UNCOVER THE POTENTIAL FRAUD & COMPLIANCE RISKS AT EVERY STAGE IN YOUR PAYMENT PROCESS
Hover over the stages to reveal the corresponding warning
Click on each risk to learn about solutions to reduce it

Risk: Mis-directed payment

A misdirected payment is an electronic payment made by mistake to the wrong account, usually due to a customer or an employee entering the wrong payment information

Risk Reduction Solution:

• Bottomline’s Secure Payments solution rapidly detects anomalous activity. Dynamic profiling, scoring, and predictive risk analytics collectively produce alerts and prevent the transaction from proceeding before a loss occurs. Secure Payments combines comprehensive data capture, behaviour monitoring, network security analytics, and real-time transaction censoring.

Risk: Insider fraud

Also known as an employee or internal fraud, this is fraud committed by employees or someone within your company.

Risk Reduction Solution:

• Bottomline’s Secure Payments solution rapidly detects anomalous activity. Dynamic profiling, scoring, and predictive risk analytics collectively produce alerts and prevent the transaction from proceeding before a loss occurs. Secure Payments combines comprehensive data capture, behaviour monitoring, network security analytics, and real-time transaction censoring.
• Bottomline’s User Behaviour Analytics Monitoring identifies threats from external and authorised internal users by capturing real-time behaviour and misuse of access via machine-learning and rules-based detection. Suspicious behaviour identified within an environment or a transaction mode leads to an incident being logged, an alert being raised and depending on the parameters being used, the payment can be stopped before it is released into the payment network.

Risk: Compromised back-office systems

External attackers take advantage of network and user weaknesses via malware, phishing or advanced persistent threats. Command and control malware find their way into your organisation via email phishing scams or compromised websites; they are laden with malicious code and are designed to infect your endpoints.

Risk Reduction Solution:

• Bottomline’s Secure Payments solution rapidly detects anomalous activity. Dynamic profiling, scoring, and predictive risk analytics collectively produce alerts and prevent the transaction from proceeding before a loss occurs. Secure Payments combines comprehensive data capture, behaviour monitoring, network security analytics, and real-time transaction censoring.
• Bottomline’s User Behaviour Analytics Monitoring identifies threats from external and authorised internal users by capturing real-time behaviour and misuse of access via machine-learning and rules-based detection. Suspicious behaviour identified within an environment or a transaction mode leads to an incident being logged, an alert being raised and depending on the parameters being used, the payment can be stopped before it is released into the payment network.

Risk: Manipulation of Transaction

Where a fraudster gains access to the upload staging server/environment or somewhere in your upload process and gains access to your data and manipulates it during the payment and transaction stage.

Risk Reduction Solution:

• Secure the file/transaction
• Authentication of file and contents

Bottomline supports file encryption and authentication of the data, guaranteeing integrity and providing security when at rest. Bottomline is able to support this for all files/messages passing between applications, including client back office applications and Bottomline Services.

Risk: Data Compromised

There is where your data is at risk of being accessed or hacked during the journey from your environment into your payment provider. Here an attacker can gain intelligence from files in transit or at rest which could be used to script future attacks using your transaction history and knowledge of counterparties.

Risk Reduction Solution:

• Secure Data Transfer ensures that data exchanged between back-office applications and the SWIFT infrastructure is not compromised.
• Secure Internet and User Access via a secure VPN allows you to access purely the Internet (such as FTP) including when you access cloud solutions such as salesforce.com

Risk: Unauthorised User Access

Here, a fraudster could gain access to the environment and obtain important business information by using compromised user details. Once in they can review all business payment information; payee details, the amount, when the payments are made and how often, so they can orchestrate an attack to that fit the victim’s use of the environment.

Risk Reduction Solution:

• Multi-Factor Authentication is an extra layer of security protecting your organisation against common vulnerabilities such as weak or reused passwords, access to keystrokes or simple shoulder-surfing.
• Advanced User Role & Segregation prevents one person from submitting and approving payments across an entire business process.

Risk: Unauthorised Approval

At this point an already manipulated payment could be approved by a user who lacks the right authorisation and proceeds further through the payments process.

Risk Reduction Solution:

• Bottomline’s User Behaviour Analytics Monitoring identifies threats from external and authorised internal users by capturing real-time behaviour and misuse of access via machine-learning and rules-based detection. Suspicious behaviour identified within an environment or a transaction mode leads to an incident being logged, an alert being raised and depending on the parameters being used the payment can be stopped before it is released into the payment network.

