PaymentWorks' fraud prevention platform

By Jeff Domansky, Feb 22, 2021

When it comes to fraud, universities are just one more appealing target for cybercriminals. Like many businesses, universities are taking proactive measures to prevent B2B fraud, and they’re looking to digital identity platforms and automation to reduce their vulnerability to attack dramatically12 minutes and editing.

Like the recent Florida municipal water attack, universities and other public institutions and businesses are all under attack by fraudsters.

According to the FBI, in 2019, $1.7 billion was stolen through business email compromise scams in the US. Globally, Nilson estimates 2020 payment fraud more than tripled from $9.84 billion in 2011 to $32.39 billion in 2020.

Payment fraud hitting universities hard

PaymentWorks prevents fraud

Not surprisingly, for security platforms like Waltham, MA-based PaymentWorks, business is booming as fraud incidents grow larger and more frequent. Organizations are building their fraud defenses accordingly.

COVID-19, work-from-home, distributed work teams, and distance learning are just some of the unique, additional fraud risks universities face. A 2019 Verizon Data Breach Report showed 53% of cyberattacks in the higher education industry involved stolen credentials.

The 2020 Verizon Data Breach Report shows 92% of educational services data breaches were financially motivated, while others included breaches of web applications (81%), stolen or used credentials (27%), ransomware attacks (80% of malware attacks), and phishing (28%).

High-profile data breaches of US universities show how costly the problem is. Recent hacks included Cape Cod Community College (2018, $800,000); University of Wisconsin-Parkside (2019, $315,000); University of San Diego (2019, $749,000); and University of Pennsylvania (2019, $123,000).

University of Kentucky’s heavy AP workload

The numbers at the University of Kentucky (UK) show a substantial workload comparable with midsize higher learning institutions using mostly manual systems. The UK’s 28-person purchasing department is a busy place handling:

University of Kentucky
  • 125,000 purchase orders every year
  • 240,000 P-card transactions
  • 62,000 additional documents
  • 33,000 active vendors on purchase orders, payment documents, and other transactions
  • 12,000 additional companies for vendors added every year.

The purchasing and AP system had too many moving parts. More than 2500 University employees sent out and manually collected information from various individuals, vendors, and suppliers. That information was not always reliably vetted, creating a massive workload, accuracy challenges, and potential security risk.

“Avoiding business email compromise and falling victim to fraud is at the forefront of every professional working in accounts payable today. These individuals bear the enormous responsibility of authenticating and authorizing payments – thousands of them in some cases – and must ensure they are in fact going to the right vendor, day in and day out,” said Thayer Stewart, CEO of PaymentWorks.

Solutions to payments fraud

Like many midsize universities, there are too many moving parts that can fail in a typical purchasing and AP system.

“Unfortunately, verifying payee information is still a paper-based, manually intense, and error prone process leaving both the university and the individual responsible, vulnerable to increasingly savvy fraudsters. Our solution not only digitizes the process but provides the peace of mind needed,” Stewart added.

PaymentWorks set out to automate and secure UK’s complex, manual, people-intensive process. The Business Identity Platform it designed integrated with the existing ERP to streamline the supplier/payee onboarding process with:

  • secure, real-time data submission by payees of their banking, tax, insurance, contact information, and diversity commitments.
  • online gathering and storage of backup documentation.
fraud solutions

PaymentWorks provided a secure data interface where suppliers can control the input and updating of their sensitive identity information and view real-time progress. This eliminated insecure channels such as information sharing by telephone and email, dramatically reducing the workload and risk of error for university AP staff.

For U Kentucky, PaymentWorks also managed the third-party verification of supplier information and real-time sanctions list checking. For other campus end-users they no longer need to obtain and submit W9 information directly to purchasing. They now simply invite suppliers and see real-time progress updates.

U Kentucky’s fraud prevention payback

With the new business identity management system in place, the university simplified, automated, and secured its new process in three ways:

  • a cohesive, controlled system to initiate new vendor invites, approve new vendors, and approve updates
  • PaymentWorks sends payee invitation; screens TINs and sanctions lists, confirms banking, sends new vendor registrations and notifications and sends push updates to the university
  • suppliers/payees create a PaymentWorks account, and complete the university’s form. They can log in at any time to update their profile information.
fraud prevention

The result is a considerable increase in efficiency, error reduction, increased compliance, and, most importantly, a higher security level.

“The University of Kentucky is far from alone in facing modern supplier challenges with an outdated system. We’ve had some close calls but have been fortunate not to get caught in vendor fraud like so many other universities. With PaymentWorks, we’re eliminating so much unnecessary complexity to create a process that is secure, efficient, and compliant. PaymentWorks validates all vendors, so we know who we are doing business with,” said Naomi Emmons, Associate Director, Central Purchasing at the University of Kentucky.

Others such as Johns Hopkins University and Medical Center, Rutgers University, Rensselaer Polytechnic Institute, and the Universities of Alabama and Tennessee have seen similar improvements in their AP efficiency and security.

Compared to the previous year, Johns Hopkins alone onboarded more than 10,000 new payees during its 2019-2020 academic year. 

The solution has proven so successful that earlier this month, E&I Cooperative Services, a non-profit procurement cooperative focused exclusively on higher education, partnered with PaymentWorks to offer its members in higher ed and K-12 proven access to affordable, secure vendor management capabilities. 

There’s a reason fintech solutions like these are proving popular. The list of positive outcomes includes dramatic efficiency improvement, faster, more accurate onboarding of suppliers, improved compliance, and higher security levels.

You can learn more about the University of Kentucky case study or how Paymentworks’ Business Identity System operates here.

Recent PaymentsNEXT stories on fraud and cybersecurity include:

12 billion records stolen last year; cybersecurity spend will grow +10%

The challenging state of small business cybersecurity