People and businesses expect access to their money and payments in real-time, and electronic funds transfers such as Fedwire and Swift transfers offer a convenient way to send payments to vendors, clients and partners rapidly.
However, fraudsters are aware of the high potential transaction value of electronic funds transfers and are turning to subversive means, such as impersonating executives, to fraudulently steal funds from organizations.
This relatively new but rapidly increasing type of electronic funds transfer fraud, called "CEO fraud," has crippled many organizations over the past few years. It occurs when individuals create bogus messages generated from an organization’s senior leader to ask – essentially trick – employees to wire funds. The requested amounts aren’t from the petty cash box.
Wire fraudsters are initiating transfers averaging $67,000 each, which is 33 times the average fraud loss for consumer checking fraud. Individual incidents can and do easily run to seven figures. One recent CEO fraud led to a loss of $55 million,. Losses of this magnitude have the potential to bankrupt a major business. According to a recent FBI report, CEO fraud has cost organizations more than $3 billion in losses over the past three years alone – and that’s probably a conservative estimate. The FBI also estimates that fraud loss exposure for this type of fraud has increased by 1,300 percent since January 2015.
Criminals are committing EFT fraud and CEO fraud because of the exponential payoff and high probability of success. To combat these attacks, organizations need to implement advanced and accurate security controls, capable of analyzing patterns and flagging potential frauds before the transactions are sent out to the settlement systems. Some protocols that C-level executives and other financial leaders within organizations can put in place to prevent CEO fraud include:
Creating special, risk-based processes for approving unusual transfer requests. For example, establish flags for specific amounts and leverage analytics to uncover deviations in behavior (e.g., requests for $10,000 or greater) or locations (e.g., outside of the continent) that can trigger a second review. This adds a layer of security for any request that seems outside of the organization’s normal activity.
Outsourcing the review of transfer requests. Using an accountant or financial assistant outside of your company to review wire transfers in-depth can assist in preventing unintended fraudulent activity.
Scanning email system regularly. Fraudsters hack into email servers and send counterfeit requests from authentic C-level email addresses. This becomes virtually untraceable when outgoing messages are deleted by the criminal. Routine testing of servers, along with regularly updating passwords, aide in preventing these hacking attacks.
Using analytics and predictive techniques for real-time detection. Companies can partner with outside vendors, who can help them build predictive models based on either their specific data or consortium data to combat CEO fraud.
Electronic funds transfers are typically large, fast and difficult to repudiate, and with the introduction of more and more real-time settlement systems globally, the transfers are often final. Fraud involving these types of transfers is threatening to organizations of any size. It is critical that companies incorporate strategies into everyday practices to mitigate CEO and wire fraud.
Andrew Davies is the vice president of global market strategy and financial crime risk management for Fiserv.