Risk: Unauthorised Change

Here, there is a risk of user access being compromised in order to gain access to and manipulate important payment or account details in order to, for example, divert payments to another account or change the payment amount.

Risk Reduction Solution:

• Bottomline’s User Behaviour Analytics Monitoring identifies threats from external and authorised internal users by capturing real-time behaviour and misuse of access via machine-learning and rules-based detection. Suspicious behaviour identified within an environment or a transaction mode leads to an incident being logged, an alert being raised and depending on the parameters being used the payment can be stopped before it is released into the payment network.

Risk: Duplicate Payment

In the back office, where someone has access to the system or staging environment to upload payment information, there is a risk of the payment being processed twice intentionally.

The risk associated with duplicate payments goes beyond the double payment itself. It also affects the business’s reputation and costs money to either recover the extra payment or write-off the loss where the cost of recovery outweighs the value.

Risk Reduction Solution:

• Duplicate Detection and Interception views payments as they come through the environment and checks them against a reasonable timescale, i.e. three weeks to five days, to make sure that the same payment hasn’t passed through the system before. If it has the solution will stop the payment and alert you.

Risk: Fraudulent Transactions

Payment fraud is any false or illegal transaction completed by a cybercriminal. The perpetrator deprives the victim of funds, personal property, interest or sensitive information via the Internet.

Payment fraud comes in three ways:

• Fraudulent or unauthorised transactions
• Lost or stolen merchandise
• False requests for a refund, return or bounced checks

Risk Reduction Solution:

• Bottomline’s Secure Payments solution rapidly detects anomalous activity. Dynamic profiling, scoring, and predictive risk analytics collectively produce alerts and prevent the transaction from proceeding before a loss occurs. Secure Payments combines comprehensive data capture, behaviour monitoring, network security analytics, and real-time transaction censoring.

Risk: Regulation Violation

Here, there is a commercial risk of regulatory fines, reputational damage to the business and/or additional effort in meeting stricter regulatory scrutiny if a payment doesn’t meet current and ever-changing regulations, such as wire transfer (WTRC or WTR2).

Risk Reduction Solution:

• Wire Transfer Monitoring helps you monitor your transactions making sure that the payee and payer details are valid and complete, such as full name, account number and phone number and that all data meets the requirements of wire transfer regulations. It highlights where we’ve seen potential violations, i.e. John Doe listed as a beneficiary and alerting that information to protect the end-users of the solution.

Risk: Sanctions Violation

This is where payment doesn’t comply with the global sanctions lists made available by regulatory authorities such as the OFAC database, UN or the Bank of England. It is illegal to send payments to certain individuals and organisations and hefty penalties, and reputational damage can be incurred if sanctions are breached.

Risk Reduction Solution:

• Sanctions Filtering & Interception proactively reviews payments against a global sanctions list to confirm it complies with internal and imported watch lists (OFAC, UN, EU and OFSI/HMT). It includes customer screening, AML transaction monitoring and transaction screening.

Risk: Manipulation of Transaction

Manipulation can occur when the advice comes back, once payment has been released to a payment network and to the correspondent. The advice can be edited to avoid or remove evidence of fraud, enabling the fraud to go undetected for longer.

Risk Reduction Solution:

• Secure the file/transaction secures the data/file transfer session, encrypts with PKI and signs files with PKI digital signatures.
• Authentication of file and contents secures the data transfer, for example, with secure FTP over a secure VPN. It also authenticates the contents and keeps the integrity of the file.

Risk: Compromised Payment Gateways and/or Connectivity

Criminals target institutions infrastructure in order to compromise access controls, obtaining valid user credentials via a range of techniques including technical and social engineering, compromising Payment Gateways and the Connectivity to inject fraudulent payment transactions in order bypass other back office controls and processes designed to detect and in some cases stop such transactions.

Risk Reduction Solution:

• Bottomline’s secure and accredited Universal Aggregator service, a service that delivers scheme accredited and audited connectivity services to global and domestic payment infrastructures. Using accredited secure interfaces.

Risk: Compromise of transmission integrity and confidentiality

Criminals can directly target the payment flows within an institutions infrastructure in order to inject fraudulent payment transactions or to gather intelligence of payment related operations, profiling accounts, currencies, values, volumes etc. in order plan a potential attack.

Risk Reduction Solution:

• Bottomline’s secure and accredited Universal Aggregator service, a service that delivers scheme accredited and audited connectivity services to global and domestic payment infrastructures. Leveraging a range of scheme standards and mandated security to deliver transactions to scheme and correspondents securely and reliably.