How to Develop a Third-Party Payment Risk Mitigation Plan | Axos Bank

Not Just Another Zero


facebook sharing button
twitter sharing button
linkedin sharing button
pinterest sharing button
sharethis sharing button
Business owners reviewing their Third-Party Payment Risk Mitigation Plan

“Zero” gets a bad rap.

Often, it describes the quality of nothing, having nada, or knowing zilch. For a fraudster, however, the more zeros the better. Just one forged zero can change $1,000.00 into $10,000.00! Each time a business’s payments process is compromised, it increases the risk of revenue and reputational loss by tenfold. Businesses that continually educate their accounting team about payables risks are better positioned than most to preserve their assets – so long as awareness is accompanied by actionable, preventative solutions.

At Axos Bank, we collaborate with our clients to complete their Third-Party Payment (TPP) Risk Mitigation Plan by providing a set of airtight Treasury Management products and services that are specific to their needs. The security of our clients’ operating funds is a top priority throughout every stage of the cash flow cycle. Below, we discuss the prevalence of payment fraud, identify inherent and unique risks, and review how to develop an effective TPP Risk Mitigation Plan with the support of a sound banking partner.

Payment Fraud Is Everywhere

Most businesses engage in some sort of B2B payment transactions during daily operations. They can be as small as your receptionist signing the invoice once the water cooler has been restocked. Or, they can be as large as a U.S. manufacturer sending a scheduled ACH payment to suppliers overseas. These transactions can be recurring or one-off, but both create a prime “con time” environment for internal and external fraudsters. Fraudsters are creative and look for multiple entry points into a company. Payments made via bill pay platforms, checks, wires, or ACH are all susceptible to fraud attempts.

In their 2016 report, The Association of Certified Fraud Examiners noted that the median loss for U.S. businesses who fell victim to payment fraud was a whopping $120,000.00 – no small sum for any business. It makes no difference whether the fraud resulted from employees’ ignorance of an outside scheme or their conscious participation, fraud can have devastating consequences.

Financial ramifications are just one of many dangers. If news of payment fraud is made public, reputational damage can be irreversible. Furthermore, an industry regulation fine often occurs when stakeholders’ funds or personally identifiable information has been jeopardized during the course of the scheme.

Simply plug “Evaldas Rimasauskas” into a search engine and you will find details on how this accounts payable (AP) fraudster used a variety of tampering methods (including ) to manipulate both Google and Facebook into fulfilling requests for payment. According to the U.S. Department of Justice, the result was more than $100 million in fraudulently acquired funds that filtered into offshore accounts controlled by Rimasauskas. He is now serving a short five-year prison sentence, while his victims are left with a big, bold question mark as to how two tech-giants got duped. These two companies’ failures are indefinitely punctuated by the court of public opinion.

Developing Your Airtight TPP Risk Mitigation Plan

Without a foolproof TPP Risk Mitigation Plan and additional levels of security from your bank, your company is just as vulnerable. You must train all employees to vigilantly question each type of AP transaction request that comes across their desk. Employees should even be skeptical of seemingly legitimate transactions from known vendors – they must always get another set of qualified eyes to ensure nothing is being overlooked. Furthermore, be sure to set approval authority levels that include dollar amount and volume thresholds as well as a standard minimum signoff of two senior-level associates. It never hurts to place a quick phone call to the vendor to request payment via a separate method that’s stored on file (instead of the method included on the emailed or mailed invoice). For wire and ACH payment requests, call the receiving financial institution to verify that the payee’s provided information is consistent with their bank records and your notarized vendor contract.

Axos Bank can mandate many TPP Risk Mitigation Plan components through – our digital banking platform. For example, we can designate which users are authorized to conduct certain transactions and require more than one review of the payment before it is released. Via our Positive Pay feature, we can also delay clearing issued checks until they are reconciled against uploaded check images. Additionally, all Direct Link Online access is housed within a dedicated web-based browser where each sign-on must pass an integrity check and generates an encrypted security tunnel. If any unrecognizable cyber activity is detected, the session – and any transaction in process – will automatically terminate.

Protect Your Business – Work with Axos Bank

Knowing what you know now, will you let your business become another zero on the metaphorical balance sheet? Or will you tip the scales in your favor by implementing a solid TPP Risk Mitigation Plan and partner with Axos Bank to become an AP hero?

Reach out to our team to learn more by emailing [email protected] or calling 833-307-1542.

Related Articles

View All

Not Just Another Zero