MAP Insights

A 2023 study by the credit information company TransUnion reported that 8.3% of all digital transactions by consumers in the Philippines were possibly fraudulent. The Philippines also exceeded the global averages for suspected digital fraud rate in different sectors, especially in retail. And it’s not just consumers who are affected. A 2022 report by the US-based Association of Certified Fraud Examiners (ACFE) estimates that companies worldwide lose about 5% of their revenue to fraud every year. Even worse, smaller businesses are more vulnerable due to limited resources and less robust security measures.

E-commerce and digital payments may have revolutionized the way businesses operate, but the opportunities for growth and expansion also come with significant risks. With scams becoming increasingly sophisticated, businesses — especially those dealing in e-commerce and online transactions on a daily basis — must be proactive when it comes to combating scams. Here are five actionable strategies that businesses of any size can immediately implement to prevent company losses.

1. Educate and train employees regularly

According to a 2023 study by Stanford University and Tessian, one in four employees reported falling for a phishing scam at work in the last 12 months — highlighting that the biggest vulnerability to your organization is not your IT equipment or firewall, but your employees themselves.

Ensuring that all employees are well-versed in recognizing potential threats goes a long way in preventing scams. Conduct regular training sessions to keep staff updated on scam tactics and cybersecurity best practices. Highlight that the biggest risk in the organization comes from employees being tricked into sharing sensitive company information, such as passwords and credit card numbers. Implement e-mail, call, and SMS behavior protocols to help employees recognize suspicious links, spoofing attacks, and phishing attempts. Encourage employees to share and report a discovered scam, as scammers usually target several people in one organization. More importantly, implement a data protection policy that addresses both internal and external threats to company data.

2. Implement strong password policies

A robust password policy is a fundamental aspect of cybersecurity. If an employee can easily dictate a password or PIN over the phone, that means it is too weak and prone to being exploited.

Business owners should enforce the use of complex passwords — 12 to 16 characters — that use a random mix of letters, numbers, and special characters. Remind employees to change their passwords regularly, and discourage them from using the same password across multiple accounts. A password manager like 1Password or Bitwarden can help employees generate, save, and input passwords across multiple websites and apps. In a pinch, Google also has a password manager that securely saves website passwords to your Google account.

Another layer of security that should be implemented is two-factor authentication (2FA), which requires employees to provide two forms of identification before accessing sensitive information — their password plus a one-time password (OTP), an authentication on another owned device, or an authenticator app. This will make it more difficult for attackers to gain unauthorized access to e-mails and company tools.

3. Keep your security software updated

Antivirus and internet security software is essential for protecting employee tools against spam, ransomware, malware, and other cyberthreats. Most come in a bundle that protects both desktop and mobile devices. Regularly updating this software is also crucial — enable automatic updates to ensure that your security measures are always up to date.

For organizations that cannot afford a full antivirus security suite, even free tools like Bitdefender Antivirus Free and Google Messages can protect employees from common malware and phishing attacks. Bitdefender offers on-demand malware scans and blocking of malicious URLs, while Google Messages automatically screens incoming spam and phishing texts on Android phones.

To ensure that your business is always protected and prepared for unforeseen expenses, consider opening a credit line, which can provide the financial flexibility needed to invest in comprehensive cybersecurity solutions and other essential resources to keep your business safe.

4. Verify Receipt of Goods and Services

Implementing a procedure to verify the receipt of goods and services before approving invoices can prevent fraudulent transactions. Ensure that all deliveries are checked and confirmed by the relevant department, and that any discrepancies are reported immediately. This step is crucial to ensure that the business pays only for what it has received.

Limiting payment approvals to one person or to a small accounting team can also reduce chances of fraud, as well as having a clear approval process. In addition, train accounting and finance teams to verify the identity of the vendor using their known contact numbers. Even when the vendor or the transaction is familiar, some scammers can simply duplicate an invoice and change the payment details to their account prior to sending.

5. Develop a response plan to online scams and data breaches

Despite the best preventive measures, it’s essential to have a response plan in place in case an online scam or security breach occurs. This plan should outline the steps to be taken immediately after a breach is detected, including how to contain the breach, assess the damage, shut down compromised tools and programs, and notify affected parties.

A well-defined response plan can minimize the impact of a breach and facilitate a quicker recovery. This plan should also include communication protocols to inform customers, stakeholders, and regulatory bodies, as well as steps to prevent future incidents.

RECOGNIZING COMMON SCAMS
In addition to these strategies, business owners must keep themselves updated on common scams that target e-commerce businesses. Some prevalent scams include:

• E-mail phishing: These are fraudulent e-mails that appear to be from legitimate sources, with the intent to steal sensitive information using a phishing link or attachment.

• Fake Invoices: Scammers pose as suppliers and send fake invoices to businesses, hoping that the internal accounting department will pay without verifying their legitimacy.

• Payment scams: Scammers order products and services and then request a refund or chargeback upon receiving their order.

• Fake account scams: Scammers pose as a legitimate company’s social media account to trick consumers into paying for non-existent products or services.

• Security breach scam: Posing as a bank or digital wallet representative, scammers call to inform you that your account has been compromised, in order to extract sensitive information.

In the e-Commerce Age, online scams pose a significant threat to businesses of all sizes. However, by taking proactive steps to educate employees and implement basic cybersecurity practices, business owners can significantly reduce their risk. Recognizing common scams and practicing basic cybersecurity measures are also crucial in safeguarding company assets and ensuring long-term success. By staying informed and vigilant, business owners can combat online scams and protect their organizations from cyberthreats.

---

(This article reflects the personal opinion of the author and does not reflect the official stand of the Management Association of the Philippines or MAP.)

Benedict S. Carandang is a member of the MAP ICT Committee and the vice-president for External Relations of First Circle. This article was co-written with Jess Jacutan, content marketing consultant for First Circle, an SEC-registered financial technology company that has been empowering SMEs through funding and free growth tools since 2016.

map@map.org.ph

benedict@firstcircle.ph