According to the Association of Certified Fraud Examiners, fraud can cost U.S. organizations seven percent of annual revenues, or $994 billion per year. One way this happens is through corporate account takeover, which has become an increasingly common type of fraud. Corporate account takeover happens when fraudsters target smaller and medium-sized businesses and take over the company accounts. This approach is enticing to criminals because company accounts carry higher balances and are tied to automated lines of credit, making it easier to intercept large amounts of money.
"Every financial institution must address fraud and regulatory compliance and by automating the prevention process and involving the customer, both parties can rest assured that their account is secure"
Using electronic means, fraudsters redirect money transfers for legitimate business payments to their own accounts by simply adjusting the account and routing numbers of the intended payees. The account information changes can be so miniscule that they often go undetected until it’s too late, as businesses are subject to certain regulations, like Article 4A of the Uniform Commercial Code, that limit the timeframe for reporting fraudulent activity. In fact, the Ponemon Institute’s Business Banking Trustsurvey revealed that 80 percent of financial institutions were oblivious to fraud until after the funds were transferred out of the accounts and a majority of businesses, 57 percent, affected by corporate account takeover were unable to recover the losses.
While the industry strives to eliminate fraud, cybercriminals constantly evolve their tactics to bypass enhanced security measures. Conventionally, features like firewalls, security tokens and one-time password technology have been implemented as protection strategies but these measures can be breached with malware. Instead, financial institutions must enact stronger authentication methods, but not in the traditional sense.
Oftentimes, banks perceive strong authentication as just a means of guarding entry to online banking systems, but truly effective authentication involves interaction with the account holder before a suspicious transaction even leaves their account. While authentication at login does have its benefits – what happens if a fraudster gains access to the account? At that point, authentication at login is useless.However, by authenticating an out-of-band response from the account holder when suspicious activity is detected, fraud is stopped before it can occur.
No one knows their account better than the actual account holder and ultimately, the account holder can best determine if the activity is legitimate or fraudulent. The customer possesses the valid payment information details for the companies or employees they pay and the customer knows who is authorized to debit their account. By recognizing the efficacy of account holder authentication, financial institutions can empower customers and give them complete control over their accounts, reducing the risk of fraud.
With this detection and response strategy, financial institutions can systematically monitor where a customer’s funds are directed and who is pulling the funds from the account, based on the customer’s instructions. If suspicious activity is detected, the financial institution can utilize communications technology, like SMS text, to send an out-of-band alert to a separate device and prompt the customer to review the transaction. Upon review, the customer can securely respond within a specific timeframe and approve a legitimate transaction or stop a fraudulent transaction from occurring.
To verify outbound transactions, each outgoing credit should be compared to a list of pre-approved payees, which are defined by the routing number and account number combination. If a new routing and account number is introduced, the transaction would be suspended until the customer reviews the activity. Financial institutions can leverage voice biometric technology to allow customers to respond to potential fraud. When suspicious account activity is detected, an out-of-band alert and one-time authorization code can be sent to the customer, who then dials the number for the interactive voice response system. When the system begins recording, the customer would enter the authorization code and repeat a random phrase to establish a voice match. Once matched, the customer can reject or approve the transaction. Relevant, actionable alerts empower customers to validate electronic transactions before the funds leave the account, mitigating the risks and losses associated with corporate account takeover.
Financial institutions that do not involve their customers in fraud prevention measures will continue to shoulder the expensive responsibility of detecting and responding to suspicious activity on behalf of their customers. If fraud does happen, the institution could be held responsible for the losses incurred. However, institutions that involve customers through a detection and response strategy effectively shift responsibility to the customer, as the institution’s decision to process the transaction is based on the customer’s guidance. By enlisting their customer’s participation in the fight against fraud, financial institutions can substantially reduce operating expenses, shift liability, strengthen customer relationships and tap into an additional revenue opportunity.
Automating fraud prevention services saves financial institutions time and money. With existing scalable technology that simplifies and automates the fraud detection, response and dispute process, fewer full-time employees are needed to manage the service, reducing operational and staffing costs. In addition to cost savings, offering a self-service fraud solution provides a way to generate extra revenue. Customers already use and sometimes pay for outdated fraud prevention services so offering a convenient, real-time solution that empowers the customer is a valuable opportunity for financial institutions to tap into a new revenue stream while differentiating themselves from competitors.
Protecting the account should be a partnership effort between the financial institution and the customer. Businesses and consumers alike should seek out institutions that understand the importance of helping their customers originate secure ACH and wire transfers. Every financial institution must address fraud and regulatory compliance and by automating the prevention process and involving the customer, both parties can rest assured that their account is secure.