Payment Threats: A New Vigilance Needed for Compliance

Because fraudsters continue to attack, organizations must be vigilant and beef up their security programs.

16:53 26 April 2022

Payment frauds remain high, with various organizations experiencing actual or attempted fraud. It shows that fraudsters are still a perpetual threat despite security measures. Furthermore, it is proof that no matter the company's size, they are not immune entirely to attacks from people or groups who want instant financial gain. 

 

Because fraudsters continue to attack, organizations must be vigilant and beef up their security programs. 

 

It is important to recognize that no organization is immune to attack

Among the usual targets of payment threats are companies with annual revenue of $1 billion or more. However, companies with less than $1 billion in earnings are likely targets, too. Thus, it is vital for businesses to employ a PCI DSS compliance management solution to prevent payment fraud and keep cardholder information safe. 

 

Fraudsters are changing their tactics and approaches to make businesses and consumers part with their money. Many of the perpetrators come from outside the organization. However, there were reports that third parties, such as business trading partners and vendors, are also guilty of committing payment fraud. 

 

Evolving tactics to outsmart vigilant organizations

While organizations handling credit and debit card payments receive protection by being PCI DSS compliant, the threat continues. Perpetrators look for other ways to circumvent safeguards, develop new tactics to penetrate establishments, evade detection, and avoid raising red flags. Right now, different payment methods are not safe. 

 

According to surveys and other studies, more organizations are now suffering attempts of payment fraud from business email compromise (BEC) attacks. With this type of attack, the fraudsters try to deceive employees into making payments through phishing emails. They impersonate trusted sources, vendors, and even company executives. 

 

Wire transfers are the focus of BEC attempts. Another payment method they frequently attack is ACH (automated clearing house) credits. About one-third of the financial losses organizations experience result from BEC attacks. The attacks expose confidential and personal information, and even cause reputational damage. As a result, businesses face non-compliance penalties. 

 

Wire transfers and checks have been the payment methods targeted by fraudsters in recent years. However, the payments through ACH (debits and credits) are currently receiving the highest level of attacks versus the previous payment methods. 

 

Employee awareness and training are essential 

For enterprises to be more vigilant against payment fraud, they should regularly conduct employee awareness and training. Employees should also learn about spear phishing attacks aside from the risk of data breaches on the credit cardholder information they store. Many phishing emails contain malware that can eventually penetrate your entire system. Some of the safeguards include:

 

• Internal controls that prohibit payment initiation based on messaging systems or emails that are not secure.
• Verify changes in contact information, bank deposit information, and existing invoices.
• Multiple-factor authentication for corporate network access and initiation of payment.
• Daily bank reconciliation 
• Block on ACH debits on all your accounts 

 

Review your PCI DSS compliance guidelines and ensure that your employees know them and their implementation. Likewise, invest in a more robust security program, and ensure that it is always up to date.