Friday, July 1, 2022
Account
Write for us
USA Wire
  • News
    • Politics
    • Sports
    • World
  • Business
    • Entrepreneurship
    • Finance
    • Marketing
  • Culture
    • Lifestyle
    • Celebrity
    • Travel
  • Entertainment
    • Gaming
  • Sports
  • Health
    • Food
    • Fitness
  • Crypto
No Result
View All Result
  • News
    • Politics
    • Sports
    • World
  • Business
    • Entrepreneurship
    • Finance
    • Marketing
  • Culture
    • Lifestyle
    • Celebrity
    • Travel
  • Entertainment
    • Gaming
  • Sports
  • Health
    • Food
    • Fitness
  • Crypto
No Result
View All Result
USA Wire
No Result
View All Result
Home Technology

How to defend your company on the new frontier of payment fraud

USA Wire Staff<span class='bp-verified-badge'></span> by USA Wire Staff
June 2, 2022
in Technology
Reading Time: 5 mins read
How to defend your company on the new frontier of payment fraud
8
SHARES
60
VIEWS
Share on FacebookShare on Twitter

The remote work era brought on by the COVID-19 pandemic has made it even easier for criminals to execute payment fraud attacks. For most companies, it’s become a matter of when they’ll face a fraud attack–not if.

New defenses are needed because the nature of cybercrime is changing. For many years, bad actors focused on software-based attacks such as ransomware. Vendors hadn’t quite caught up to developing code secure enough to operate in the hostile environment that we know is the internet today. 

Now vendors have hardened their systems to the point where it’s inefficient for a bad actor to carry out an attack using technology alone. In the last year or two, we’ve seen a shift to schemes that use technology but ultimately rely on strategies that exploit human weakness. This is the new frontier in the battle against payment fraud.

RecommendedReads

The Hacker’s Best Friend: Your Fear of Looking Stupid

iDenfy launches a new Business Verification platform

Developing innovative and transformative cell-based technologies

Sophisticated attacks

Any effective security effort relies on technology, process, and people. Technical security efforts such as securing hardware, software, and laptops are still important. The ability to gain unfettered access at the hardware or software level allows a bad actor to do literally anything. Organizations need to double down on educating and training people throughout the organization to recognize, report, and respond to suspicious activity. fraud

The problem is that many organizations are still focusing on technology as the mainline of defense. Criminals are capitalizing on the fact that they aren’t addressing the whole picture. Add the chaos and confusion of the pandemic, and over the past 24 months, we’ve begun to see some pretty sophisticated cyberattacks emerge. 

We saw a lot of phishing around work from home, and again around returning to the office. There was so much uncertainty, and people were so hungry for information, they’d click on anything that appeared to offer it. The bad actors were quick to capitalize, and they’ve been very nimble in customizing their attacks. 

Here’s a great example: For a long time, Microsoft was the most commonly spoofed email used in phishing attacks. A typical attack might be a fake email from a bad actor saying you needed to update your password or act now because you’re running out of mailbox or drive space. Now, DHL Delivery Service has surpassed Microsoft as the most commonly spoofed email because deliveries have become much more prominent in our personal and professional lives.  fraud

Deep reconnaissance

Bad actors have also become very good at business email compromise (BEC), a key method of payment fraud. BECs are often very well designed and thought out. The bad actor will research an organization, its vendors, and its processes. It’s actually a very deep reconnaissance effort. fraud

They use the intelligence they’ve gathered to pose as a vendor sending an email request to change bank account information to one of their own accounts. These emails might be constructed as long threads that contain names and information simulating the documentation of the real process. Sometimes they actually compromise the organization and take control of the email of someone in AP or finance and launch the attack from there. Or, they just spoof it from another mail server. 

In either case, there’s no technology that’s going to effectively stop that attack. That’s why information security today is a counterintelligence function. You have to be aware of information that’s out there, and all the ways in which bad actors might use it. And you have to communicate that to the entire organization. fraud

Continuous threat briefings

Corpay handles this with continuous operational threat briefings. We take real-world attempted attacks that have been detected and blocked, by our organization or other organizations, and dissect them with our entire company. That helps people understand how attacks are happening and what they look like. fraud

We also work very closely with business leaders to understand their processes and where there might be vulnerabilities. Working together, we can come up with very effective and secure processes. fraud

Beyond “castle and moat”

IT has historically built what we call a “castle and moat”, or “eggshell”, defense. With this defense strategy, there’s a well-developed, hardened exterior. Enterprises are realizing the shortcomings of that type of architecture in this day and age. Data breaches are still a constant threat, but criminals now rely more on people-centered tactics like weaponizing email. If they can use that to make it past the hard shell, things get kind of squishy. fraud

