Business Practices, eNews
How Credit Professionals Can Mitigate Liability of Fraud
In 2022, six out of 10 companies were targeted by fraud attempts in the U.S., according to data from TrustPair. 55% of companies targeted by fraud attempts indicated changes in supplier information on legitimate payment as how the fraud was perpetrated. Fraudsters send an email impersonating a supplier and asking to change their bank account information for example.
“B2B payment fraud affects companies in various ways,” the article reads. “The first obvious impact is financial loss. In 2022, 24% of company’s victims of fraud lost more than $100,000, and 5% lost more than $1 million. Unfortunately, funds are rarely recovered, especially when they stem from international or instantaneous transfers.”
Fraud prevention starts with individual employees, and credit professionals should be especially careful as the overseers of sensitive customer information.
Prevent Careless Clicking
Phishing and email links are one of the most popular ways fraudsters can hack into your company’s databases, said Jay Tenney, managing director at Trade Risk Group (Irving, TX). For example, if a buyer remits to a new bank or a change in address, the fraudster will easily collect the money through the information provided. “Many credit processes and payable procedures will always say to call to verify if any changes of address come through email or physical mail,” said Tenney. “We changed our remittance address around a year ago and were shocked at how few calls we got from customers about our change in address.”
However, some cybersecurity attacks can go undetected for up to three months. If the hacker wants to encrypt all information, they can lock down your entire network. This can impact production not only when you’re trying to clean it up, but also your capabilities to make any money, said John Senneff, director of IT at Marek Brothers Systems, LLC.
“You have to know how long your revenue stream has been out and the loss that has come with it,” Senneff added. “When you talk about the overall loss of a cyber event, it can be millions of dollars. And not being able to make payroll or money can be costly to the reputation of your company and possibly hinder future clients wanting to work with you.”
Companies also can hold basic training practices on what not to click on, red flags to avoid and what to do in the event an employee falls for a fraudulent link. But even with training, it is a matter of identifying and mitigating risk before it becomes a “production-affecting event,” Stenneff said. “If a bad apple data mines a company, they can stay undetected for years,” he added. “In these contracts, the question always is what is the extent of the damage that could be? Always be prepared for higher-risk scenarios.”
Read Contracts Thoroughly
When signing contracts with new customers, it is always important to read all the fine print. “If you see any language in the contract that looks remotely different than what you’ve seen in the past, go up the ladder and get another set of eyes on it,” said Tenney. “Whether you have in-house counsel or the CFO, get them to sign off on the contract as well.”
Impacts of Cyber Liability Provisions in Customer Contracts
Some contracts under cyber liability provisions can include language that holds your company responsible if your customer falls victim to fraud by someone else pretending to use your company’s name. “This provision is assigning risk and liability, but it can be misleading,” Steve Winn, corporate credit manager at Marek Brothers Systems, LLC (Houston, TX). “Even if we’re a solid company and doing everything right, fraud could still happen and could hurt for us.”
If a contract does include cyber liability indemnity provisions, your company could be responsible for financial damages from data breaches that originated from your system (through a phishing email link, for example). A data breach could cost millions of dollars, said Winn. “What we’re seeing is provisions that are in a broader form, with some that only apply if you’re integrating your system with another company’s system,” Winn added. “Secondarily, we have interest requirements that are requiring cyber liability coverage for between $1-$5 million and it’s becoming increasingly hard to obtain at a reasonable price.”
Cyber liability provisions can change frequently as it is a newer concept, Tenney said. “There is not enough case law out there yet to determine what exact provisions should be included in those contracts.”