Securing Corporate Treasury Departments Against Cyber Risk

Jan. 2, 2019 | by BioCatch

Like any organization in the midst of digital transformation, corporate treasury departments are seeing a rise in cybercrime, including payment fraud, social engineering, and account takeover attacks.

Corporate treasury, however, is an even more attractive target than most. Treasurers are responsible for the largest transactions at a financial institution and have access to highly-sensitive data. The implications aren’t lost on cyber criminals. A successful hacking attempt easily turns into a major payday, whether a fraudster initiates false payments or diverts funds to their own accounts.

Fraud is a costly expense to a treasury department’s reputation and bottom line. Thankfully, advanced cybersecurity tools are making it possible for corporate treasurers to protect their clients and internal systems from even the most sophisticated cyber attacks.

Corporate Treasury’s Top Cyber Risks

Corporate treasurers face cyber risk across channels, whether via voice, mobile, APIs, third parties, or online. The most evident cyber risk is payment fraud, but treasury’s digital tools for handling client finances are also open to a hack. Several risks are of top concern.

Social engineering scams

Business email compromise (BEC) is a sophisticated form of social engineering where fraudsters spoof the email accounts of top executives to deceive financial departments into making unauthorized payments. Corporate treasury departments are not immune to this attack method.

A report by the Economist Intelligence Unit on fighting cybercrime and fraud in corporate treasury found that, “Sophisticated cyber-criminals use social engineering and inside information gleaned from lengthy reconnaissance within a given company’s systems to execute high-value thefts.”

A fraudster’s reconnaissance lets them in on who’s who within an organization. Who is responsible for signing off on payments? Who typically initiates transactions? With this information, fraudster’s can devise highly-targeted phishing attacks that appear perfectly credible. As a result, phishing emails accounted for 90% to 95% of all successful cyberattacks worldwide in 2017.

Further, “hackers also seem to understand that most treasuries contain junior staff who can be pressured into infringing rules,” according to the report. Because phishing emails from BEC appear to come from people in authority, staff members are less likely to question the request, even if it’s highly unusual. The same goes for vishing, or voice phishing, which takes place over the phone. Fraudsters impersonate bank representatives and deceive inside staff into initiating a fraudulent payment.

Fast payments

Faster payments and the ability to add on payment system capabilities through FinTech providers are a further source of cyber risk. Fast-moving transactions make payment fraud harder to detect, whether completed through mobile applications, peer-to-peer transfers, or foreign exchange (FX) tools.

Wire transfer fraud is of particular concern for corporate treasury. With instant payments, fraudsters can not only move funds from legitimate users to themselves quickly, they can divert them just as fast. By the time the fraudulent activity is noticed, the stolen funds are nearly untraceable and may be impossible to recover.

Open banking

With the advent of open banking in the UK, financial institutions will be required to allow third-party payments providers (TPPs) to connect to their internal systems through open banking APIs. Cybercriminals will take advantage of TPP security weakness to launch attacks against banks, putting corporate treasury at risk.

For example, a fraudster that takes over a user’s account on a TPP can then use that account to initiate fraudulent transactions with the connected bank. Treasury departments will have to inquire into the strength of a TPPs security and set up internal solutions to defend against cybercrime initiated through TPPs.

Cloud-based treasury management systems

Treasurers are seeking out technology tools that can keep up with client’s increased demands. Aite Group found that corporate treasurers are looking to move away from spreadsheets and outdated management tools to sophisticated treasury management systems (TMS). High risk, compliance concerns, and the desire to expand business are key triggers for moving to a more robust TMS.

Many TMS solutions are deployed in the cloud, causing treasurers to wonder about their security. It’s critical for these systems to be configured properly and protected with advanced security solutions capable of detecting hacks in real-time. The need to maintain compliance with emerging data and cybersecurity regulations, from GDPR to NYDFS, elevates the urgency for stronger security solutions.

Defending Corporate Treasury Against Cybercrime and Fraud

Corporate treasury’s greatest need is for security tools that can address each of these risks in real-time. Already, top corporate banks are turning to behavioral biometrics to confidently authenticate account owners and monitor online sessions for account takeover attacks.

Behavioral biometrics authenticates users and detects fraud based on how an individual interacts with a device. Fraudsters can easily spoof device ID, location, a phone number, IP address, or other factor used to verify identity. What they can’t change is their behavior, and that’s the key to stopping unauthorized login to corporate accounts as well as instances of payment fraud.

BioCatch’s behavioral biometrics technology was able to prevent a £1.6M fraudulent transaction from going through by identifying user behavior that diverged from the norm. The transaction was initiated by a trusted device and from a trusted location. International payments were also regular activity for this account. However, as the transaction was underway, the scrolling and typing patterns were markedly different than that of the legitimate account owner. Behavioral biometrics flagged this transaction for fraud, and the corporate bank was able to stop the instance of payment fraud in the moment.

Corporate treasurers are trusted risk advisors to their clients. As the financial services world moves digital, strategic treasury management will include leading the way in adopting smart solutions for cybersecurity and fraud — both to guide clients and to keep internal operations secure.

Learn more about how BioCatch protects banks, their clients, and their assets while making the user experience frictionless, fast, and friendly.

Topics: Banking / Financial Services, Technology, Fraud Prevention