3 minute read
Protect Your Organisation from EFT Payments Fraud
WITH CYBER CRIMINALS NOW TARGETING AUSTRALIA’S STEEL INDUSTRY, NOW IS THE TIME TO PROTECT YOUR ORGANISATION FROM EFT PAYMENTS FRAUD.
Nobody would deny the past year presented unprecedented challenges. Despite it all, demand for steel is starting to bounce back strongly following the COVID-19 downturn. Additionally, a renewed focus on onshoring supply chains means the outlook for Australia’s steel sector looks promising.
Advertisement
But even as the heat rises in the furnaces at Port Kembla and Whyalla, new challenges are emerging. Last year’s cyber incident at BlueScope Steel is an important reminder that criminals are actively targeting the sector. Now is the time to make sure your organisation has the right systems in place to stay secure.
Among the most common threats Australian organisations face is Business Email Compromise (BEC) fraud. According to the Australian Cyber Security Centre (ACSC), there were 4,255 reported instances of BEC fraud in the 2019-2020 financial year, with losses exceeding $142 million. That figure is steadily rising year-on-year.
Typically, in BEC fraud, cyber criminals hack into your suppliers’ email systems. When a supplier sends you an invoice, the criminals manipulate the banking details in the email. Without knowing it, your accounts payable team processes an EFT payment to the fraudster’s bank account.
Similar scams see fraudsters compromise the email accounts of an organisation’s CEO or CFO. Fake emails are then sent to the accounts team, instructing them to wire funds to the fraudster’s bank account.
If all that weren’t worrying enough, criminals have even been known to manipulate supplier banking records by hacking into ABA files or ERP systems. Once again, the accounts payable team ends up transferring the payments directly to the fraudster.
Once your accounts team processes an EFT payment, there’s no retrieving the funds.
Relying on manual verification procedures, such as calling back suppliers before paying, is both timeconsuming and prone to error. For any organisation that is processing hundreds, if not thousands, of invoices each year, having your accounts team constantly calling suppliers to verify their details over the phone is hardly the most productive use of their precious time. And with criminals also known to manipulate supplier contact details, there’s no guarantee your accounts staff are even calling the legitimate supplier.
eftsure has pioneered a unique fraudtech solution to address the challenge of EFT payment security. By aggregating banking and other corporate data from nearly 2 million Australian organisations, eftsure has built the nation’s largest independently verified database. Each time your accounts team processes an EFT payment, the banking details are cross matched against this database. This process solves the fundamental security flaw where the banks don’t match account names with account numbers. Which makes it hard for people to spot whether payments are going to the right bank account.
Sitting over your banking platform, eftsure gives your accounts team realtime intelligence via ‘green-thumb’ or ‘red-thumb’ signals. These indicate whether the banking details you are using to process an EFT payment match the details used by other companies to pay the same supplier.
Recently, eftsure helped one of Australia’s largest diversified food and dairy companies avoid a $200,000 fraud attempt. Cyber criminals had breached a supplier’s email system and manipulated an invoice, changing both the banking information and the office contact details. Knowing that the supplier’s staff were all working remotely due to the pandemic, the fraudsters gambled that conducting call-back verifications would be difficult, if not impossible. However, what they didn’t gamble on was eftsure.
With eftsure integrated into their systems, the food and dairy company was alerted to the fact that the banking details in the invoice couldn’t be positively verified against our unique database. This critical red-flag ensured that the payment was put on hold pending further investigations, which revealed the fraudulent activity.
Visit eftsure.com.au today to learn how we can also help your organisation avoid costly EFT payments fraud.
This article was supplied as part of a paid advertising package.
What’s the most common method to get defrauded?
The ‘most-popular’ method is business email compromise (BEC). It’s an easy way to impersonate someone in a digital world so cyber fraudsters can pretend to be supplier, customer or partner to your business.
Do banks protect my business against payment fraud?
The Australian Banking system has a flaw: it cannot match Account Numbers to names – so all fraudster have to do is switch bank details, but keep the entity name on the invoice. Making it hard to detect fraudulent invoices.
Why do you need eftsure to protect payments?
Payment controls have not kept up with a digital world – even in some Top 50 ASX companies, you’ll find they check vendors/ supplier with people checking people – that will fail at high volume and over time.
