Risk is involved any time money changes hands. Accounts payable (AP) departments are constantly under attack from bad actors trying to trick them into sending money to fraudulent bank accounts. However, tight internal controls, ongoing training, and payment automation can all help reduce the risk.

Payment automation enhances AP and finance security. It’s expensive and time-consuming for companies to match the level of security and controls that a specialist firm can provide. Bad actors prey on vulnerable companies who do not have time to maintain rigorous risk mitigation programs.

Payment automation companies adopt well-established information security standards to invest in the development and maintenance of training programs, procedures, and automation tools. These programs and procedures are assessed by third-party audit firms to establish risk mitigation controls and regularly test their efficacy.

Reduce Likelihood, Minimize Impact

Vulnerability management aims to reduce the likelihood of a weakness being exploited. A variety of vulnerability discovery methods and tools are used to generate a consolidated, risk-ranked, and actionable remediation backlog. The risks of the vulnerabilities can be compared with the business opportunities backlog to determine the assignment and procurement of resources when considering whether to remediate vulnerabilities or enable revenue capability.

Threat hunting is actively monitoring for anomalies. Bad actors are frequently masterminding new ways to scam people out of money, so keeping up with them is crucial. It can be challenging to detect anomalies and accurately depict your organization’s threat landscape. An inventory of hunts must provide sufficient coverage across all potential attack vectors. Threat hunting algorithms must also adapt to new exploitation methods.

When a threat is detected, quick and effective incident response is critical to minimize the effect and prevent lateral movement. The following steps can help minimize the impact of a threat:

  1. Report the occurrence of the threat to a centralized incident response team. Hunt algorithms are ideally configured to send real-time notifications of anomalies indicating potential compromise. Employees are trained to identify anomalies and how to report them to an incident response team.
  2. Reported anomalies are triaged by an incident response manager and routed to the appropriate responder.
  3. An incident responder will determine root cause, identify containment procedures, and either identify a solution to prevent future exploits or report details to the vulnerability backlog.
  4. Centralized incident response enables a knowledgebase of automation playbooks to be leveraged when addressing future incidents.

Orchestrate, Don’t Operate

Software-as-a-Service (SaaS) has revolutionized how companies solve many common business problems. Gone are the days of large, up-front capital investments to fund server rooms, software packages, and expansive IT administration teams. With the advent of SaaS, problems and processes of specific domains are compartmentalized into specialized, complete solutions. Companies can compose and orchestrate any number of SaaS plans to automate operational aspects of the business, including payments. That allows them to stay focused on their core competency.

Security is typically a significant component of an SaaS plan. Providers are often incentivized to invest in security and compliance as a matter of differentiation from competitors and resilience to perpetual cyberattacks. Cybersecurity events are pervasively publicized. One mishap resulting in a breach of sensitive data can result in significant reputational damage, a loss of customers, and a loss of revenue.

If you’re making your own ACH bank payments, running a card program, or writing checks, you’re likely not using all the tools you have at your disposal to prevent fraud and mitigate risk. You can add tools, build up your security department, train your employees to watch for potential threats, or orchestrate payment automation to enabling you to stay focused on your mission.


Jeremiah Bennett

Jeremiah Bennett is the director of information security at Nvoicepay, a FLEETCOR company. He has worked on a variety of secure payment solutions including ACH, check, virtual payment card, and international payments. Additionally, Bennett has worked with third-party auditors to obtain compliance attestation reports for PCI, SOC 1, SOC 2, and SOX.

Impacts of Climate Change on Tropical Systems and Risk Mitigation
Severe weather is not a new phenomenon. The U.S. has a long history of dealing with extreme weather events such...
Cyber, Risk, Compliance: What’s in Store for 2022
The year 2021 heralded a record number of cyber breaches. According to the Identity Theft Resource Center (ITRC), the number...
Achieving Operational Resilience with an Integrated Business Management System
Learn how integrated business management systems can help promote operational resilience and facilitate greater visibility into mission-critical information Following the...
Operational Resilience: What’s in Store for 2023?
2022 was a year of ongoing and compound crises, as organizations were faced with a myriad of disruptions. From global...