Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
When it comes to prioritising your payment security investments, it pays to start by focusing on quick wins that address the threats your organisation is most likely to face.
In this blog, we will explore the key issues a modern CFO needs to consider when it comes to uplifting their organisation’s payment security posture, and how to prioritise those investments that provide rapid, measurable security improvements.
Payments security must be a top priority for all finance executives.
We live in an interconnected world, in which digital payments are an integral part of doing business. However, there are significant risks that can arise from neglecting to implement best-practice security measures around your payments. Not only is there the risk of losing significant amounts of money, you may also face legal repercussions, business disruption and long-term harm to your organisation’s reputation.
The risk is particularly acute around electronic funds transfers, or EFT, payments.
When processing an EFT payment, Australian banks do not have the ability to match the Account Name with either the BSB or Account Number. This inability to match the data is a significant verification gap that opens the way for cyber-criminals to infiltrate IT systems, manipulate payment data and defraud your organisation.
And unlike a credit card transaction, which may be reversible, once you process an incorrect EFT payment, it’s almost impossible to retrieve the funds.
That’s why it is critical to prioritise the right security investments to help ensure you’re always processing EFT payments to the correct recipient and the correct bank account.
When assessing approaches to uplift the security around your EFT payments, it increasingly makes sense to adopt a risk based approach that analyses:
A risk based approach makes common sense. After all, every organisation has limited resources. You need to prioritise your initiatives in ways that provide the best return on investment in terms of security uplift.
By following a risk based approach, you avoid the trap of trying to do too much with too little. You avoid spreading your security investments too thinly, which can result in inadequate spending on preventing the most critical threats and leaving your organisation exposed on multiple fronts.
According to McKinsey and Co., a risk approach helps protect your organisation’s assets at less expense and in ways that improve productivity.
Many risk analysts calculate risk using the following formula:
The impact of a potential incident x The probability of that incident occurring
When it comes to assessing EFT payment risks, some potential incidents may have a high impact, but very low probability of occurring. For example, your bank could suffer a devastating denial of service attack, taking it offline for an extended period. This would have a high impact on your organisation’s ability to process EFT payments, but the probability of this happening is likely to be quite low – and in any event, there’s nothing you could do to prevent it.
By contrast, the probability of facing a Business Email Compromise (BEC) attack is likely to be quite high, given that the Australian Cyber Security Centre (ACSC) reported over 4,600 BEC incidents in the 2020-2021 financial year. It therefore makes sense to focus your risk mitigation investments in defending against a BEC attack.
It is also important to consider the cost of preventing an incident against the potential costs of experiencing that incident.
As outlined above, there are many potential repercussions and costs associated with experiencing an EFT fraud event. At a minimum, the ACSC reports the average cost of a successful BEC attack to now stand at $50,600. This figure just represents the direct cost and doesn’t include all the associated costs, such as legal expenses, business disruption and reputational damage.
Taking into consideration all these associated costs, it becomes clear that the cost of mitigating the risk of EFT payment fraud is likely to be significantly less than the cost of the fraud itself. It therefore makes sense to prioritise your security spending around mitigating EFT payment fraud.
Given the magnitude of the many security threats currently facing Australian organisations, it makes sense to focus on those initiatives that provide quick wins.
We know that few attack-vectors are as prevalent in Australia as BEC. It therefore makes sense to address this threat as a top priority, especially as most organisations remain vulnerable due to an over-reliance on manual controls that are susceptible to being circumvented by sophisticated fraudsters.
Through to adoption of technical solutions that mitigate the risk of fraud, organisations can quickly uplift the resiliency of payment security, whilst reducing the over-reliance on manual controls.
For CFOs and finance executives, investing in technical payment security initiatives also makes sense as it is a domain they understand well and will be able to see first-hand the tangible benefits such investments provide.
When it comes to implementing technologies that strengthen your resilience around EFT payments, Eftsure is uniquely placed to deliver the security uplift you need.
Our solution addresses the verification gap that exists in the Australian banking system by verifying EFT payments in real-time against our database comprising over 2.5 million organisations, including over 80% of actively trading Australian companies. When processing an EFT payment, you gain confidence that other organisations have successfully used the same banking information to pay the same supplier.
This significantly reduces your exposure to a range of both internal and external fraud events, drives greater efficiencies in your accounting processes and makes you less reliant on vulnerable manual security controls.
Book in for a no-obligation demo today and see the full range of benefits Eftsure can deliver your organisation today.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.