Protect your company’s reputation and revenue from the first time you engage with a supplier and throughout the supplier lifecycle.
On January 15th, 2021, Forbes Technology Council featured Five Authentication Tactics To Fight Email Attacks, Fraud And The Risk Of Sanctioned Suppliers, an article by Akhilesh Agarwal, Chief Operating Officer & Executive Vice President, Global Procure to Pay Solutions & Applied Technology for apexanalytix.
At that time, just under a year since the World Health Organization (WHO) declared COVID-19 a pandemic, the world had changed forever. The impact on business was multi-faceted – employees went home to work, supply chains were disrupted, and controls that had been carefully crafted over decades of best practices were compromised in the chaos that became the new normal.
On May 5th, more than three years after its original declaration, WHO ended the global emergency status for COVID-19. But that three-year period took its toll, not only in COVID-related deaths and disease, but in the creation of a playground for bad actors – fraudsters who looked past the tragedy to the opportunity – the opportunity to steal millions, even billions, from companies via communications and transactions with trusted suppliers. We are (partially) back in the office, but most workplaces are on hybrid schedules (work-from-home/work in office). Fraudsters, motivated by their successes of the last several years are stealing more than ever – the FBI’s IC3 reported $10.3B in losses associated with complaints received in 2022, a nearly 50% increase from $6.9 in losses associated with 2021 complaints., If you haven’t implemented these five authentication tactics yet, it might be time.
The original article published on January 15th, 2021 (with updated data in [brackets]), follows. Reprinted with permission from Forbes Technology Council.
The Covid-19 pandemic, the recession, business bankruptcies, reduced GDP and record job losses have placed increased financial pressure on suppliers and individuals — and, with it, an increased incentive to commit fraud. In fact, from April to May of this year, data shows a 200% increase in business email compromise (BEC) attacks focused on invoice or payment fraud [Between April 2022 and April 2023, Microsoft Threat Intelligence detected and investigated 35 million BEC attempts, with an average of 156,000 attempts daily].
Although common social engineering fraud is moderately successful when employees are in a physical office, it thrives in remote settings: Fraudsters might call an employee at your company and ask for information about the vendor maintenance controls process or a supplier’s real-world transactions. They then move on to another employee for even more information until they have everything they need to impersonate a supplier and request a bank account change or access to sensitive data. In April [2020], the FBI issued a warning of a rapidly emerging fraud — advance fee and BEC schemes related to personal protective equipment (PPE). In one incident, a company had already wire transferred funds to a fraudulent broker of PPE who was outside the reach of U.S. law enforcement and the funds were unrecoverable. [From February 8th, 2023, through July 7th, 2023, The Internet Crime Complain Center (IC3) issues 16 industry alerts, warnings related to various schemes, threat actors, hacking and cybercrime]
Checks and balances and segregation of duties can break down when many people are working from home, meaning there might be a lack of official and de facto controls like making sure no one has control over all the parts of a financial transaction and reporting suspicious calls or emails in compliance with a fraud risk governance protocol.
[In their 2022 Global Cybersecurity Outlook 2022 report, the World Economic Forum pointed to the correlation between the COVID pandemic and heightened cybersecurity threats. They said: “At the time of writing, digital trends and their exponential proliferation due to the COVID-19 pandemic have thrust the global population onto a new trajectory of digitalization and interconnectedness. One of the starkest and most troubling new consequences of our digitalized existence is the increasingly frequent, costly and damaging occurrence of cyber incidents, sometimes even paralyzing critical services and infrastructure. This trend shows no signs of slowing, notably as sophisticated tools and methods become more widely available to threat actors at relatively low (or in some cases no) cost.“]
At apexanalytix, we found that as the Covid-19 pandemic had progressed, organizations were changing sourcing and suppliers without always properly vetting them. Lost profits to fraud are unfortunate, but the fines and other legal costs of trading with a sanctioned supplier — an organization on the Specially Designated Nationals List or one of the many other lists maintained by the Office of Foreign Asset Control (OFAC) — can be extreme. In fact, my company’s in-house data shows that 22% of companies that receive fines from OFAC are fined over $1 million. In 2020 alone, the U.S. Department of the Treasury reported $22.8 million in civil penalties and settlements for just 14 entities in violation of financials sanctions, publicly revealing the name of the penalized organization on its website.
Fraudulent tactics vary across companies and industries. To combat the threats of BEC attacks, invoicing and payments fraud and the consequences of interacting with sanctioned suppliers, consider the following authentication techniques — some of which you can implement immediately:
Supplier authentication techniques, especially when automated, not only prevent fraud and the risk of working with a sanctioned supplier, but they also improve the supplier experience. Faster, more secure supplier authentication leads to a superior onboarding process — further boosting the ROI of authentication solutions.
About Akhilesh
Akhilesh Agarwal leads the apexanalytix solutions practice responsible for apexportal, the industry’s only 100 percent touchless solution for global supplier information management and working capital optimization. He leads the development of new client-focused software innovations, guided by the regular trend analyses he conducts to ensure that apexportal delivers real-world efficiency and productivity benefits. He also oversees pre-sales, product management, project planning and reviews, risk mitigation and the delivery of seamless solutions to large global clients across country borders.
Akhilesh has an extensive background in product design and execution in accounts payable, accounts receivable and related areas. Before joining apexanalytix, he was vice president of technology for iQor, a provider of intelligent customer interaction solutions, where he earned a reputation there for consistently delivering on high-visibility, high-performance projects. He is also a former associate director of software development for Receivable Management Services and a former project manager for Aditya International.
Fill out our contact form and we will be in touch shortly to discuss how we can help.