Community association management companies are under siege from high-tech con artists determined to rip them off. From phishing schemes and business email compromise attacks to account takeovers and vendor impersonation, fraudsters have become more brazen and sophisticated.
Mailbox keys purchased on the dark web or stolen from postal carriers have made it easy for bad actors to steal checks sent through the mail. Artificial intelligence and social engineering enable fraudsters to create convincing bank account change requests while malicious software hidden in email links or attachments can provide unfettered access to an organization’s finance systems.
Falling victim to payment fraud can have big financial consequences for a community association management company, ranging from lost funds, investigation and recovery expenses, and potential legal and regulatory penalties to operation disruptions. It’s no wonder that 5% of the typical company’s revenues are lost each year to payment fraud and errors, according to the Association of Certified Fraud Examiners. Payment fraud also can damage a community association management company’s reputation and brand image and weaken supplier trust.
There are steps you can take to mitigate your risk of cyberattacks and payment fraud:
1. Don’t skimp on employee education. Your finance team is your first line of defense against bad actors. Keep staff updated on the latest payment fraud schemes and how to spot them. Remind staff to be leery of links and attachments in emails. Ensure that staff follow your organization’s procedures for verifying bank account change requests. Train staff on the telltale signs that a bank account change request may be phony, including an offcenter logo, dates that are not in U.S. format, and inconsistent grammar and punctuation.
2. Leverage automation. User access permissions, systematic invoice approval workflows, complete audit logging, data encryption, advanced data encryption, and other controls built into modern invoice-to-pay platforms mitigate the risk of payment fraud. Real-time reconciliation of invoices with enterprise systems helps identify issues faster, reducing losses.
3. Pay suppliers with virtual cards. Virtual cards are the most secure way to pay suppliers. Unlike physical cards, virtual cards cannot be misplaced. A unique number is generated for each card, and they are vendor specific. Virtual cards offer configurable time and spending limits. They can only be used once, and their data is encrypted.
The risk of payment fraud is high. But these strategies can mitigate your risk of financial losses.
Join CAI’s online community for access to the industry’s most in-demand community association resources.
Thousands of your peers are sharing advice.
Sean Madigan is a senior director at Edenred Pay, a leading provider of invoice-to-pay solutions to PMCs. Edenred Pay’s platform enables Community Association Management Companies to automate, optimize, and monetize the entire invoice-to-pay cycle – from invoice receipt through payment reconciliation. Sean has contributed to presentations at several CAI conferences and served on CAI Arizona’s board for three years.