Tag Archives: security


Remote Working, Without the Fraud Risk

Fraudsters know a good opportunity when they see one—and the recent, mass shift to remote working was an opportunity too good for them to pass up.  The Federal Bureau of Investigations, the Internal Revenue Service, and Interpol warn that phishing schemes and Business E-mail Compromise (BEC) attacks increased since the onset of the pandemic. This … Read More

Securing Your Business Payments

As part of our ongoing commitment to helping clients become more secure and efficient, Paymerang is introducing a learning series highlighting best practices in the world of AP and finance.   For our first installment we are sharing a few tools and exercises leveraged internally at Paymerang to mitigate risk.     According to the 2020 … Read More

Protecting Your Remote Operations

The novel Coronavirus (COVID-19) outbreak is having a major impact on businesses and is creating a major challenge for businesses throughout the country. In addition to forcing many employees to work from home, there are some even greater challenges facing businesses. The transition to a remote work environment has compromised the integrity of the controlled … Read More

Remote Working, Without the Fraud Risk

Fraudsters know a good opportunity when they see one—and the recent, mass shift to remote working was an opportunity too good for them to pass up. 

The Federal Bureau of Investigations, the Internal Revenue Service, and Interpol warn that phishing schemes and Business E-mail Compromise (BEC) attacks increased since the onset of the pandemic.

This is sobering news when you consider that an astounding 81% of businesses experienced attempted or actual payment fraud in 2019, the second-highest percentage of attempted and actual fraud attacks since 2009 (according to the Association for Financial Professionals (AFP)). 

Fraudsters recognized that the sudden shift to remote working disrupted hardened processes and procedures for safeguarding payments to suppliers and sensitive customer information. 

25% of accounts payable professionals say that the rising risk of fraud is their biggest concern about the disruption to their operations caused by remote work arrangements, according to the results of a poll conducted during a recent virtual town hall meeting held by the Institute of Finance and Management (IOFM).  19% of accounts payable pros polled by IOFM during the town hall meeting admit that they are “concerned” about their department’s processes for paying suppliers. 

Accounts payable leaders are right to be concerned. 

Many businesses are leaning hard on e-mail to onboard suppliers and approve invoices.  While e-mail is one way to get work done when shelter-in-place restrictions make it impossible to get into the office, e-mail creates new vulnerabilities that throw the door open wide to payments fraud: 

  • Lots of manual intervention in payment approval workflows
  • No separation of duties in payment approval workflows
  • No tracking of actions taken to approve a payment
  • No chain of custody assurance for sensitive banking data
  • Inadequate visibility across the payment approval lifecycle

These are the types of vulnerabilities that fraudsters dream about.

Securing Payments Wherever AP Works

91% of accounts payable departments are working remotely, at least in part, IOFM research finds.  58% of accounts payable departments are entirely working remotely. 

Since there is no telling when, or if, accounts payable teams will return to the office, businesses must find ways to mitigate their risks.  Educating employees on the risks of payments fraud, and their role in preventing it, is a good first step.  Regularly reviewing financial processes for vulnerabilities is another.  Labeling external e-mails and being alert for potentially malicious links is also critical.

But nothing stops fraudsters in their tracks like a best-in-class electronic payments solution—technology that includes the built-in controls and segregation of duties that remote working demands.

  • Configurable controls.  Best-in-class solutions ensure control over payments with pre-defined system permissions and privileges, business rules for approvals, separation of duties and chain of custody assurance, audit trails, and administrative controls for security settings.
  • Secure storage of banking information.  Best-in-class solutions use a multi-layered approach to gather, verify, store, and continuously update supplier banking data. 
  • FBO segregated accounts.  ‘For Benefit Of’ accounts were especially designed to handle funds intended to go to another party.  FBO accounts at a reputable bank provide clear instructions as to who should receive funds, reducing the chances of interception.
  • Virtual cards.  Virtual cards do not require the distribution of physical cards.  Virtual card numbers can only be used once, and only for a set time.  Virtual card transactions can be restricted by amount, supplier and SIC code.  Transactions must be approved.  And suppliers only receive 10 of the 16 digits for a transaction, and eventually those numbers disappear. 
  • Two-factor authentication.  Two-factor authentication enables organizations to restrict access to the solution.  And advanced encryption technology makes payment information unreadable to unauthorized users, further protecting digital data.
  • Reconciliation.  Best-in-class solutions reconcile every supplier payment daily. 

As businesses settle into an operational rhythm in the new reality, they must remain vigilant to the growing threat of phishing schemes and BEC attacks.  The combination of best practices and a best-in-class electronic payments solution mitigate these fraud risks, no matter where employees work. 

Want to learn more about mitigating your risk of fraud in the new reality?

