South African businesses, already under severe economic strain, are now counting the costs of rapidly increasing internal payments fraud.
According to Ryan Mer, MD of eftsure Africa, the number of recent high-profile cases before the courts only partly reflects the true scale of the problem.
Estimates suggest that it costs the private sector more than R2-billion every year to combat theft and fraud. According to a PWC report, South Africa was ranked as having one of the worst white-collar crime rates in the world. A similar study conducted by the Association of Certified Fraud Examiners found that a typical organisation loses at least 5% of its annual revenue to fraud. The same study also found that once victimised, an organisation is unlikely to recover the losses.
“Not only do South African businesses have to contend with the threat of external bad actors, but the relatively high likelihood of payments fraud being committed by an entity’s own staff,” says Mer.
He adds that while the amount of business transactions taking place online is constantly growing and working from home is now commonplace, business controls have not kept pace with digital transformation. This has led to increasing demand for security and anti-fraud solutions.
Positions that involve administering payments to creditors and suppliers, overseeing and processing invoices and electronic payments, and capturing bank statement transactions present a higher risk for businesses. “It’s crucial organisations implement best practice anti-fraud strategies to prevent, detect, investigate and remediate fraudulent activity before it becomes so serious it endangers the very survival of the business.”
Mer points out that a recent case of an East London personal assistant being jailed for 15 years for stealing R11,5-million from her employer highlights that many organisations are too complacent by not implementing enough measures to tackle internal payments fraud. “Often, businesses tighten certain payment approval policies without implementing a longer-term strategy and the necessary technology to truly make an impact.
“Despite an overwhelming majority of businesses having vendor onboarding, management and payment controls in place, cybercrime and payment fraud is a daily occurrence and a massive challenge for businesses. While the right controls might be in place theoretically, clearly definite gaps that need to be addressed,” he says.
Another hurdle organisations face is that those responsible for reviewing and releasing payments, such as CFOs, financial managers, senior managers, and directors, are under huge time constraints and don’t have capacity to check packs of supporting documents in detail on a regular basis or verify all banking details. At its core, eftsure helps protect organisations against financial fraud by automating manual controls, placing less reliance on the manual and human factor, giving those responsible for releasing payments confidence that processes and controls are in place and working effectively prior to releasing payments.
In addition to understanding the risks of internal fraud and boosting existing security, Mer advises businesses to invest in tech solutions with sufficient audit logs built in so that every action performed is recorded and can be traced back to the staff member responsible. “This is where eftsure’s automated check, with the click of a button, gives those responsible comfort in seconds as to the integrity of the payment information, prior to payment release,” he says.
“People combined with technology and sound business processes are at the frontline of fighting fraud and mitigating risk. By building a culture of security within an organisation that ensures cooperation between employees and technology, it is significantly more difficult for bad actors, both external and internal, to commit white-collar crime,” says Mer.