Open a newspaper, turn on the TV, or click on a link, and you’ll see a number of headlines – seemingly every day – that highlight just how vulnerable our data can be and how hackers exploit business email compromises. and other scams to commit payment fraud.
These same companies can invest a lot of time and money in building firewalls and protecting other types of data.
“But when it comes to sharing bank account details – whether you’re sending payments or receiving payments – there’s not enough vulnerability awareness,” she said.
See also: nsKnox launches bank account certificate
To get an idea of how fraud can take place in the digital age, Farhi told the story of an attack that happened to an acquaintance just a few weeks ago. This individual, a controller of a well-known venture capital (VC) firm, received an email claiming to be from the CEO of another well-known company, providing bank details and requesting payment – a ruse that managed to siphon off 10 million euros (about $11.3 million) from the VC.
“I assure you it’s very difficult to get that money back once it’s gone,” Farhi said.
Too often we make the mistake of assuming that when we send information through the channels of banks and payment providers, those channels are secure. There are many ways to hack into these channels, Farhi said, which highlights the importance of verifying critical information at each end of a transaction.
After all, hackers can manipulate these details, directing payments to their own accounts before vanishing into the ether. One would assume that the bank receiving the payment would be able to flag a suspicious payment or that a provider might be able to have mechanisms in place to effectively catch fraudsters in the act, but this is not always the case.
“If we can have a secure way to transfer this sensitive information from one point to another and ensure that it is also verified – that it is the right supplier and the right customer, and that the bank details belong to them – well, that solves the problem,” she added.
It is essential to ensure that verification takes place before payments are made, that compliance, due diligence and know-your-customer (KYC) checks are carried out at this initial point of contact and that owners are who they claim to be.
See also: B2B security provider nsKnox obtains US patent
Farhi said bank account certificates (as issued by nsKnox) are an effective line of defense against hacks and a key way to validate these details. She explained that these certificates verify account ownership and banking details, ensuring that these details are encrypted and secure.
“We are the ones who go through the validation process and make sure the account is valid – that it belongs to the entity,” she said.
The certificate looks like a document issued on bank letterhead or a PDF file that is traditionally sent by email, she said.
Good encryption tools ensure that the details of a certificate can only be decrypted by the receiving party. The technology offered by nsKnox splits data into separate pieces in a range of databases, which in turn can only be pieced together by the back-end systems of the sending and receiving parties, Farhi said.
Such account verification will be an important technology and process to implement, as fraud will only become more complex.
At the same time, a growing number of businesses and industries will adopt bank account certificates as a secure way to share sensitive information – in a way she called “unhackable”.
“These details hold the keys to the companies most valuable assets,” Farhi told PYMNTS, adding that “there is no reason to share the details any other way.”