Building Resilience: Advanced Fraud Prevention Strategies in Treasury Management

With business transactions happening nearly 100% digitally and payments moving online, one of the main concerns for treasurers and finance professionals has been, and will be, online fraud. As payments become more secure, the sophistication and frequency of cybercrime continue to grow. Fraudsters rely on advanced technologies such as artificial intelligence and machine learning to outsmart security measures. According to the 2023 AFP Payments Fraud and Control Survey, 65% of organisations experienced attempted or actual payment fraud in 2022, with the highest fraud rate (67%) reported by companies with annual revenue between $1 billion and $19.9 billion, typically those with multiple subsidiaries.

For treasury managers overseeing global companies, the threat is multiplied by multiple, often disjointed systems, which create gaps in centralised control and a lack of consolidated security practices. According to PwC's 2022 Global Economic Crime Survey, businesses operating across multiple jurisdictions face a 21% higher risk of payment fraud than those operating in single markets. To prevent the rising challenges, organisations need to act proactively rather than reactively and leverage technology, as well as strengthen internal controls and foster collaboration with financial institutions to improve the security of corporate finances.

Modern fraudsters step up their game each time security measures become stronger. They now use not only sophisticated techniques but also technology to detect and exploit vulnerabilities within treasury processes and systems. The most common ones businesses should be aware of are:

Business Email Compromise (BEC): This is an extremely prevalent type of fraud whereby criminals impersonate company staff members or known suppliers to deceive employees into authorising and expediting fraudulent wire transfers.

Synthetic identity fraud and deep fake fraud: A relatively new threat but extremely dangerous, as fraudsters leverage AI to generate fake identities, open fraudulent accounts, and siphon funds unnoticed. Cybercriminals can also manipulate videos and voice using AI to impersonate staff and authorise certain transactions.

Account takeover attacks: This is the most common and widespread type of fraud, where cybercriminals use phishing or credential-stuffing techniques to gain unauthorised access to financial systems.

The two factors causing traditional fraud prevention methods to be insufficient are, firstly, the widespread use of AI tactics and, secondly, the growing nature of international operations, which leaves gaps in systems and security and a lack of centralised monitoring. To effectively combat evolving threats, companies need to look into more advanced security measures such as ML and AI, blockchain, MFA, as well as regularly reviewing their security protocols and strengthening their collaboration with banks.

1. Use AI and Machine Learning for Fraud Detection

AI and ML have become essential in the fight against more complex fraud schemes. Fraud detection now means real-time analysis of transaction patterns and flagging anomalies that indicate potential fraud before they escalate. Leveraging AI and machine learning in their compliance and cybersecurity processes allows businesses to:

Detect unusual payment patterns. AI-driven anomaly detection identifies transactions that deviate from standard behaviour, reducing false positives and enhancing security.

Analyse historical data. Machine learning models go beyond rule-based alerts and provide contextual detection. They can learn from past fraud incidents, company transaction data, business contexts, or even macroeconomic factors that might influence payment activities, thus continuously improving their ability to recognise emerging threats.

Automate fraud prevention measures. AI-powered tools streamline security protocols, reducing reliance on manual verification processes and minimising human error.

Another innovative application is natural language processing, which involves assessing payment descriptions across multiple languages and regions. With that, businesses are able to identify small inconsistencies in payment justifications or descriptions that might indicate criminal activity, especially in multi-subsidiary operations where payments are processed in various languages and business contexts.

Deloitte's Global Treasury Survey reported that over 7 in 10 organisations that implemented AI-driven fraud detection saw drastic improvements in flagging suspicious transactions.

2. Strengthen Security with Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is one of the crucial security measures that companies implement for employees, requiring them to verify their identity through multiple steps before accessing financial systems. One email or SMS token is not enough anymore, and businesses rely more on multiple methods or other practices such as:

Biometric authentication: Using fingerprints or facial recognition for added security.

One-Time Passwords (OTPs): Each time they log in to financial systems, users receive and need to provide unique, time-sensitive codes via SMS, email, or a dedicated app to validate their identities.

Hardware security tokens: Providing employees with physical security devices for secure system access.

