CEO fraud runs rampant, but can be minimised with an IBAN-Name Check
Of all the types of fraud out there, CEO fraud is the kind that can do immense damage par excellence. This is not just financial damage; trust within an organisation can also be severely dented. The key question to be answered, therefore, is: ‘How can CEO fraud be minimised before more companies suffer?’
Why does CEO fraud deserve attention now?
The number of cases of CEO fraud and the enormous financial damage it causes is rising fast. These are not just incidents where an employee ‘briefly failed to pay attention to a payment’, but extensive and devious international scams.
Just a few years ago, for instance, the cinema chain Pathé was scammed for a total amount of €19 million. Although many companies were shocked by this then and also took their extra control measures, CEO fraud seems almost impossible to prevent.
Just last year, Rotterdam-based metal company Jewometaal fell victim to a CEO fraud organised down to the last detail. In the process, €11 million was looted. But smaller companies can also easily become victims. Take, for instance, the financial services company from The Hague that thought it was distributing money to shareholders, when in reality the one and a half million euros ended up directly in the accounts of fraudsters. So it is high time to take additional measures. The only question is ‘how’?
What exactly does CEO fraud entail?
It is good to first understand how CEO fraudsters operate so that you can recognise it. There are different scenarios that fraudsters adhere to, but the basic steps are often the same:
● A financial officer is (supposedly) contacted by email, or by phone, by the CEO with a request to transfer a large sum of money immediately.
● The instruction is framed in such a way that it is immediately clear to the employee that this is an urgent matter.
● The message to the employee obviously does not come from the CEO himself, but from the fraudster. However, the fraudsters have done good research beforehand and make the e-mail or phone call appear personal and trustworthy.
● To avoid the employee going elsewhere to check whether the request is correct, it is often emphasised that the matter is highly sensitive or confidential.
The combination of personal details, urgency and confidentiality mean that CEO fraud is regularly effective.
How to limit CEO fraud (also with an IBAN-Name Check)
One of the most important measures to prevent CEO fraud is to make people aware that it is happening. So, even if an email, or app, or in some cases even a phone call seems so reliable and familiar: people should always remain critical.
Internal control systems need to be in good order, so also (and especially) make agreements on how urgent and confidential payments are handled.
Examples of standard payment controls you can implement in this regard are:
Always have at least two employees check the payment.
Do not reply with a ‘reply’ to an e-mail, but always send a new verification e-mail via the internal contact list.
Contact the sender by phone, using the phone number confirmed internally.
But even with these control mechanisms, there is still a chance of something going wrong. This is why the IBAN-Name Check is an important part of this type, but preferably all payments.
Indeed, with the IBAN-Name Check, a warning is immediately issued if the recipient’s name and account number do not match. This allows fake accounts to be found quickly. But there are even more checks to perform that minimise fraud.
Additional checks, for maximum security
In addition to checking that the account number and name match, additional checks can easily be done via the SurePay application. For example, is the account active, and are there one or more account holders? One of the most important checks here is also whether it is a business or private account. Because fraudsters often prefer to use a private account for their activities. This is because banks impose higher requirements on business accounts when they are opened. Fraudsters are much more likely to be spotted there.
Our solution can be easily integrated through an API, or do an IBAN-Name Check directly through our portal.
More information or a demo? Make an appointment with Rob Weerts, Business Development Manager via the button below.