The shift of financial processes from manual to digital, automated solutions can significantly improve efficiency, but it also creates vulnerabilities that can open the door to sophisticated criminal entities conducting fraud online.
How can businesses mitigate the risk?
EverC thought leader and VP Melissa Sutherland recently joined Finexio’s Chief Commercial Officer Bill Fox in a PYMNTS webinar about how to implement better risk management for back-end processes such as accounts payable (AP).
An accelerated digital shift accentuates the need to watch for vulnerabilities
The COVID-19 pandemic pushed many organizations to convert back-end processes from paper to digital, as more employees worked from home rather than in one central location. But this shift also encouraged bad actors to develop new techniques and hone their methods for committing fraud. “We were concerned about keeping our ecosystem moving. They were concerned about penetrating our ecosystem,” said Sutherland.
Moving from paper processes is unquestionably a step in the right direction, but still requires measures to prevent fraud. “The paper check is the most vulnerable payment that exists, something like 22 times more likely to be involved in fraud than a virtual card, double the likelihood of being involved in fraud than ACH,” said Fox. “But what we’ve seen in the last couple of years is ACH fraud increased 200% since 2021.”
Staying ahead of an evolving threat landscape
“What we learned is moving from archaic to digital overnight is going to topple us over,” Sutherland said. “We also learned during this ecosystem shift that bad actors don’t travel in tiny little packs anymore. They are giant, convergent threat actors.”
She continued, “So the cataclysmic event that shifted us, which seemingly should have been an awesome celebration of, ‘Hey, we’re getting old systems into the digital economy. Amazing!” is actually, ‘Oh gosh, we are so vulnerable that it’s going to take us forever to shore up all the vulnerabilities that we have. We’re building the plane and we’re flying it all at the same time.”
As digital and automated processes become more prevalent, current models of risk management are not sufficient against today’s threat landscape, according to Sutherland.
“Most of the systems, as we shift from paper to digital, have a couple of fraud models. Maybe they have a few risk triggers. They are in no way set up to understand that a single-hit, lone-wolf attack is not going to happen anymore. A bot attack with an absolute flurry of synthetic identities pouring into their ecosystem, is absolutely going to happen.”
Being too cautious can create friction by slowing down processes like payments transactions, and in the process alienate your vendors or merchants, but some friction can be necessary, according to Fox. “Of course, we want to automate and use AI and use robotic process automation as much as possible…but we want to take a breath and make sure that we’re not paying a terrorist.”
Ongoing data analysis: The key to effective risk controls
Gathering and analyzing data over time can enable organizations to identify patterns that indicate fraudulent activity, according to Sutherland.
“Migrating or maturing with the data over time is probably the biggest gap you'll see in newer entrants into this digital payment ecosystem,” Sutherland said. While organizations do seem to have some controls “at the front door” when onboarding new merchants or vendors, they fail to track data continuously once they’re “in the house.”
Ongoing, consistent monitoring would provide a broad view of merchant activity that would enable companies to keep up with changing threats. “Doing a little bit of tech in the front then letting it go stale is very common. Doing a whole bunch of tech at the front and then assuming everything's going to be great, very common. Doing a little bit over time, not as common, but that's exactly what we need to be thinking about.”
Watch the webinar
Wondering how digital transformation can improve operational efficiency while closing gaps that could let fraud through the door? You can catch the full conversation on the PYMNTS website.
EverC solutions are backed by billions of data points
EverC uses AI and billions of data points at onboarding and on an ongoing basis. This enables organizations to rapidly identify patterns that signal criminal activity, enhancing operational efficiency and enabling them to focus on business growth.