Security in payment transactions: making processes and technology secure
Further development of attack patterns as a challenge
13.11.2024 in Zurich
Special knowledge
1 day
EUR 1.750,- plus VAT.
Content
Payment security is a topic that is constantly evolving and has thus become one of the biggest challenges in corporate treasury. Companies are challenged to protect themselves against increasingly sophisticated attacks - media reports on spectacular attacks confirm that it pays for fraudsters to invest criminal energy in further developing the attacks.
Since we are constantly confronted with new fraud cases in our consulting projects, we always have an up-to-date overview of the latest attack patterns. Together with our long-standing IT security partner, Hackner Security Intelligence, we present these and present the best practices on processes and technology in payment transactions.
Main topics
Basics
- What are the tasks of the cash manager in the company?
- What are the minimum standards to be taken into account in the organizational structure & process organization?
- What are the differences in the accounting or treasury perspective? Which business management approaches do you need to understand?
- What are the requirements vis-à-vis banks?
- What are the current trends in cash management for large and small companies?
"Recognizing "social engineering
- "Phishing attacks" as the starting point of most attacks
- "Vishing" and "SMSishing" easier than ever before
- "Deepfakes" can eyes and ears be trusted?
- "Business Email Compromise" Becomes More Sophisticated
Understanding attack patterns
- "CEO Fraud" and its innumerable further developments
- "Payment diversion" when payment channels change
- "Fake invoice" when the wrong supplier comes forward
Consider technical aspects
- Mapping of separation of functions and dual control principle
- Dealing with administrator rights
- Securing the communication paths between systems
- Tamper-proof transmission of payment files
Close security gaps
- Avoidance of critical overlaps in tasks and rights
- Valid master data as the basis for secure processing
- Manual payments as a "necessary evil
- Special features of personnel payments
- Four-eyes principle and two-way validation - a must or additional effort?
Group of participants
Managers and employees from the finance and treasury departments who are involved in or responsible for the processing of payment transactions and are interested in increasing security.
Targets
After a presentation of the most important attack patterns, the payment transaction process is analyzed in terms of content and technology with regard to critical points and best practices are defined. Finally, participants take part in a demonstration of a practical attack and gain insight into the darknet.