Businesses can protect themselves from scammers

  • ITNewsAfrica.com
  • Technology News
Businesses can protect themselves from scammers
Credit: © Reuters.

In an increasingly digital world, it is somewhat ironic that “the best defense against change of banking detail scams is hardly digital, or very sophisticated, at all,” says Bilal Kajee, Head of Risk Management, Business and Commercial Banking at Standard Bank (JO: SBKJ ) Group. “A simple, old fashioned phone call to the supplier or third party that you are about to pay can quietly and quickly scupper even the most sophisticated digital payment scams,” he adds.

Critically, it’s important to make these calls as soon as fraud is suspected. The longer it takes to identify and report a scam involving changed banking details, the more damage can be done.

Criminals will go to great lengths to prolong scams. For example, “after changing payment details, fraudsters will often continue sending businesses false statements showing how their debt is being paid down” reports Kajee. It is only when the real supplier terminates services that clients realise they have been scammed.

While businesses can’t control who accesses their clients’ or suppliers’ invoicing records, they can control their own payments. Businesses can easily call suppliers, for example, and verify amounts and payment details. They can also follow up with suppliers, confirming that they have indeed received the funds sent. And “you don’t have to wait 48 hours,” says Kajee. Most banks can confirm payment of funds almost immediately, even if they’re not yet showing on the recipient’s statement. Again, “a simple call is all that’s required,” he adds.

Here’s how to spot and avoid change of banking detail scams:

  • Emails advising change of payment banking details are the most obvious red flags. These should always be followed up with a phone call to the beneficiary to check whether banking details have indeed changed and are correct as per the email received. Ideally, businesses should call a person they know, on a number they have been using for a while to deal with the supplier. “Avoid calling any new names or numbers that appear on the change of banking details email. Instead, call the people you have been dealing with for years,” advises Kajee.
  • If businesses are unable to call the supplier directly to validate payment details, they can call their own bank. All banks provide account validation letters.
  • Alternately, Standard Bank clients can validate account and account details themselves through the Account Verification Services function on Standard Bank’s payment platform.
  • Simply “sending suppliers proof of payment, showing names and account numbers is also a pretty foolproof – and completely analogue – way of nipping a scam in the bud,” adds Kajee.
  • Updating malware shields and other protections on email systems is also critical. Scammers can use malware specifically targeted at billing systems to infiltrate businesses simply by sending clients an email which their staff then open.
    • Kajee also reports that while many CEOs or finance heads believe staff are calling beneficiaries and conducting these basic checks, “operational staff are often not told what to look out for and don’t, in every case, check that funds have been received by beneficiaries – especially when there are multiple payments monthly.”

    The frequency of data breaches means that even if individual client businesses and Standard Bank ecosystems are secure, fraudsters can still easily get hold of third-party supplier and other beneficiary details, including emails and often passwords too.

    While the client or supplier environment is completely external to businesses and their banks, “this doesn’t mean that businesses can’t to some extent also manage these external exposures,” says Kajee. Simple know-your-client strategies, regular personal contact and communication with clients and beneficiaries supported by a business practice environment that educates staff on threats while empowering them to call and check, present formidable defense against change of banking detail scams.

    If there is rule of thumb at all, it is to “avoid an entirely digital process,” says Kajee.

    Scammers, for example, sending an email with fraudulent payment details rely on staff responding directly to the mail, using exactly the details on the fraudulent email. One call or check outside of this loop, independently verifying details internally, with a bank or directly with the third party, “breaks the chain of disinformation, dramatically reducing the potential impact of change of banking details fraud,” concludes Kajee.

    //Staff writer

    Read more on ITNewsAfrica.com

    Add Chart to Comment

    Comment Guidelines

    We encourage you to use comments to engage with users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind: 

    • Enrich the conversation
    • Stay focused and on track. Only post material that’s relevant to the topic being discussed.
    • Be respectful. Even negative opinions can be framed positively and diplomatically.
    •  Use standard writing style. Include punctuation and upper and lower cases.
    • NOTE: Spam and/or promotional messages and links within a comment will be removed
    • Avoid profanity, slander or personal attacks directed at an author or another user.
    • Don’t Monopolize the Conversation. We appreciate passion and conviction, but we also believe strongly in giving everyone a chance to air their thoughts. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
    • Only English comments will be allowed.

    Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at Investing.com’s discretion.

    Drop an image here or Supported formats: *.jpg, *.png, *.gif up to 5mb

    Error: File type not supported

    Drop an image here or

    100
    Please try another search