Be that CFO who won’t stop bringing up cyber
CFOs must bridge the gap between finance and cybersecurity. Learn practical steps to enhance strategy and safeguard your organisation’s future.
In 2023, global financial fraud losses surged to staggering levels, with the FBI reporting $12.5 billion in scam-related losses in the United States—a 22% increase from the previous year. Business email compromise (BEC) alone took a $2.9 billion bite out of that total, highlighting the scale of the threat.
BEC, invoice fraud, supplier impersonation—these scams exploit gaps in verification processes, causing significant financial damage. As countries grapple with these threats, we take a look at how the US and Australia are adapting, using the UK’s experience as a benchmark.
The UK’s been setting the bar high for scam prevention, taking proactive steps like rolling out Confirmation of Payee (CoP) and introducing mandatory reimbursement rules. Starting 7 October 2024, the UK’s Payment Systems Regulator (PSR) will require banks to reimburse victims of authorised push payment (APP) fraud within five business days, barring gross negligence. This measure is designed to get funds back to victims quickly and keep financial institutions on their toes.
But there are limits. The PSR has capped compensation at £85,000, which, while covering over 99% of claims, still leaves some high-value victims in a tough spot. And APP fraud isn’t going away anytime soon—2023 saw a 12% increase in cases, with losses reaching £459.7 million, according to UK Finance. So, even with CoP in place, fraud losses remain stubbornly high.
The takeaway? Reimbursement and CoP are solid steps forward, but they’re not the endgame. The UK’s experience makes one thing clear: a proactive, multi-layered approach—one that blends regulation with advanced verification tools—is crucial if we’re serious about tackling increasingly sophisticated scams.
Australia’s taking a well-rounded approach to combat payment fraud, using the Scams Prevention Framework, Confirmation of Payee (CoP), and stronger reimbursement measures.
The Scams Prevention Framework lays down anti-scam protocols across sectors like banking and telecommunications, targeting BEC and false billing scams. Penalties for non-compliance ensure accountability and encourage companies to take preventive measures seriously.
CoP arrived mid-2024, aiming to cut down on APP fraud, including invoice fraud. But, just like the UK, CoP alone isn’t enough to keep all the fraudsters at bay. Tackling sophisticated scams like supplier impersonation means bringing in more advanced verification methods to beef up security.
Australia has also moved towards mandatory reimbursement when banks drop the ball on scam prevention, adding another layer of consumer protection. But it’s not a blanket solution—conditions apply, and consumers aren’t always fully covered.
The bottom line? Australia’s efforts mirror the UK’s, but they need to go further. Strengthening reimbursement policies is good, but it’s proactive prevention that’ll make a real difference.
The US has taken important steps toward expanding regulatory protections, focusing on preventative measures and tightening internal safeguards.
The Consumer Financial Protection Bureau (CFPB) has recently expanded Regulation E to cover unauthorised digital transactions on peer-to-peer (P2P) payment platforms, addressing a major gap in consumer protection. Additionally, there are proposed amendments to Regulation E aimed at further improving safeguards for consumers against payment fraud, which shows the intent to broaden the regulatory scope even further.
Despite these efforts, scam losses in the US are staggering. In 2023, the FBI reported $12.5 billion in scam-related losses, with BEC alone racking up $2.9 billion. Unlike the UK and Australia, the US hasn’t introduced mandatory reimbursement for scam victims. Instead, it’s focusing on strengthening internal safeguards through industry guidelines, like those issued by the Federal Financial Institutions Examination Council (FFIEC), and tightening regulatory measures to prevent fraud at its roots.
This focus on prevention aligns well with the lessons learned from the UK: reactive measures like reimbursement can only go so far in mitigating the impact of fraud. However, to keep pace with increasingly sophisticated scams, the US also needs to adopt advanced verification tools and a more comprehensive layered approach.
The UK’s experience with CoP and mandatory reimbursement is a mixed bag—while these measures are valuable, they’re ultimately reactive. They don’t do enough to prevent the financial and emotional toll of scams.
Australia is strengthening reimbursement policies, but gaps remain. To really protect consumers, a proactive, multi-layered strategy is essential.
And then there’s the US. Their focus on prevention is a solid move, but without mandatory reimbursement and advanced verification, they risk falling short against the latest scams.
Final thought: The evolving threat landscape calls for a proactive, multi-layered strategy that integrates prevention, advanced technologies, and regulatory accountability—because relying solely on reimbursement is fighting yesterday’s battles.
CFOs must bridge the gap between finance and cybersecurity. Learn practical steps to enhance strategy and safeguard your organisation’s future.
Explore 2024 trends in cyber insurance and learn why combining robust cybersecurity measures with comprehensive coverage is essential for your business.
All the news, tactics and scams for finance leaders to know about in July 2024.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.