Fraud has always been an important topic of conversation with our clients. These days, however, it feels more urgent than ever.   

Justin Boisvert, National Lead, Sales Strategy & Operations, BMO, recently moderated a webinar with two of BMO’s thought leaders on fraud prevention: Larry Zelvin, Head of BMO Financial Crimes Unit, and Rebecca Tascona, BMO’s Head of North American Treasury & Payment Solutions Product Management and Payments Modernization. They discussed the latest trends in fraud and shared best practices for protecting your business.  

Check out a Markets Plus podcast based on the webinar:  

Below are key highlights from the discussion.  

As Zelvin noted, the onslaught of fraud attempts we face every day is relentless. “The number of fraud attempts, according to some experts, are in the billions worldwide every single day,” he said. “It’s becoming easier because of artificial intelligence. The bar to enter the space has been lower, and you can do it at a far greater scale and with more credibility. So, it’s never been more important to understand what’s going on and how to best defend yourself.”  

AI-generated deepfakes, for example, have quickly become more sophisticated. At the beginning of the video call, Boisvert had all the participants wave their hands in front of their faces to verify that they were humans (an AI deepfake attempting to do so would display video artifacts or other noticeable effects).   

We’ve also seen an uptick in spoofing attempts against our clients in which fraudsters pretend to be their financial institution with the goal of collecting sensitive information or requesting a wire transfer. It’s crucial to understand that BMO will never contact you to ask for sensitive data such as passwords or bank account information.   

But many analog methods are still in play, including check and wire fraud. “If there’s a way to pay someone or access funds, someone is trying to take advantage of that,” Tascona said. “We see calls all over the board about those types of fraud from different clients.”   

Fraudsters are always updating their methods, and the technologies used to facilitate fraud are growing more sophisticated each day. Nonetheless, the following best practices can help mitigate your risk.   

Stop, call, verify. The desire for speed can help businesses be more efficient and better serve their customers. But as Tascona explained, it also makes you vulnerable to fraud, including business email compromise. “This is the area where companies need to remember that [employees] are their best first line of defense,” she said. Tascona broke it down into a few simple but effective steps.  

• 

  Slow down. While it’s natural if we’re busy to act on requests quickly, carefully read any payment requests you’ve received. Fraudsters try to create a false sense of urgency.  

• 

  Confirm that the email address matches that of messages you normally receive.   

• 

  Check the tone of the message. Is it more urgent than usual?   

• 

  Call back a trusted number to verify a request. Don’t use the number in the email. Make sure the instructions are actually coming from your client.  

Keep your digital security systems updated. Zelvin highlighted the importance of keeping your operating systems and apps updated. “If you are behind in updating the security aspects of your software, it’s making you more vulnerable,” he said.  

Get an independent cybersecurity checkup. Along with internal updates, Zelvin stressed the importance of having a reputable third party assess your security environment and look for areas to improve. “That’s beneficial for understanding whether the controls you have are adequate to meet your needs,” he said.   

Maintain close relationships with your bankers. Advances in AI deepfakes have made it more difficult to verify you’re communicating with the right person and not a fraudster. “You should have code words with your bankers, so if there is a deepfake voice or video, you have a code word that you can use,” Zelvin said. “But know that once you use that code word, you cannot use it again.”  

Use your bank’s fraud prevention tools. Now that real-time payments are a reality, payments are moving faster than ever. Tascona noted that BMO is investing in security and fraud controls to meet this moment, and that businesses should take advantage of these capabilities. “That includes making sure you have transaction limits set at the user or the account level, or using all the reports that are available so that you can monitor activity,” she said. “Make sure that you’re taking advantage of the controls that exist within your digital experience at your financial institution so that you’re protected as well as you could possibly be.”  

Don’t answer unknown calls. Those spam calls aren’t just annoying; they could be used as a weapon in the future. “It takes all of about two or three seconds for AI to capture your voice and then use it credibly as a deepfake for fraudsters to pretend to be you,” Zelvin said.   

Consistent training. “It’s not enough to train your employees one time on how to prevent fraud, particularly if they’re accountable for your payments,” Tascona said. “It’s imperative that it’s top of mind.” She recommends quarterly training sessions to help employees stay abreast of the latest threats. She also emphasized the need to include fraud prevention training as part of the onboarding process for new employees.   

Talk to your suppliers. Proper access controls are essential within your organization. But as Tascona pointed out, you should expect the same level of diligence from your suppliers. “Ask them the tough questions about the controls they have in place,” she said. “Because we’re an ecosystem, and when one part of the ecosystem is vulnerable, that means other areas could be as well.”  

While these best practices can mitigate your risk, Zelvin emphasized that there’s no such thing as perfect security. “Despite all your best efforts, you may still fail,” he said. “Organizations need to plan for the times that those failures occur.”  

If you have been compromised, call your financial institution immediately. “The sooner you report it, the sooner we can get on it and hopefully get it done,” Zelvin said. “In some cases, you may want to run an antivirus check on your devices to make sure there’s no malware stealing information from them.”  

Cyber insurance can also be part of your overall risk management strategy, but Zelvin stressed the importance of making sure you understand how cyber insurance works. “Know what you’re buying, make sure you understand the risks and the rewards, and then make your decision,” he said.   

This discussion underscored the rapidly changing fraud environment that we find ourselves in. The good news is that with the best practices shared in this discussion, you can better protect your organization against fraud. And, as always, awareness is your first and best line of defense.