information, all of which are activities that can slip through the cracks and get automatically approved with nobody the wiser.

Without advanced security checks across these automated processes, attacks can go unnoticed. To eliminate incorrect payments in an automated payment approval process, there must be a way to detect issues instantly and flag suspicious activity so wrong payments aren’t processed automatically. Many companies don’t realize that while there are many benefits to automating their B2B payment workflows to boost efficiency and productivity, these underlying risks must be mitigated.

The Growing Complexity of Global Payments

The growing complexity, lack of standardization, and diversity of international payments make them vulnerable to fraud. Managing domestic payments is challenging enough, but adding thousands of international vendor payments into the mix creates more work for finance teams, which can open them up to further human error and cyber-attacks. Large organizations are particularly susceptible to these risks because they typically have many vendors and teams across several countries managing vendor payments.

Finance teams are not always centralized at global companies, which means that systems and processes are further siloed, which reduces or removes any visibility into potential risks. Additionally, identifying fraudulent activities can be challenging due to time zone differences, language barriers, and different international payment rails, which are not equally secure in every country. Furthermore, the vulnerabilities and complexities inherent in global business payments make them even more vulnerable to fraud by threat actors leveraging generative AI tools that are universally accessible. As international business accelerates and business payments become increasingly complex, more opportunities for error and fraud will arise.

Conclusion

Eliminating fraud and errors from your vendor payments has looming legal implications, which makes this an area that businesses, particularly public companies, must address immediately. In July of 2023, the US Securities and Exchange Commission announced its adoption of a rule whereby companies must report any ‘material’ cybersecurity incidents and ongoing incidents and disclose cybersecurity policies, governance, and management.

This means that companies are now required to disclose information on security breaches and provide updates on previously reported cybersecurity events, which include business payment fraud and internal collusion. This rule will provide a mechanism for authorities to take action against companies that fail to comply with the disclosure requirements and do not implement precautions.

Eliminating fraud and errors from the B2B payment flow is becoming more critical than ever, and businesses can no longer afford to roll the dice and hope everything will be fine. Businesses need to get their business payments right in the short term and prioritize an effective response to this growing challenge. This will help them to eliminate losses, grow their bottom line, and avoid the headaches of disclosing fraud and cyber-attacks to their shareholders later.

About the Author

A visionary entrepreneur, Shai Gabay has always held a deep passion for cybersecurity and fintech, developing his expertise in both areas throughout his career. He is a co-founder and CEO of Trustmi, a leading end-to-end payment security platform that he co-founded in Israel in 2021. Before Trustmi, he was General Manager at Opera and VP Product and Services at Cynet. He has also served as the CIO at Cyberbit and the CISO at Discount Bank, among other roles in cybersecurity and risk management. Shai holds a Bachelor’s Degree from Shenkar College in software engineering and a Master’s in Business Administration and Management from Tel Aviv University. Additionally, Shai was selected for the prestigious 1-year full scholarship executive excellence program at the Hoffman Kofman Foundation, a program tailored to outstanding alumni of IDF’s Elite Units. Through this program, he had the opportunity to study with prominent co-founders and leaders at renowned global tech companies and professors at elite universities.