The most effective way to protect against what’s coming is to address the human element. Security is always dynamic because criminals are endlessly creative. They attack, and we defend. They study our defenses and find new ways to attack. fraud

The ultimate defense is creating an organization-wide security mindset. It’s a culture. It’s a way of thinking that has to be fostered. It’s easier to do than you might think. fraud

You need to develop a programmatic approach, but it’s not that hard to get people to engage. What we find is that people are very interested in learning because they or someone they know has experienced a cyberattack in their personal lives. It’s not something that’s abstract, or exclusively work-related. Unfortunately, it’s all too relevant.Tony Carothers is the Security Systems Engineer at Corpay, a FLEETCOR company. He has over thirty years of experience in information security, working in both the public and private sectors. fraud

By Tony Carothers

Tags: companycriminalcyber attackFraudpaymentRemote work
Share3Tweet2Share1
Previous Post

Thematic Announces Partnership with LANDR Audio

Next Post

A new high-flying fine dining experience in the world of luxury

USA Wire Staff<span class='bp-verified-badge'></span>

USA Wire Staff

USA Wire is a millennial-focused news publication that provides content in a way that relates to the modern world. USA Wire strives to provide unbiased and accurate coverage of current events, highlighting both the good and bad.

Related Posts

edit post
The Hacker’s Best Friend: Your Fear of Looking Stupid
Technology

The Hacker’s Best Friend: Your Fear of Looking Stupid

June 29, 2022
edit post
iDenfy launches a new Business Verification platform
Technology

iDenfy launches a new Business Verification platform

June 29, 2022
edit post
Developing innovative and transformative cell-based technologies
Technology

Developing innovative and transformative cell-based technologies

June 17, 2022
Next Post
edit post
A new high-flying fine dining experience in the world of luxury

A new high-flying fine dining experience in the world of luxury

edit post
With Travel Back & Summer Here, Staying Healthy is Vital

With Travel Back & Summer Here, Staying Healthy is Vital

edit post
Neil Patrick Harris Sets Harlem Record & Living On Mountain Edge In Colorado

Neil Patrick Harris Sets Harlem Record & Living On Mountain Edge In Colorado

Discussion about this post

Follow us

Recommended

edit post
How to Deal With Haters While Building Your Brand

How to Deal With Haters While Building Your Brand

3 months ago
edit post
Adele’s New Video Home Site Near Montréal

Adele’s New Video Home Site Near Montréal

6 months ago
edit post
Lil Baby, Rick Ross, DaBaby and More Set to Take Over Drai’s Beachclub

Lil Baby, Rick Ross, DaBaby and More Set to Take Over Drai’s Beachclub

2 months ago
edit post
Five S.T.E.P.S. a Day Author Dr. Len Lopez Shares Helpful Insights for Entrepreneurs

Five S.T.E.P.S. a Day Author Dr. Len Lopez Shares Helpful Insights for Entrepreneurs

2 months ago

Categories

  • Business
  • Celebrity
  • Construction
  • Crypto
  • Culture
  • Electrical
  • Entertainment
  • Entrepreneurship
  • Finance
  • Fitness
  • Food
  • Gaming
  • Health
  • Home Improvement
  • Lifestyle
  • Marketing
  • Movies
  • Music
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Travel
  • Uncategorized
  • World

Topics

2018 FIFA World Cup (9) 2018 League (12) 2022 (6) America (9) Asian Games 2018 (17) Balinese Culture (10) Bali United (9) beach (6) book (8) Budget Travel (17) Business (14) celebrity (14) Chopper Bike (11) dadsrc (6) Entrepreneur (8) family (7) fitness (8) food (8) fun (8) future (6) Health (25) holiday (7) home (14) impact (7) Istana Negara (17) life (7) Market Stories (22) money (6) museum (7) music (11) National Exam (13) New (6) nightclub (8) pandemic (11) partnership (8) Paws of War (12) performance (8) podcast (11) rescue (7) Russia (7) summer (9) tips (10) Ukraine (7) Visit Bali (16) WonderWorks (15)
USA Wire

© 2021 USA Wire

Navigate Site

  • Write For Us
  • Contact
  • My Account

Follow Us

No Result
View All Result
  • Thought Leader Council
  • Politics
  • News
  • Business
  • Culture
  • Sports
  • Lifestyle
  • Travel

© 2021 USA Wire

Go to mobile version