Fraud on the rise: how can you protect yourself better?

Every year brings its share of economic turbulence and uncertainty about the resilience of businesses in the face of rising cyber-risks and fraud.

An explosion in fraud thanks to fertile ground

Two out of three French companies were the victims of at least one fraud attempt in 2023 (half of them linked to cyber attacks), an increase of 28% in one year, according to a survey of 200 finance departments conducted by Opinionway / SAP-Trustpair.

In its cybersecurity barometer, Cesin (Club des Experts de la Sécurité de l'Information et du Numérique) adds that one out of every two companies in France will have had to deal with at least one cyber attack in 2023. Among the most common frauds are identity theft (30% of attacks), president scams (28%), indirect attacks via third parties (27%), and fraudulent transactions (18%). According to the Opinionway/SAP-Trustpair study, the latter mainly concern RIB fraud (via e-mail hacking) and fake suppliers, which affect a third of victims.

Increased complexity

These frauds have exploded due to the increasing digitalization of businesses. The multiplication of online transactions, economic crises, cybersecurity breaches and the complexity of supply chains are also contributing to this trend.

No company is totally immune to the risk of external or internal fraud. In the space of just a few years, fraud has undergone profound changes, and is now part of a dynamic marked by several major trends:

1. Fraud penetrates further into organizations: it's no longer just a question of stealing data or embezzling funds, the aim is to get to the heart of organizations and affect all functions, as digitalization, dematerialization and the diversity of digital uses permeate all professions and employees.
2. Fraud is diversifying, and no longer spares any sector: as can be seen from the attacks that are increasingly affecting local authorities and healthcare establishments.
3. fraud is more targeted: fraudsters focus on the ROI of their actions and on targets likely to generate immediate financial gain, using ransomware and phishing for example.
4. Fraud is more costly: companies have to invest more and more in efficient security solutions, recruit the right skills, insure themselves and, above all, cover the amounts of fraud they fall victim to. Even with cyber insurance, the sums involved are significant, and can even jeopardize an organization's survival.
5. Fraud is more difficult to detect: frauds are based on highly complex modus operandi: on the one hand, because fraudsters have a very detailed knowledge of the processes of the companies they are targeting, as can be seen, for example, with President frauds, which go to great lengths to manipulate their interlocutors. On the other hand, with advances in artificial intelligence, fraudsters can personalize e-mails to steal identities or launch phishing operations, as well as successfully luring internal control processes or falsifying digital documents.
6. Fraud attracts more and more fraud professionals: as the financial gains generated are ever greater, it is logical that they attract organized and professional groups, particularly those linked to international crime, which constantly adapts to opportunities.
7. Fraud is triggered more quickly: as soon as a vulnerability is detected, it is immediately exploited by fraudsters, who bet on victims' lack of knowledge in order to reap maximum profit, especially if the risks are low. And the Dark Web offers a host of tools to make hackers' lives easier. According to Interpol, " technology appears to be accelerating opportunities for criminal groups. The use of artificial intelligence, broad language models and crypto-currencies make fraud exponential with low investment."

For several years now, changes in the way frauds are carried out have had concrete consequences for victim organizations:

1. Direct or indirect financial losses: theACFE (Association of Certified Fraud Examiners)[1] estimates that companies lose the equivalent of 5% of their sales, with an average cost of $1.7 million. In the Opinionway/SAP-Trustpair survey, one French company in two lost an average of 50,000 euros per fraud.
2. Damage to brand image and reputation: in the age of social networking and the media coverage of cyber-attacks, frauds are often revealed to the general public. As we saw, for example, with the embezzlement of 100 million euros from the Kiabi supermarket chain, which was widely covered by the media and highlighted the shortcomings of financial control. The media's impact is also felt by customers, shareholders and investors.
3. Operational disruption: fraud disrupts the day-to-day operations of victim organizations, especially when investigations are required and the information system is no longer usable. Cyber attacks are the leading cause of disruption to information systems.
4. Legal and regulatory risks: frauds can engage the liability of managers or the company as a whole, for example if customers are harmed. Similarly, according to the Opinionway survey, four out of ten companies that are victims of fraud fear the regulatory consequences (fines, re-compliance, etc.).

Betting on automation and continuous monitoring

Faced with the proliferation, complexity and diversity of fraud, how do we react? Three fundamental principles are essential:

1. Develop scenarios to anticipate what is most likely to happen. These scenarios will be adapted according to business lines, financial stakes, types of potential suspicious transactions and existing processes. Each scenario will be assigned a degree of occurrence (from unlikely to very likely) and impact (low to very high).
2. Always know who your company is connected to, whether customers, suppliers/subcontractors or partners. This is one of the best ways to prevent fraud such as false RIBs and suppliers.
3. Act faster by automating. We can't detect, understand and react to fraud by relying on humans alone, even with the best awareness. Automation remains essential to detect fraud faster, spot weak signals, take into account all potential targets and react in real time.

To these three commandments, we can add a fourth: equip yourself with the right solutions. In particular, AP Monitoring, which meets these fundamental needs:

- easily configurable scenarios, with pre-programmed rules that can be combined with behavioral analyses,

- detection of inconsistencies linked to customers/third parties (changes of address, RIBs, monitoring of high-risk profiles)

- real-time analysis and documentation of suspicious transactions (information collected, decisions taken, alert history, etc.) and any other anomalies, enabling fraud to be identified before it causes significant damage.

With AP Monitoring, you can fight fraud proactively, while helping to maintain regulatory compliance!

Discover our new solution soon!