Expert: Financial fraud starts with people, not technology
Most successful financial frauds do not originate from technical attacks but from exploiting people and business processes. An expert recommends that companies review three key areas: payment approval procedures, verification of partner payment details, and access controls to financial systems. One of the most effective safeguards is the two-person rule, which requires that no single individual can both initiate and approve a payment.
EconomyMost financial frauds begin not with complex hacking attacks, but in a much simpler way-by manipulating people and business processes. This is what domain expert Kraft emphasizes, according to whom effective protection requires technology, rules, and understanding of human nature to work hand in hand.
"Most successful financial frauds do not start with a technical attack, but with influencing people and business processes," Kraft explained. "To protect a company effectively, you must understand that technology, rules, and consideration of human nature must go hand in hand."
The biggest losses occur when controls are lacking
Significant financial damage typically does not result from a single mistake. More dangerous are situations where a company lacks clear control mechanisms and an employee must independently decide whether a payment request is trustworthy, whether a supplier's bank details have changed, or whether an urgent transfer really comes from management.
"Fraudsters are not only looking for a technical weakness in the system, but for a situation where a person must make a quick decision based on incomplete information," Kraft warned. While employee training can help reduce such risks, it is equally important to ensure that major decisions cannot be made by a single person.
Three areas every manager should review
The expert recommends company leaders thoroughly review three key areas: payment approval procedures, monitoring changes to partner payment details, and employee access to financial systems.
The two-person rule. The simplest and most effective control mechanism is a requirement that, from a certain amount onwards, every payment needs approval from two people. In practice, this can work in such a way that an accountant prepares a payment and a manager approves it, or vice versa. The key point is that the same individual cannot both initiate and finally authorize a payment at the same time.
Special attention should be paid to situations where a payment request arrives by email and seems urgent or confidential. The so-called CEO fraud, in which a fraudster impersonates a manager and requests a certain amount be transferred "discreetly and immediately," often succeeds precisely because employees are afraid to voice their doubts. A written rule that always requires a second person's approval for changes to payment details or urgent transfers removes this burdensome decision-making responsibility from the employee. If the rule is clearly in place, the employee does not need to assess whether to trust the sender of the message; it is sufficient to follow the established procedure.
Open in app →