Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent, says Ryan Mer, CEO of eftsure Africa.
In April 2023, three former bank employees received jail sentences of 15 years each for R190-million JSE fraud. The trio accessed JSE portfolios without authorisation, making changes to the banking portfolio and transferring funds to their own portfolios.
In September 2023, two sisters from Pretoria were charged with fraud and money laundering for purportedly stealing R137-million from their employer. They allegedly used their senior positions to divert payments from customers to their own company, creating fake debit and credit entries to hide the theft.
Further spotlighting the severity of the issue, in December 2023, a former accountant from Boksburg was sentenced to 50 years after allegedly stealing over half a billion rand from her employer over a period of 13 years. At times, she stole almost R20-million a month without it being noticed.
Says Mer: “What often shocks people about such cases is how long perpetrators get away with their crimes and how much money they manage to steal before being caught. These individuals are often well-versed in their organisation’s payment procedures and exploit areas where it’s difficult to pick up their activities.
“But with good controls, fraud can be prevented. Unfortunately, many companies don’t carry out the necessary checks until it’s too late.”
He outlines three ways companies can stop fraudsters in their tracks:
Implement strict protocols
The right internal controls are essential in creating an anti-fraud company culture, says Mer. “There should be a very clear chain of command and step-by-step methods for business practices that are vulnerable to fraud, such as procurement, onboarding and Payee Master and Payment Data Management.
“Unfortunately, in many organisations there is a concerning disconnect between the theoretical controls and what happens in everyday business contexts.”
Ensure that protocols are strictly adhered to. For example, organisations should take KYB checks seriously. “If you are doing business with another company, you have every right to ask them for their company documentation for internal verification purposes.
“There should be strict mechanisms at the point of onboarding, and approval processes must be consistent enough to make it very difficult for payment fraud to happen at all,” says Mer.
Prioritise training
Of course, even with clear processes and a chain of command that limits loopholes, fraudsters often manipulate people to get their way. And Mer says it’s a myth that only gullible, unskilled professionals are susceptible to scams.
“The misconception that only foolish individuals fall victim to cybercrime and payment fraud leads to complacency. Criminals are often well-skilled and armed with enough industry knowledge to appear legitimate.”
That’s why training is essential. “Sound business processes can only protect a business so far. Sophisticated phishing and Business Email Compromise (BEC) scams can defeat the internal controls of even the most vigilant teams because scammers use psychological manipulation to get their way.
“It’s essential to stay on top of the latest scams and share those tactics with staff members, and to train them to develop a keen sense of suspicion. Anything that sets off alarm bells should be checked, re-checked and verified within teams – not independently.”
Automate and integrate
The surprising result of increased digital fraud and BEC is that many companies opt to solve this problem by introducing more manual processes, such as another person to oversee crucial checks. While training and checks are essential, digital threats must also be fought with digital solutions.
For example, in recent fraud cases in the news, attempts at duplicate payments could have been identified by automatically checking for duplicated payment amounts, dates or invoice numbers.
A Software as a Service (SaaS) provider can help enhance processes and limit payment fraud risks by providing an integrated onboarding, verified master data management and payment screening solution. This can be integrated into anything from ERP and accounting systems to sales and customer relationship management systems.
The platform alerts you to any potentially compromised payment details, at point of payment, allowing you to deal with the problem before the flow of funds has occurred.
“While fraudsters are continuously finding new ways to exploit even the safest systems, having these measures in place will help you catch potential instances of fraud from different angles so none can slip through the cracks,” says Mer. “Such an integrated and automated fraud prevention ecosystem in your company is the best way to mitigate risk and stop payment fraud before it costs millions.”