A report by Microsoft revealed that MFA prevents 99.9% of automated cyberattacks, making it a crucial step in strengthening defences against fraud.

3. Implement Secure Communication Channels

While securing payment systems is a base for protection against cyberattacks and fraud, in the process of strengthening their security, many companies have overlooked the communication channels and processes used to initiate and approve financial transactions. IBM’s Data Breach Report revealed that, for multi-entity organisations where payment information travels across teams and systems, encrypted communication channels can decrease the average cost of finance-related breaches by up to 42%.

Treasury departments should therefore rely on, firstly, VPNs (Virtual Private Networks), which are encrypted networks that protect remote access to treasury systems, and secondly, end-to-end encrypted communication platforms specifically designed for the flow of financial information. The additional benefit of these communication channels is that they provide a complete audit trail of all payment-related communications, with proof of the origin, content, and timing of instructions.

4. Enhance Bank Collaboration for Fraud Prevention

In the context of fraud prevention, the relationship between corporate treasury teams and their banking partners can bring some strategic benefits. More and more companies use fraud prevention as one of the key factors when selecting financial partners.

The collaboration can include:

Leveraging partners’ fraud prevention services and tools such as Positive Pay, ACH debit blocks, and real-time transaction alerts.

Establishing dual authorisation for high-value transactions.

Creating dedicated fraud response teams with representatives from both the corporate treasury and banking partners.

Collaborative information sharing and training, such as joint simulation exercises to test cross-organisational response capabilities, review potential threats, or coordinate security enhancements to address emerging vulnerabilities.

Building and maintaining strong relationships with financial partners, treasury teams can leverage advanced security measures and fraud detection insights.

Blockchain technology has definitely shaken up the financial industry in the last decade, but in the context of treasury and fraud prevention, it is more than just a fancy gimmick. Gartner’s Blockchain Business Value Forecast estimated that by 2025, blockchain will add £143 billion to corporate finance operations, while payment security and verification will be the primary use cases.

Blockchain strengthens the security of financial transactions and provides additional transparency with an immutable and decentralised ledger, amongst other benefits:

Tamper-proof transactions: The decentralised nature of blockchain means that transaction records and data cannot be altered or tampered with, which reduces the risk of payment fraud.

Smart contracts: This is essentially compliance automation for payments, which applies a set of pre-determined rules for payments to minimise unauthorised activity.

Enhanced visibility: Because blockchain enables real transaction visibility, accurate monitoring and simplifies audits.

While still a relative novelty, blockchain may revolutionise fraud detection and transaction security in the years to come.

Setting up strong fraud detection and financial security systems and processes should not be where the journey ends. The best-performing businesses regularly review and stress-test their systems to reveal potential vulnerabilities and implement further enhancements.

Advanced audits of the fraud detection system should now include:

Conducting quarterly security checks. Identifying vulnerabilities across teams and updating fraud prevention measures accordingly. This may include third-party simulation of sophisticated fraud scenarios to test both technical controls and human responses.

Retrospective analysis of near-miss incidents. This helps to identify and address potential vulnerabilities that were caught in time but could have caused a lot of trouble.

Implementing continuous transaction monitoring across teams. Using AI-driven tools to flag suspicious transactions in real time. Some companies may test the teams with unannounced payment control to ensure consistent application of security measures.

Enhancing internal controls. Ensuring segregation of duties (SOD) to prevent unauthorised payment approvals.

Regular fraud risk assessments can reduce occurrence of fraud incidence by even 60% according to Deloitte.

As fraudsters develop increasingly sophisticated methods, fraud prevention requires a multi-layered approach that combines advanced technology, strict security protocols, proactive risk management with constant monitoring and regular checks. Global multi-subsidiary companies should, at minimum, look at strengthening their multi-factor authentication and communication channels to protect their financial operations. Leveraging ML, AI, blockchain and partnerships with banks can further protect them from cyber attacks.

Fyorin’s comprehensive treasury and cash management platform was built with security in mind. Through a singular platform to automate their treasury processes, unify cash operations across subsidiaries we help to eliminate blind spots and provide a centralised interface to manage access, transactions and monitor financial activity. In-built fraud detection controls flags suspicious transactions while direct, in-platform access to tier 1 banks keeps your funds safe.