With the explosion in BtoB fraud and the professionalization of the techniques used by fraudsters, time-consuming manual controls have become ineffective. As risk management professionals, more and more of you are now opting to automate control processes, in order to detect fraud risks preventively, and thus limit any financial and reputational impact on your organizations.
An exponential increase in BtoB fraud
BtoB fraud now affects the vast majority of companies without distinction: in 2022, almost 69% of companies suffered at least one fraud attempt. Of these, 57% were successful. (Allianz Trade/DFCG Fraud Barometer 2022).
With the digitization of processes opening up a "loophole" for fraudsters, large companies are more vulnerable to this threat. According to the Allianz Trade/DFCG study, in 2022, 91% of companies with sales of over โฌ100 million were victims of at least one fraud attempt.
While the number of frauds is increasing significantly, the techniques used are becoming ever more complex and sophisticated. Identity theft, which consists in using the personal data of a third party with whom you have a relationship in order to obtain a bank transfer, remains the technique of choice for fraudsters. It can take many forms: fake supplier fraud, fake customer fraud, president fraud or phishing are among the best-known methods.
Fighting fraud: a key factor in managing your credit risk
Faced with this growing threat, fraud detection is a major focus for Finance Departments in their credit risk management policy.
Indeed, while fraud can have serious financial repercussions, with a deterioration in cash flow (financial losses exceed 50 Kโฌ for more than 50% of frauds in 2022), the reputational impact (28% of companies are ready to suspend a collaboration if a partner or service provider is a victim of fraud), or the operational implications must also be taken into account.
So, having a global vision of your third parties, and implementing effective fraud risk control processes, is a central issue shared by a large majority of companies today: 46% of General Managers plan to equip themselves with a dedicated anti-fraud solution by 2023 (Trustpair/OpinionWay/SAP survey).
And because the risk doesn't stop when you enter into a relationship with your third party, IBAN verification should be carried out at 4 key points in the business relationship: when you make your data repository more reliable, when you enter into a relationship with your third party, when you change your IBAN and before making a payment.
Risk on both the supplier and customer side
While IBAN fraud can occur at various stages of a business relationship, it can affect both customer and supplier processes, and take a variety of forms.
For example, a "fake customer" fraud may involve identity theft from the moment you enter into a relationship. The fraudster presents himself as a "new" customer, and provides you with fraudulent documents when creating his account. But the RIB transmitted does not belong to the company indicated, or is attached to a closed account. The RIB verification process can take a long time, even though you want to provide this new customer with a smooth, fast experience. The result: delivery is made before the RIB has been verified, but you receive no payment from the "fraudster".
The techniques used on the supplier side are no exception. For example, you fall victim to a cyber-attack that paralyzes your production facilities. Once the system has been restored, you rush to pay your suppliers to avoid any delays. In your haste, you don't take the time to check your supplier IBAN repository... But the fraudsters have taken advantage of the attack to modify the suppliers' bank details in your ERP. By then, it's too late: you've suffered financial losses of up to several million euros.
The need for process automation
Efficient control methods now require process automation.
Today, almost 35% of companies still carry out manual RIB checks (Trustpair/OpinionWay/SAP survey), which are often time-consuming and often prove inadequate in the face of increasingly sophisticated fraud techniques. This trend clearly illustrates the imbalance between fraud methods and the measures implemented by companies to combat them.
It has become essential to verify information at source, rather than relying on contacts who can easily be the object of identity theft (by telephone, email or even videoconference). In this case, you need to check directly within the information system of the third party's bank that the IBAN you have received is indeed linked to the third party's SIREN.
Process automation is also a way of boosting team productivity: in 80% of cases, it takes an average of 30 minutes to check a RIB manually. However, your teams will not be able toabsorb the 54% increase in fraud attempts with time-consuming manual checks. Automating these checks is therefore essential to improve the efficiency of your teams, and maintain an optimal customer experience.
Ellisphere's solution: automatic verification of your third parties' IBANs
Automatic IBAN verification
Via the Ellipro Risk Management platform or via API, automatically check whether the bank account associated with the IBAN you have corresponds to the account of your third party, and whether this account is active.