As part of our ongoing commitment to helping clients become more secure and efficient, Paymerang is introducing a learning series highlighting best practices in the world of AP and finance. 
 
For our first installment we are sharing a few tools and exercises leveraged internally at Paymerang to mitigate risk.  
 

According to the 2020 AFP Payments Fraud & Control Survey, 81% of organizations were targets of payment fraud in 2019. This is the second highest percentage of reported fraud attacks/attempts since 2009, with the most often reported source of payments fraud attacks being Business Email Compromise (BEC).

As a result of the Covid-19 pandemic, professionals are communicating via email more than ever and work from home is a common business practice. Unfortunately, the increased digital volume has correlated with an increase in documented fraudulent activity.

Please review the following recommendations from our internal security training programs:

1. Labeling of Externally Generated Emails: A critical tool to combat email phishing is to provide alert banners to your employees identifying all emails that are generated externally from your company. There have been a number of reports highlighting nefarious actors manipulating sender’s email address (i.e. @microsoftt.com) to masquerade as a valid email sender.

2. Alertness for Malicious Links: Links in external emails are often times used to disguise malicious programs that could compromise your network. Before clicking on any links, we recommend your employees verify the sender’s email address along with the URL in the link. Once verified, we recommend copying the link and pasting it into the browser rather than clicking on it the link provided in the email. 

3. Awareness of Vendor Impersonations: A popular fraud technique is to masquerade as a vendor and seek to redirect money to a fraudster’s account. One of the many advantages of using Paymerang is that we partner with our clients to validate the vendors we pay on our client’s behalf to verify funds are being sent to an authorized vendor. Please note that since you fund AP batches into a central account at Paymerang, you will not receive any changes to this funding account. If you get a request for a change, please immediately contact your Client Account Manager or contact our Support Team at support@paymerang.com.
 
We hope that you find these tips useful. Stay tuned for future security awareness steps you can take to keep your business payments secure.

mm

Jeff leads Paymerang's information security and risk management programs to ensure a trusted payment experience for our clients and their vendors. Understanding the risks and deploying appropriate controls to fulfill the promise of a secure payment is what he lives for. Jeff has over 20 years of experience in the financial services sector with GE Capital, Genworth Financial and Impact Makers. He's spent the last 10 years focused on managing operational risks in the areas of data security, business continuity, outsourcing and fraud. Outside of his security work, Jeff is also versed in software architecture and new technology models such as DevSecOps and Public Cloud Services.