Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here
What We Do
Since 1989, Bottomline has been modernizing global business payments with connected solutions for more than 800,000 financial institutions and businesses in 92 countries.
AP Automation AP Automation For Real Estate Payments Hub
Payouts Automation Payments Processing Receivables Automation Payments Hub
Paymode Pay Vendors Receive Payments Partner With Us
Connectivity Services Message Transformation & Enrichment Message Vault Risk Solutions
Connectivity Services Message Transformation & Enrichment Message Vault Payments Verification Payments Verification for Businesses
Global Cash Management Hub Digital Banking
Global Cash Management Hub
Who We Serve
Our Company
By Owen McDonald, Editor, Bottomline
Fraud experts worldwide acknowledge that social engineering is now a precursor to, if not a key culprit in, B2B swindles, from checks to account takeover (ATO) to eerie deepfakes.
For example, phishing is being labeled a top cybersecurity threat to businesses in 2024, leading more identity management teams to roll out phishing-resistant Multi-Factor Authentication (MFA). Though a step in the right direction, it’s also just the latest chess move in the increasingly complex and high-stakes business payments fraud fight.
A prime reason phishing is so dangerous is that professional fraudsters, chosen for their first qualified, then amiable, then ‘new bestie’ phone/email/chat persona, can talk the birds out of the trees. They regularly trick businesses into handing over banking credentials, allowing them to create and send fraudulent payments.
Account Takeover, or “ATO”, is a pernicious form of cybercrime linked to phishing.
Bad actors gain access to sensitive account data in various ways, from business email compromise (BEC) to ever-more convincing fake websites and apps, and even by making friends with insiders and taking advantage of their good nature. Or bad. You see both.
“Social engineering applies to both retail and commercial, and it's used in both environments to commit scams,” said Eric Choltus, Product Director, Bottomline. “In B2B, we've seen a recent surge in these types of scams, to the point where Datos Insights, one of the largest analytics firms in the space, coined the term ‘scampocalypse.’”
That’s a bad sign. But scampocalypse can be stopped (no capes required).
Choltus explained that social engineering “is one of the ways [bad actors are] collecting information with which to commit fraud,” whether it’s used immediately, patiently over time in some form of drawn-out con setup, or sold on the dark web later that night.
A way to lower the incidence of fraud attempts is to train staff to handle not just financial information, but any Personally Identifiable Information (PII) that fraudsters can use to create a profile. They will “work” these files assiduously until they find a weak spot.
That’s why humans and AP automation alike scan thousands (or tens of thousands) of accounts—but at vastly different levels of speed and accuracy—looking for odd updates to contact information for known beneficiaries, changes to account number information of known beneficiaries, and similar activity. All are red flags. But they can be legitimate, too.
Using sophisticated commercial-grade fraud monitoring tools combined with a highly secure B2B payments hub or network is one of the best ways for banks and corporations to lower fraud rates. A little training goes a long way here because as much as fraud changes, it stays the same.
“Communicating to teams regularly, such as ‘this is what a phishing attempt might look like. Do not click on or engage with things like this’ is important,” Choltus said. “Education is key to preventing fraud. By helping people understand it.”
Setting policy is step two in this process, he added. That must include having MFA and dual approvals in place to begin with. A policy for verifying changes to payee bank accounts is also essential. Neither is foolproof, but layers of security can dissuade even motivated fraudsters. Until there is unbeatable fraud prevention, layers of security are the best defense against robo crime and cyberfraud.
Sizing up the 2025 fraud landscape, Choltus thinks the US will continue to watch the Eurozone for inspiration. And the UK is also putting a raft of new financial regulations in place.
Banks and businesses in most regions are under strict pressure to safeguard financial data in transit and at rest. That means new systems are needed with advanced capabilities like deconstructing a transaction, and systems that even record entire sessions, making fraud all but impossible to get away with.
“By connecting a mildly suspicious payment preceded by other suspicious activity in the session or the login, it's extremely powerful to link these signals and say we're stopping this million-dollar payment to analyze it because it's very suspicious.”
That's the dream: sophisticated fraud monitoring platforms freeing up human specialists to do more analytical work. Fraudsters are now fighting AI with AI and getting good results. With large B2B payments, pairing fraud detection layers, including AI, with an expert human analyst is powerful. Choltus said it might be the best way to become impenetrable.
