sends a powerful signal to employees. Employee education about fraud awareness is one of the best ways to get started. Fraud barriers include: • Clearly defined fraud prevention roles and responsibilities for you and your employees • Separation of duties, checks and balances, and multi-factor authorizations for funds transfers • Secured computers with password protection, changed periodically • Restricted user account access to individual owners with no shared access • Web filters and controls that block clicks on potentially fraudulent links Check and wire fraud are the top two payment fraud threats for any business. Sixty-six percent of companies reported that check payments were subject to fraud, and 39% were victims of wire fraud attempts.1 Dealership payment volumes – both paper and electronic – make an attractive target for fraud. Implementing a few simple, inexpensive processes can protect your dealership. • Use positive pay services. You’ll be able to verify the authenticity of checks by looking over the issue date, check number, amount, and payee name to catch check fraud. • Protect check stock with dual authorization before use. • Authentication is further enforced through online banking platforms which require additional authentication for wire transfers through assigned user ID and password logins, requestor authentication, and dual approvals. Phishing and social engineering attacks scam employees into believing an email is from a reputable company or dealership employee. The recipient then reveals sensitive information, passwords, and credit card or account numbers. Phishing emails can appear to be from the dealership owner, ordering large sums to be wired to external accounts, which then vanish moments after the transfer. Phishing emails entice unsuspecting employees to download innocent looking files or click on malicious links and infect computers with spyware, viruses, or ransomware. “Phishing attacks are one of the most common and damaging ways for hackers to access your systems,” Mr. Nachbahr explains. “Your employees should be the frontline defense against attack – your ‘human firewall’. Ongoing employee training, education, and support allows them to recognize social engineering attacks and thwart costly episodes before they begin.” Preventative measures include: • Web filters and controls that restrict access to phishing links • Multi-factor authorizations for wire transactions • Limits on payment amounts that a single employee can authorize • Cloud backup for restoration following a malicious software attack • Intrusion detection software to identify suspicious network activity Synthetic identity fraud is another risk to dealers today. Imposters use fake information to create fictitious identities, combining stolen identity information to create new credit files. These new synthetic identities allow criminals to qualify for a loan to buy vehicles, putting dealerships at risk for losses. Background checks verifying customer identity offer the best protection. When cyber fraud does penetrate a dealership, speed is the key to mitigating its impact – the faster an attack in progress can be detected and stopped, the less its damage. Quick detection and speedy remediation deploys an entire set of technologies, processes, and expertise – including digital forensics, threat hunting, malware reverse engineering, and technical surveillance countermeasures – that most dealers don’t have. Mr. Nachbahr explains, “Dealers need a Security Operation Center (SOC) to monitor the network 24/7/365 looking for signs of malicious behavior. Tools like advanced endpoint threat protection and security information event management (SIEM) allow security professionals to sift through and correlate data and identify suspicious patterns Continued from page 23 wvcar.com 24 WVADA
RkJQdWJsaXNoZXIy ODQxMjUw