Since payment fraud involves many different types of activity the best way to identify suspicious patterns is to integrate disparate data sources, and cross check data from multiple angles.
Early detection is the key to stopping payments crime—the sooner a current payment fraud incident is identified, the lower the likelihood that the attack will be repeated.
The losses for payment fraud are high. Last year’s wire transfer schemes included Ubiquiti which reported a $46.7 million loss, Xoom Corp. that lost $30.8 million and Irish airline Ryanair that claimed $5 million in losses. High damages can occur when hackers have access to create and manage user accounts and permissions that enable them to initiate and approve fraudulent payments or divert existing payments.
There are dozens of ways to commit payment fraud. Creating bogus customer records and bank accounts, initiating false payments (Automatic Clearing House Fraud), and intercepting and altering payee details and amounts on checks and payable orders are just a few examples.
Payment fraud extends across all payment types including SWIFT/Wire, faster payments, BACS SEPA payments, ATM/debit transactions, ACH/bulk payments, bill payments, P2P/email payments, checks and all the different forms of domestic electronic transfers available in various markets.
In addition to the increase in the sheer quantity of incidents, attacks are more complex, targeted, and often socially engineered where hackers impersonate managers to convince employees to make fraudulent wire transfers. Once hackers gain access to the permission management system they can create new users with the ability to initiate payments, and another to authorize payments and even a third user can be created to add new payees or suppliers. Since all the organizational rules are being followed, the transactions may be committed without any warning that fraudulent transfers have taken place.
This type of fraud can not only result in high amounts of damages for the initial attack, it also enables the hackers to perform multiple fraudulent transfers over an extended period of time resulting in extensive financial damages.
The best way to uncover this type of activity is to look for anomalies in four areas: user behavior, physical location, security authorizations, and account activity. When all of this information is collected and correlated it’s possible to detect this type of fraudulent activity sooner.
For example, the e-payment fraud scenario can be detected if all of the following observations were combined; new security authorizations were granted to certain users, payments have been authorized to a supplier whose bank account number has been recently changed, and the IP address for the individual executing these transactions is not a typical one. Each of these factors alone is not enough to pinpoint fraudulent attempts. By analyzing the behavior of different users across multiple systems the right conclusions can be reached.
When all four angles are analyzed and correlated there is a good chance that the fraudulent activity can be uncovered. Fraudsters can take over identities and try to hide their tracks but they can’t cover up their abnormal behavior.
Hackers will continue to create new methods for taking over employee accounts and committing fraud. However, by monitoring online behavior suspicious activity can be identified earlier in the process keeping the organization’s assets and reputation intact. Proactively capturing and analyzing a combination of suspicious activities across all four pillars can be the key to preventing fraud.
Hagai Schaffer is vice president of product management and marketing for Bottomline Technologies.