Cyber Brief for CFOs: October 2024
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all …
Major fraud continues to make headlines, illustrating the uncomfortable reality of insider threats. Most recently, media reports have detailed the shocking case of a former Coles executive who stole $1.9 million from the national supermarket giant.
The offender’s lack of sophistication and failure to cover his tracks have raised questions about the effectiveness of internal control systems. In this blog, we’ll explore how Coles could have prevented the insider incident and averted major financial losses.
Source: 7News
As a finance executive at Coles Online, Aaron Baslangic had the authority to authorise payments up to $75,000. Exploiting this position, he orchestrated 14 illegal payments ranging from $10,000 to over $400,000.
To evade detection, Baslangic altered emails to make it seem like his supervisor had approved the transfers. The payments were directed to fictitious businesses under his name and legitimate organisations like the Australian Taxation Office, which he redirected into his own accounts. Baslangic used the embezzled funds for personal expenses, including luxury shopping.
Sadly, this incident isn’t an isolated occurrence. Incidents were reported 44% more frequently in 2022 compared to the previous year, and “trusted insider” attacks have impacted a wide range of organisations and sectors. Large organisations are more likely to experience higher losses due to internal fraud compared to SMEs, with the average cost estimated to be over AU $20M.
The judge described Baslangic’s behaviour as unusually unsophisticated, bizarre and inexplicable. It’s a common characteristic when it comes to internal fraud cases – most of us are acting in good faith, so we just assume others are doing the same and would never assume a coworker is brazenly embezzling company funds. As a result, many fraudulent activities go unnoticed despite unfolding right in front of colleagues and within control systems, which are often slow to detect anomalies.
But Eftsure is designed to prevent payment fraud early and in real-time, whether the threat is coming from inside or outside the organisation.
Using the events described in the news coverage, here’s how Eftsure could have effectively alerted the recent fraud case at Coles.
Eftsure ensures that all payees are thoroughly verified and provides a digital interface to confirm that all payments are authorised before they are processed. In this case, any payment above Baslangic’s approved limit would have triggered an alert within the system, allowing higher-level authorities to easily check the payment files. This would have thwarted his attempts to make unauthorised transfers.
Plus, Eftsure’s advanced supplier verification capabilities would have raised red flags when Baslangic directed payments to fictitious businesses. By cross-referencing vendor information with Eftsure’s database of more than 4 million bank records and conducting real-time checks, Eftsure would have identified the fraudulent entities and signalled all team members at Coles.
Eftsure employs intelligent algorithms to control and monitor payment activities for any unusual patterns or suspicious behaviour, the system would have alerted the team at Coles about paying a variety of businesses using the same bank account. This proactive real-time monitoring would have identified the misdirected funds to fictitious businesses, leading to timely intervention and prevention of fraud.
The Coles fraud case highlights the urgent need for robust internal control systems to mitigate the risk of internal fraud. By implementing Eftsure’s comprehensive financial security tool, Coles could have significantly reduced the likelihood of such fraud occurring.
Eftsure’s payment verification and supplier verification features would have acted as strong safeguards against these fraudulent activities, saving the company from substantial financial losses and reputational damage.
It’s uncomfortable to talk about internal threats because no one wants to think that anyone in their team is capable of acting in unethical or outright criminal ways. But it’s not just internal fraud risks that finance leaders need to consider, since plain human error is enough to incur major losses, both financially and reputationally. Even when employees are acting in good faith, a lack of guardrails can heighten financial risks.
When your job includes acting as the main defender of your company’s financial health, the right approach is to hope for the best but plan for the worst. Centralised, automated controls can ensure you’re defending against both internal and external threats.
Eftsure is a fast, easy-to-implement layer of technical security. It’s just one part of a comprehensive cyber-crime strategy, which should encompass people and processes, too:
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all …
Discover key insights from the OAIC report on data breaches, including the impact of human error and strategies for CFOs to protect their organisations.
Discover key trends from SXSW’s “Friend or Foe: Whose Side is AI on in the Digital Scam Wars?” and how AI is transforming both fraud prevention and execution.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.