The pandemic’s social and digital disruption has exposed organizations to increased risks of becoming victims of cybercrime. Many businesses had to transition employees to working from home quickly, and this trend may become a long-term reality for a significant share of the workforce. Before the health crisis, many companies had a strong preference to have their finance departments work on-premises, larely due to security concerns. The remote workforce trend has made business systems more vulnerable, increasing opportunities for business-to-business (B2B) payments fraud.
This is just one of the key findings uncovered in the FinTech Risk Management Playbook: Combating B2B Payments Fraud, a PYMNTS and nsKnox collaboration. We examined the emerging payment fraud risks organizations face, such as business email compromise (BEC) scams and other sophisticated threats targeting sensitive payment data in enterprise systems. The playbook offers guidance on how finance professionals and security teams can work together to enact strong cybersecurity policies to combat these and other key B2B payments fraud threats.
More key findings from the playbook include:
Cybercriminals now operate on a wide scale across all types of businesses, and they use various sophisticated tactics to compromise security measures and commit B2B payments fraud. Still, a key vulnerability in the new work-from-home environment is using traditional username and password authentication. Using stolen credentials most likely gathered through BEC and phishing, fraudsters can now breach corporate networks and access internal databases by impersonating employees through their home networks.
Sixty-four percent of IT leaders surveyed report that their company experienced a breach related to enterprise resource planning (ERP) in the last 24 months. ERP systems are central to business operations, supporting everything from eCommerce and finance to workforce and supply chain management. Among those enterprises with large ERP platforms breached in the last 24 months, 50% reported compromised sales data, followed by HR data (45%), customer information (41%), intellectual property (36%) and financial data (34%).
Increasingly, cybercriminals are focusing less on retail fraud and more on large-scale, complex commercial fraud. Recent research found that 71% of organizations have experienced BEC attacks in the past year, 69% have experienced phishing attacks and 24% have been hit with malware. In addition, 43% of firms have experienced a security incident in the last 12 months, with 35% stating that BEC/phishing attacks account for more than 50% of the incidents.
To learn more about how organizations can mitigate B2B payments fraud, download the playbook.
Credit: Source link