Rising Treasury Payment Frauds – What You Need to Know

In recent months, treasury payment fraud has been on the rise, with criminals becoming increasingly sophisticated in their methods. Treasury departments, handling large-scale financial transactions, are prime targets for fraudsters who exploit weaknesses in payment processes and internal controls. This newsletter highlights key fraud trends, recent cases, and how organizations can better protect themselves.

Top Fraud Trends in Treasury Payments

1. Business Email Compromise (BEC) and Email Spoofing

Fraudsters are impersonating senior executives or trusted suppliers, tricking treasury teams into making urgent, high-value payments to fraudulent accounts. These scams, often carried out via spoofed or compromised emails, have led to significant losses.

Example: A global company recently lost over $20 million in a BEC scam targeting their treasury team  .

2. Insider Threats

Employees with access to treasury systems are sometimes the culprits, manipulating payment processes for personal gain. Insider fraud can remain undetected for extended periods, making it particularly dangerous.  

Example: An internal audit revealed an employee siphoning small amounts from treasury payments, accumulating over $1 million over several years  .

3. Phishing Attacks Leading to Credential Theft

Phishing remains a common tool for fraudsters. These attacks steal login credentials, granting unauthorized access to treasury systems. Once inside, fraudsters can change vendor details or authorize payments.  

Example: A phishing attack on a large organization resulted in $5 million in fraudulent payments after the attackers changed vendor banking details .

4. Fake Invoices and Supplier Fraud

Fraudsters send fake invoices that mimic legitimate ones, altering bank account details to divert payments. These fraudulent invoices can pass through initial checks, making detection difficult until after the funds are lost.  

Example: A company paid nearly $2 million to a fraudulent supplier after processing an altered invoice .

5. Malware and Account Takeovers

Cybercriminals use malware to monitor and take over treasury computers, allowing them to initiate or alter payments undetected.  

Example: A remote-access malware attack led to over $10 million in fraudulent payments before it was discovered .

‍

What’s Driving These Frauds?

1. Weak Internal Controls: Insufficient segregation of duties and lack of multi-factor authentication (MFA) create vulnerabilities.

2. Staff Training Gaps: Fraud often succeeds because employees aren’t trained to recognize the latest tactics, such as phishing and BEC attacks.

3. Vendor Verification Issues: Inadequate processes for verifying changes to vendor banking details increase exposure to fraud.

4. Delayed Fraud Detection: Many organisations rely on manual checks, audits, and reconciliations, which delay fraud detection.

How to Protect Your Treasury Department

1. Strengthen Internal Controls:

Implement strong segregation of duties, enforce multi-factor authentication for accessing payment systems, and set up dual authorization for high-value transactions.

2. Enhance Staff Training:

Provide regular training sessions for treasury and finance teams on identifying phishing, BEC, and other fraud schemes. Include simulated phishing exercises to raise awareness.

3. Leverage Fraud Detection Tools:

Invest in AI-powered tools to monitor treasury transactions in real-time, flagging any suspicious activity. Predictive analytics can also help identify insider threats.

4. Improve Vendor Verification:

Develop a robust vendor verification process for changes to banking details, and regularly audit vendor accounts.

5. Implement a Rapid Response Plan:

Set up a fraud response protocol to immediately freeze transactions and alert banks if fraud is suspected. Ensure your team knows how to act quickly when an incident occurs.

‍

By staying vigilant, enhancing internal controls, and educating your staff, you can significantly reduce the risk of falling victim to treasury payment fraud. Let’s work together to keep our financial systems secure!

Sources:

1. Deloitte. "Cyber Risks in Treasury: The Emerging Threats." 2023.  

2. PwC. "Global Economic Crime and Fraud Survey." 2023.  

3. Association for Financial Professionals (AFP). "Treasury Fraud Prevention Survey." 2023.  

4. The Wall Street Journal. "Business Email Compromise Cases Surge." April 2023.  

5. KPMG. "Insider Fraud in Treasury Departments." August 2024.  

6. Financial Times. "The Rising Threat of BEC Fraud in Corporate Treasury." June 2024.  

7. EY. "Protecting Against Supplier Payment Fraud." March 2024.  

8. Cybersecurity Ventures. "Malware Threats to Treasury Systems in 2024." May 2024.

‍