Mike: The current payment fraud environment is very serious. The bad guys out there are continually surveilling the landscape and every time controls are increased or put in, they find the weak links in those. Many years ago, a big element was malware. Today, they're looking at their third parties and preying those third parties going insofar as actually hacking their third parties' payment systems or email. The threat actors that we see out there in the landscape today fall into three categories. There are sort of the cyber activists, so these are ones that campaign for the greater good, they may take down companies' websites, there are nation states, which you read about a lot in the newspaper, and then the last one, which is what most individuals see day in and day out are criminal organizations. They run these like a business. Their sole purpose in life is to gather money and assets.
Julia: We continue to invest in our environment, to do the best possible job so that we can detect transactions that could be potentially fraudulent, and so with that, we will contact clients when we see something that we want to validate with them. In many cases, as we check with clients, we find that while they thought that the transaction was valid, it actually turned out not to be. This is a very serious situation for our clients, of course. There's the potential for actual financial loss, but in addition to that, there is the reputational risk that could go along with that.
Mike: The C-suite play a very key role in the cyber landscape today. Some of the more extensive controls that the C-suite should ensure are in place generally revolve around email. That is the largest vector that we see and that's what supports the business email compromise. They can understand what kind of identifiers are on the emails to show someone is on the inside or the outside. You often this in a red banner designating this is an outsider. If something is critical to them and they decide that it should never leave their organization, they can employ what's called watermarks. Watermarks act as a way, as a gatekeeper for limiting what goes out of the organization. When things happen, that's not the time to be thinking about what's most important; they can do that well in advance.
Greg: Sometimes people wonder, "Am I in an industry that is susceptible to fraud?". And the reality is all industries are susceptible to fraud. It's the right thing to do to challenge somebody or to challenge a request even if it's from the CFO or the treasurer just to make sure that it is valid, that it hasn't been impersonated. We've certainly seen many situations where somebody acts on what they think is a CFO-driven request and it winds up not being, so the CFO, the treasurer, they really have the opportunity to set the tone and the culture for the organization. Training, testing, even doing own test amongst your employees to see if they are finding those red flags and acting prudently against them are all things that we highly encourage.
