Comment

Looking to stop payment fraud? Modernise your approach to bank validation

Shai Gabay explains why traditional bank account validation is inadequate and is placing businesses at risk of fraud.

Credit: thinkhubstudio / Shutterstock

H​​​​​​​ow confident are you that your organisation’s security protocols can prevent payment fraud? Surprisingly, many teams firmly believe the current procedures and controls they have in place are sufficient to stop fraudulent activity. This includes one of the most common practices, bank account validation. I say “surprisingly” because, in today’s increasingly digital world, the reality is that the traditional methods are no longer adequate, and they are putting businesses at risk. 

Traditional bank account validation processes were designed to ensure that an account exists and is active by verifying critical information, such as the account holder’s name, account number, the bank’s routing number, and more.  

Through these steps, businesses could confirm an account’s legitimacy and pave the way for the smooth flow of funds while reducing the risk of errors, fraud, and financial losses. At the same time, businesses could weed out fraudsters behind illegal activities by spotting disparities between the information they provided and the real vendor’s details.  

While effective in their time, these traditional validation methods are showing their age and are no match against today’s fraudsters. Here’s why. 

Conventional methods fall short

As I said earlier, traditional validation confirms that an account exists and is linked to the specified business or individual. A common practice is the “Call Bank” procedure. Just as the name indicates, this is where calls are made to the vendor to verify any bank account changes. This makes sense, and it works when you know the person on the other end of the line is who they say they are. But today, knowing the identity of the person you’re speaking to is not so black and white. In many instances, the individual could be the fraudster who has compromised the account. 

This is why conventional methods are insufficient. In this instance, they cannot determine if an account was set up by a bad actor who stole personal information to create seemingly legitimate accounts. This is not uncommon, and to make matters worse, the process is far from complex, opening the door for a growing list of fraudsters. 

Here’s an example of how this could all play out. As part of their day-to-day operations, a finance executive at a global company opens dozens of bank accounts in different locations. Next thing you know, their mailbox is compromised, providing the attacker with everything they need to open additional bank accounts on their behalf. To the outsider, everything appears to be legitimate but that is clearly not the case. 

This scenario shows how, with a verified account, the bad actor can extend their activities, such as submitting fraudulent invoices or instructing clients to send funds to a new account. This is also why finance executives counting on traditional validation processes should be terrified. Their systems do not flag this activity since the information used is legitimate. Adding insult to injury, this fraudulent activity is happening across different financial institutions, making detection even harder. At Trustmi, in just the last year alone, we’ve had thousands of cases just like these, and not only in unique locations or smaller banks. 

The time to move beyond traditional bank validation is now

Considering the scenario above, two things are clear. First, payment fraud is happening, and with great regularity. According to the Association for Financial Professionals (AFP) 2024 Payments Fraud and Control Survey Report, 80% of organisations were victims of payment fraud attacks or attempts in 2023, up 15% from 2022. Second, traditional approaches, while still valuable, are not enough. Businesses need a more holistic strategy to detect fraud that connects all aspects of the payment process and identifies fraudulent activity at various points. 

The key is to dramatically enhance traditional bank validation with advanced techniques. This includes integrating existing methods with new technologies like artificial intelligence (AI). AI can detect anomalies and suspicious signals within a fraud scheme, connect the dots of a vendor’s behaviour and pattern, and prevent misdirected payments. It can also recognise fake vendor invoices and analyse email communications to flag BEC attacks, social engineering attempts, or executive impersonation, among other fraud detection capabilities. 

In addition to transforming traditional validation systems, education and training are crucial. Employees must be trained to recognise signs of potential fraud and understand the importance of adhering to secure procedures.  

Regularly updating security protocols and conducting thorough audits can help maintain a robust defense against evolving threats. 

Lastly, embrace collaboration. While sharing private fraud-related information (including examples of successful preventative measures) with businesses, financial institutions, and technology providers may not come naturally, businesses cannot be hesitant. By working together and sharing insights, organizations can stay one step ahead of fraudsters, protect their assets more effectively, and establish a more secure ecosystem. 

Digital transformation has had an incredible impact on businesses across all industries, but these same advancements have also ushered new challenges as well, including a great risk of payment fraud. Just as cybersecurity solutions have had to adjust, so too must traditional bank account validation methods which cannot counter sophisticated fraud tactics on their own. By infusing new AI capabilities and investing in education, training, and collaborative ecosystems, businesses can create a more sophisticated validation process that can spot and stop this fraudulent activity and safeguard their assets. 

Shai Gabay is the co-founder and CEO of Trustmi 

The end-to-end payment security platform, Trustmi, was founded in Israel in 2021. Prior to Trustmi, Gabay was General Manager at Opera, VP of Product and Services at Cynet, CIO at Cyberbit, and the CISO at Discount Bank.