Most companies have little to no fraud controls in place, leaving them vulnerable to costly scams. But stopping fraud doesn’t have to be expensive or complicated.
Adam Tyra, CISO for Customers at At-Bay, shared a simple yet powerful mindset shift. When a company had an active fraud risk but was hesitant to alert their partners, he reframed the risk: Would you make 100 calls if it meant saving $75,000? Suddenly, the answer was yes.
Fraudsters exploit urgency and trust. A few no-cost steps can make a big difference. Voice-verify any request to change payment details. Add clear warning labels to payment instructions. Vet your vendors to ensure they take security as seriously as you do.
Fraud prevention isn’t just about tools and budgets. It’s about habits. The right ones can save your business from a major loss.
If you don't have anything for fraud, you have no fraud controls in place, which unfortunately describes the majority of companies. There's three things you can do right now for the cost of free that will make a huge difference in your fraud risk. Step number one, for everybody at your company that handles any sort of payments inbound or outbound, including things like payroll, just take the time to voice verify. If that person gets an e-mail that says like hey, I need to change this, say OK, just one second, let me validate. Get somebody who knows that person to return their call or contact them face to face if possible to verify that it's actually a real thing. That customer I talked about earlier that was thought that they had been breached. The recommendation I gave them was, OK, you're being targeted by an active fraud campaign, You need to call everybody you have an invoice outstanding to and tell them to be on the lookout for this. He said, well, you know, we don't really want to do that. And I said, all right, but if I told you I was gonna pay you $75,000 to do this, would you do that? Would you make 100 phone calls or 200 phone calls? Well, if you look at it like that, it suddenly makes a lot of sense. So voice verify thing #2 warning labels anytime. You share payment instructions with anybody, put a warning message at the top of it that says something like, hey, we're never going to change our payment instructions to you via e-mail. That's only going to come on a telegram, a fax, some sort of out of band mechanism that's difficult to spoof or, or not at all, right? So if you take the time, you put that at the top, you put everybody on notice to the fact that you're not going to do this thing that a fraudster might attempt to do. The third thing, and this is just to hit on something that I talked about last time when we were discussing a third party risk, you need to do at least a minimum of due diligence on your vendors, right? You're sharing sensitive information with a lot of these companies. You're relying on them for some aspect of your business, whether it's, you know, parts and equipment or supplies that you need to stay running or maybe it's a service. Those vendors need to have at least the same level of security controls you do for you to feel good about doing business with them. And if they don't, you need to look for opportunities. Build resilient.
