2024 was the year cybersecurity evolved from an IT function to an organization-wide risk issue.
But while external cyberattacks dominate headlines, insider fraud — the deliberate exploitation of an organization’s systems by employees or individuals with internal access — presents an equally formidable challenge.
And as a settlement announced last week (Sept. 5) between CIRCOR International Inc. and the U.S. Securities and Exchange Commission (SEC) reveals, inside fraudsters tend to both target and operate within their organization’s finance and accounting departments.
Per the SEC complaint, CIRCOR’s finance director “concealed his misconduct by manipulating account reconciliations, falsifying certifications, fabricating bank confirmation documents, and misleading CIRCOR’s management and independent auditors.”
Employees in finance and accounting best understand their organization’s financial processes, internal controls and loopholes. This insight allows them to exploit weaknesses without raising suspicion. Fraudsters hiding in finance departments can manipulate accounting records, hide unauthorized transactions or create false entries, making it difficult for regular audits or oversight to detect discrepancies.
In some organizations, especially smaller firms, finance staff may have overlapping roles, such as handling both payments and reconciliations, reducing checks and balances that could detect fraudulent activity.
All this combines to make insider fraud notoriously difficult to detect, often requiring businesses to wade through vast volumes of data and navigate a myriad of complexities to catch early warning signs.
Read more: Why Business Email Compromise Scams Target Valuable B2B Relationships
Organizations that invest in automation and data-driven solutions will be better equipped to protect their assets, reputation and long-term success.
That’s because identifying potential red flags and malicious activities through traditional manual review methods is a time-consuming, resource-intensive endeavor. The sheer volume of transactions, interactions and data points within modern organizations further complicates this task, making the use of automated systems and data-driven approaches indispensable.
One of the primary benefits of automation is its ability to continuously scan data for irregularities. Automated systems can be programmed to detect anomalies in real time, flagging unusual patterns such as unauthorized access to sensitive information, unusual financial transactions, or deviations from typical employee behavior. With machine learning (ML) and artificial intelligence (AI) technologies, these systems become smarter over time, refining their algorithms to improve detection accuracy.
PYMNTS Intelligence finds that over a quarter of surveyed firms (27%) use AI for high-risk, complex tasks, while nearly 90% have at least one high-impact use case for the innovative technology.
Automated fraud detection tools can also aggregate data from multiple sources, such as financial transactions, employee communications and operational logs, to form a holistic view of activities across the organization. By cross-referencing different data sets, these systems can identify potential risks that might be overlooked by manual analysis.
“One of the biggest differences between the consumer world … and the enterprise world is that different people are allowed different access to different information,” Eddie Zhou, head of AI at Glean, told PYMNTS. “Permissions are a first-class thing you have to think about with enterprises.”
For example, an employee making excessive changes to financial records or attempting to access confidential customer data outside of normal business hours could trigger an automatic alert. These real-time insights enable organizations to respond promptly, limiting the damage of any fraudulent activity.
Read more: Behind Company Walls: Protecting Against the Evolving Insider Fraud Threat
In interviews for the “What’s Next in Payments” series, executives stressed to PYMNTS that a multilayered security strategy, also known as defense in depth, is crucial for reducing risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.
One of those key defensive layers is increasingly the digitizing of legacy and paper-based payment workflows.
Research from PYMNTS Intelligence has shown that virtual cards and digital spend management solutions can help finance departments close the books faster while guarding against fraud.
“In today’s operating environment, being reactive leaves firms at a disadvantage. Fortunately, virtual cards are changing the game for businesses by letting them proactively — and easily — control their spend,” Dan Hanks, vice president of global product development at i2c, said in an interview with PYMNTS.
By leveraging real-time monitoring, predictive analytics and behavioral data — all things that data-rich payments environments provide — businesses can enhance their ability to detect and mitigate insider threats, particularly those within the finance function.