Mike: The current payment fraud
environment is very serious.
The bad guys out there
are continually surveilling
the landscape and every
time controls are increased
or put in, they find
the weak links in those.
Many years ago, a big
element was malware.
Today, they're looking
at their third parties
and preying those third parties
going insofar as
actually hacking
their third parties'
payment systems or email.
The threat actors
that we see out there
in the landscape today
fall into three categories.
There are sort of
the cyber activists,
so these are ones that
campaign for the greater good,
they may take down
companies' websites,
there are nation states,
which you read about a lot
in the newspaper, and
then the last one,
which is what most
individuals see
day in and day out are
criminal organizations.
They run these like a business.
Their sole purpose in life is
to gather money and assets.
Julia: We continue to invest
in our environment,
to do the best possible job
so that we can
detect transactions
that could be
potentially fraudulent,
and so with that, we
will contact clients
when we see something that we
want to validate with them.
In many cases, as we
check with clients,
we find that while they
thought that the transaction
was valid, it actually
turned out not to be.
This is a very serious situation
for our clients, of course.
There's the potential for
actual financial loss,
but in addition to that,
there is the reputational risk
that could go along with that.
Mike: The C-suite play
a very key role
in the cyber landscape today.
Some of the more
extensive controls
that the C-suite should
ensure are in place
generally revolve around email.
That is the largest
vector that we see
and that's what supports the
business email compromise.
They can understand what
kind of identifiers are
on the emails to show someone is
on the inside or the outside.
You often this in a red banner
designating this is an outsider.
If something is critical
to them and they decide
that it should never
leave their organization,
they can employ what's
called watermarks.
Watermarks act as a
way, as a gatekeeper
for limiting what goes
out of the organization.
When things happen,
that's not the time
to be thinking about
what's most important;
they can do that
well in advance.
Greg: Sometimes people wonder,
"Am I in an industry that
is susceptible to fraud?"
And the reality
is all industries
are susceptible to fraud.
It's the right thing to
do to challenge somebody
or to challenge a
request even if it's
from the CFO or the
treasurer just to make sure
that it is valid, that it
hasn't been impersonated.
We've certainly
seen many situations
where somebody acts
on what they think
is a CFO-driven request
and it winds up not being,
so the CFO, the treasurer,
they really have the opportunity
to set the tone and the
culture for the organization.
Training, testing,
even doing own test
amongst your employees to
see if they are finding
those red flags and
acting prudently
against them are all things
that we highly encourage.
