The Rising Threat of Authorized Fraud
Business Email Compromise (BEC) fraud is arguably the most pervasive and persistent financial crime challenge facing U.S. business today. In fact, no less an authority than the FBI has identified it as the number one financial threat to U.S. business. The metrics back this up. In 2019, the FBI’s Internet Crime Complaint Centre (IC3) recorded 23,775 complaints about BEC with losses of some $1.7 billion, an average of $71,500 per event. Furthermore, it estimated global losses over the previous three years in excess of $26 billion. In a recent survey, the Association for Financial Professionals found that for six in 10 of all frauds investigated, BEC was the most common type of fraud members experienced.
The FBI’s Internet Crime Complaint Center (IC3) defines Business Email Compromise as a type of internet-based fraud that typically targets employees with access to company finances, using methods such as social engineering and computer intrusions. The objective of the fraud is to trick the employee into making a wire transfer to a bank account thought to belong to a trusted partner but that, in fact, is actually controlled by the fraudster.
Unfortunately, fraudsters manage to achieve this with largely minimal interference from the authorities, creating a huge challenge for financial services organizations (FSOs). Without a strategic response, FSOs risk reputational impact, high value losses and a poor customer experience.
Define – Detect – Defend
To respond to the threat, NICE Actimize recommends combatting BEC fraud with three pillars of action –Define - Detect - Defend.
The first pillar, Define, is focused on understanding the client BEC challenge and in particular, the differing BEC fraud typologies faced.
Under the BEC heading we can encounter multiple sub-categories of fraud risk:
- BEC Business Email Compromise
- EAC Email Account Compromise
- VIS Vendor Impersonation
- FVS Fraudulent Vendor Scheme
- PCS Payroll Compromise Scheme
- ERS Expense Report Scam
- MCS Mortgage Closing Scam
By understanding risk at a more granular level, it’s possible to differentiate fraudster modus operandi, which then allows for the development of more targeted analytics and profiling strategies coupled with supporting operational processes.
The Detect pillar comprises the fraud strategies employed to alert on BEC transaction risk and includes using analytic models, behavioral profiling and user-defined rules.
The final pillar, Defend, represents the logical and necessary endpoint of Define and Detect. Only an operational team that is trained and, more importantly, has confidence in the BEC mitigation strategy employed, will persevere with the client contact and ensure that their client understands the risk of a specific transaction. In fact, it is recommended that key clients are informed of new operational procedures that have been instituted as a result of the improved profiling and detection strategies employed.
Learn how to defend against this growing fraud.
Learn more about fighting BEC fraud in this infographic.
Learn more about strengthening trust in the payments process.