“Cyber is my number one issue…it’s what keeps me up at night” said the treasurer of a large US nonprofit. He was part of a gathering of around 50 fellow financial leaders for a Fraud Symposium at the 2022 Association for Financial Professionals (AFP) annual
conference in Philadelphia Sunday. The event continues through October 26.
The AFP is the main industry information exchange and certification body for treasury and finance professionals, headquartered in the Washington, D.C. area with an office in Singapore. The organisation provides training, testing, qualification, and advocacy,
as a hub for continuing financial education and news and sponsor of two credentials, Certified Treasury Professional (CTP), and Financial Planning and Analysis (FPAC).
Cybersecurity and increasingly creative attacks by online, phone, and text-phishing fraudsters and social engineers were key topics of the group conversation, along with the latest FBI statistics on new, old, and emerging schemes and scams perpetrated by
financial criminals against businesses.
During a 90-minute session, treasurers, finance managers, CFOs and others shared stories on recent fraud experiences and expectations for the coming year. Subjects ranged widely, from fraud-filter protection for ACH debits to bad actors building fake websites
to fleece unsuspecting visitors. An expert panel included representatives of the AFP and NACHA (National Automated Clearing House Association – the US governing body for ACH transactions and regulations).
Noting major threats from potential breaches, even beyond financial loss, to his organisation’s valuable donor data, the nonprofit finance head urged others to pursue ACH transaction tokenisation. This masking of actual account and identifying information
for financial transaction partners, he asserted, could minimise the potential for catastrophic loss of sensitive info to state-sponsored cybercriminals and other nefarious groups. He challenged colleagues and NACHA to ask banks for ACH-focused solutions to
emulate tokenisation practices commonly undertaken to secure card-based payments and collections.
Improving staff training and systems for fraud prevention and detection, and maintaining a ‘playbook’ to guide management actions in case of attack were other hot topics for the panel and participants.
ACH and AFP officers and panelists shared stats and charts showing that Business Email Compromise (BEC) remains the most prevalent and expensive financial crime, with billions in reported losses to targeted organisations each year, according to the
FBI’s website, Internet Crime Complaint Center, IC3.gov. However, cheque fraud continues to be an issue in the U.S., with many businesses resisting moves to more efficient transaction options, such as
same-day or next-day ACH debits and credits, and emerging Real-time payments (RTP) rails with their 24x7, 365-day functionality.
The symposium panel and audience members offered several helpful fraud loss prevention tips, with three drawing particularly strong interest:
- Vendor onboarding systems are powerful tools for onboarding and vetting new payees and ensuring their payment details are legitimate
- Email rules for key finance and treasury staff should be carefully monitored to prevent interlopers ‘hijacking’ internal addresses to create spoofed payment instructions
- It’s critically important for treasury and payments departments to align with their IT and Corporate Info Security teams, with finance kept ‘in the loop’ re: any third-party breaches to help prevent related financial attacks.