We have been witness to a series of significant security events recently around payment execution, from Leoni in Germany through to ABB in South Korea and SWIFT in Bangladesh to name a few of the major headlines. There have been countless unreported, lower profile fraud cases in other organisations, both successful and attempted. These events are taking place as a new payments landscape takes shape.
Finance departments are at the heart of any corporation: they safeguard liquidity, manage and steer cash flows and ensure there is a strategy to underpin all financial operations. At the same time, however, finance departments can be a “gateway” to cybercrime and internal fraud. Back in the Middle Ages, rulers built fortresses to protect their treasures. But despite their best efforts, these fortifications were still destroyed by fire and invaders. Metaphorically speaking, today’s finance departments are doing the same to protect their “treasures” by building digital fortresses, including fully integrated treasury management solutions that systematically eliminate vulnerabilities. However, even the most fortified systems can still fall victim to attack, from both external and internal forces if all three pillars of cybersecurity are not considered: people, technology and governance.
The People Factor
Where there is money, there is fraud: an open door may tempt a saint. Empolyees can be an organisation’s greatest asset to prevent fraud – or the weakest link. Fully integrated systems offer authentication methods that ensure business-critical systems and data are only ever accessible to those employees who have been given the corresponding permissions. Two-factor authentication represents state-of-the-art security technology for treasury management systems meeting the most stringent requirements. In addition, Single Sign-on technology (SSO) enables a number of authentication methods that can be used on their own or in combination with other username and password standards in use at a company. But what good is the best technology if employees don’t know how to use it properly? Here, a holistic solution strengthens security considerably: unlike with the use of several different banking portals, a fully integrated solution represents a consolidated payment platform. It is possible to set up several approval rounds for all payments, to save trusted account connections in a whitelist and to conduct Cyclic Redundancy Checks (CRC).
The Technology Factor
As cybercrime has increased in the last few years, hacker attacks have become increasingly bold and professional. Enterprise-grade firewalls and intrusion prevention systems make for optimum protection from external threats. Network access encryptions increase security, but only if they are subjected to rigorous penetration tests by certified third parties, ensuring that cloud solutions are protected from hacker attacks at all times.
The Governance Factor
Every company is different, and in consequence requirements also differ when it comes to compliance with international legislation and regulations, guidelines and best practices. Moreover, these are subject to constant change, again calling for a comprehensive, technology-based approach to ensure security system compliance at all times. With a fully integrated system, companies have the option of making changes subject to an approval process with multiple levels (from dual approval to involving six approval levels). This means that any changes need to be checked and authorized by at least one other administrator before being approved and implemented. This way, approval processes can be aligned with internal governance guidelines. From a system point of view, it is also possible to define daily limits for account transactions and intercompany transfers, or to set them up for specific employees. Blacklists can help meet all compliance requirements with regard to sanctions and embargoes.
The Digital Drawbridge
Security can be boosted enormously by combining the use of a system with additional components, like an app. This creates a separation of hardware between the user of the application and the software itself, making it impossible for potential fraudsters and attackers to retrace the entire process on one single device and to copy it. Corporates benefit from the added security of two-factor authentication as well as the ability to split payment authorization between different devices, revolutionizing the payments approval process. The app acts as a “pulled up drawbridge” across the security moat, ensuring the finance department treasures are fully protected.