Contact us today at sales@paymerang.com to schedule a demo with one of our electronic payment experts.

Securing Your Business Payments

As part of our ongoing commitment to helping clients become more secure and efficient, Paymerang is introducing a learning series highlighting best practices in the world of AP and finance. 
 
For our first installment we are sharing a few tools and exercises leveraged internally at Paymerang to mitigate risk.  
 

According to the 2020 AFP Payments Fraud & Control Survey, 81% of organizations were targets of payment fraud in 2019. This is the second highest percentage of reported fraud attacks/attempts since 2009, with the most often reported source of payments fraud attacks being Business Email Compromise (BEC).

As a result of the Covid-19 pandemic, professionals are communicating via email more than ever and work from home is a common business practice. Unfortunately, the increased digital volume has correlated with an increase in documented fraudulent activity.

Please review the following recommendations from our internal security training programs:

1. Labeling of Externally Generated Emails: A critical tool to combat email phishing is to provide alert banners to your employees identifying all emails that are generated externally from your company. There have been a number of reports highlighting nefarious actors manipulating sender’s email address (i.e. @microsoftt.com) to masquerade as a valid email sender.

2. Alertness for Malicious Links: Links in external emails are often times used to disguise malicious programs that could compromise your network. Before clicking on any links, we recommend your employees verify the sender’s email address along with the URL in the link. Once verified, we recommend copying the link and pasting it into the browser rather than clicking on it the link provided in the email. 

3. Awareness of Vendor Impersonations: A popular fraud technique is to masquerade as a vendor and seek to redirect money to a fraudster’s account. One of the many advantages of using Paymerang is that we partner with our clients to validate the vendors we pay on our client’s behalf to verify funds are being sent to an authorized vendor. Please note that since you fund AP batches into a central account at Paymerang, you will not receive any changes to this funding account. If you get a request for a change, please immediately contact your Client Account Manager or contact our Support Team at support@paymerang.com.
 
We hope that you find these tips useful. Stay tuned for future security awareness steps you can take to keep your business payments secure.

Protecting Your Remote Operations

The novel Coronavirus (COVID-19) outbreak is having a major impact on businesses and is creating a major challenge for businesses throughout the country. In addition to forcing many employees to work from home, there are some even greater challenges facing businesses. The transition to a remote work environment has compromised the integrity of the controlled work environment, but there are measures you can take to ensure the security of your network and data.

First and foremost, employees should be provided with the necessary equipment and security training to protect remote operations. Working outside of the office environment opens the network to malicious insiders and individuals outside of the organization who now have increased access and opportunity for threatening your organization’s data. There are weakened security controls beyond the firewalls and scammers are busier than ever to capitalize on this environment, so it is crucial that your team is trained to stay vigilant against phishing, business email compromises, ransomware and other security breaches.

The Security Difference with Paymerang

  • Use of VOIP softphone: Softphones are essentially software-based phones. They mimic desk phones by presenting a phone interface on the computer, complete with a dial pad and call handling features, but since they operate on a computer, they are much more powerful than desk phones. Softphones additionally offer video calling and conferencing, visual voicemail management, chat and SMS capabilities, and more. There are desktop applications that run on Mac and Windows computers, laptops, and tablets, as well as web-based versions that are accessible in the browser, and mobile apps for iOS and Android devices.
  • Secure environment: Our team utilizes a trained and enforced secure office environment, with hardwired connections always on VPN. We utilize two-factor authentication (MFA) or 2FA, a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account for all business activities.
  • World-Class Support: Help is just a click away; our team has access to tech support around the clock and we’ve established a remote model for technical support when technology or connection help is needed.
  • Secure Devices: Our team uses PCs to ensure the highest level of enforcement for endpoint security protection and all PCs are configured to block USB connections, so printers and thumb drives cannot be used. This protects all data on the employee’s device, preventing it from being used maliciously.
  • Patching: Patching refers to the manual routine updating of technology to ensure there are no holes for hackers to access valuable information through the outdated versions of the old operating system.  Having good patch management means not only that your software is up to date with all functionality, but also (and more importantly) that your machines are protected from security complications. Most individuals only patch their computers with the standard advised upgrades or ‘only as-needed,’ leaving the whole institution at risk for a cyber-attack. Our professionals take the right steps to ensure that patching is done correctly and with the appropriate tools.
  • Tokenization: Our team uses a physical device that generates a temporary code used to access the network. We go the extra mile to protect your payments—securely enrolling your suppliers online, encrypting their account information, storing it on your behalf and requiring secondary authentication for administrators using the website.

Our cloud-based platform offers security, flexibility and efficiency while protecting your payments, so let us alleviate the burden of making and securing your business payments so you can focus on more mission-critical initiatives for your team during this unprecedented time.