Attack fraud through training.

My receipt of a fraudulent email last week reinforced a topic I will be covering during the June 15 P-Card Program Risk Analysis virtual workshop. I’m referring to information security and the need to train employees, so they can be more vigilant. Following are topics to address within Commercial Card training, as well as broader training aimed at all employees. A third category not addressed here further, but equally important, is training designed for accounts payable staff on the growing problem of business email compromise (BEC). Refer to the 2015 public service announcement by the Federal Bureau of Investigation for BEC information and guidance.  

Commercial Cards

Do you include the elements below within your card program training and the procedures manual? Because cardholders are gatekeepers for protecting your organization against external fraud, they need to know how to:

  • identify a secure website before entering payment details
  • differentiate between legitimate communications from the card issuer versus fraudulent ones
  • properly dispose of documentation containing card account information

For managers, providing training on common red flag behaviors might help them more quickly spot any internal card misuse and abuse by cardholders. 

Broader Information Security

Does your organization require annual training on the following? This list is just the tip of the iceberg. 

  • How to create strong passwords
  • What employees can divulge about the organization to non-employees
  • Where/how to store, and dispose of, sensitive documentation
  • Asset protection standards to combat physical theft and loss
  • How to identify fraudulent emails and phone calls, what to do (and not do), and who to contact in these situations

The fast-paced nature of our jobs can work against us. In my haste, I almost fell for the fraud referenced in the introduction above. It claimed to be from FedEx (see image below) and, since I recently placed various online orders, this message caught my attention. I saw it on my mobile device, so I did not see the sender name behind it until opening the email. Fortunately, I paused long enough to recognize the fraud and delete it. 

Sample of a fraudulent email

Sample of a fraudulent email

As Verizon’s 2016 Data Breach Investigations Report (DBIR) describes, the basic structure of phishing attacks remains the same—user clicks, malware drops, foothold is gained. Their report notes:

  • In this year’s dataset, 30% of phishing messages were opened by the target across all campaigns.
  • About 12% went on to click the malicious attachment or link and thus enabled the attack to succeed.

Overall, the Verizon research reveals we have much work to do to combat breaches.

About the P-Card Risk Analysis Virtual Workshop

When was the last time you conducted a risk analysis (also called risk assessment) of your Purchasing Card program? I will be delivering the three-hour workshop on June 15, hosted by AP Now, to guide participants through a risk analysis process from start to finish. For more information and registration, please visit the AP Now website.

Recommended Resources

If you want to dive deeper into the vast world of fraud, I find value in these two reports, which are published annually:

  1. 2016 ACFE Report to the Nations on Occupational Fraud and Abuse – The report “provides an analysis of 2,410 cases of occupational fraud that occurred in 114 countries throughout the world.” Red flag behaviors are among the many topics.

  2. Verizon’s 2016 Data Breach Investigations Report (DBIR) – According to their website, this report “lifts the lid on what’s really happening in cybersecurity.”

Finally, see also additional content on this website pertaining to training and controls.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Subscribe

Bring more focus to your next RFP.

In the life of every Commercial Card program, there will be a time—likely multiple times—when a request for proposal (RFP) process is required or desired. If you have already participated in such a project, then you probably have a list of lessons learned that will benefit future RFPs. Conducting a good RFP process helps establish a good end-user/provider relationship and, ultimately, a successful card program. Before you embark on another RFP project, consider the below tips from industry experts. 

The following content originates from sessions at the 17th Annual NAPCP Commercial Card and Payment Conference.

Preparing the RFP

Tips from the joint session by PayTech Commercial AS and Mastercard

  1. Do not reuse the same RFP as what you used before, especially if you are not happy with the current program/provider.

  2. Identify what matters most and pare down your RFP accordingly. Out of all the possible data points you can include, which ones are most important to your business case and future goals? I could not agree more. I think there is a tendency to ask too many things that do not impact the decision. The opposite problem is not asking key questions, such as ones pertaining to customer service.

  3. Evaluate your RFP for clarity. Unclear questions can result in bidding providers including more information than what is necessary, causing more review work for you and the project team.

  4. Save contract terms for the negotiation stage. When your RFP includes contract terms to which the provider must agree in order to submit a proposal, it will require them to obtain legal review first. This increases the time they need before responding and it could mean they cannot respond at all if your timeline is too tight.

  5. Provide details about your current card program(s), including as many metrics as possible. See examples...

Evaluating the Responses

Preparing a good RFP is just the beginning. Take equal care when designing the evaluation process.

  • Use a weighted matrix, developed in advance, to evaluate proposals. Place more weight on the items most important to your organization.

  • Each team member should evaluate/score the proposals independently before the team comes together to discuss.

  • Do not be swayed by “bright shiny things” that a provider might include within the proposal. These things can be distracting when they pertain to something that falls outside your requirements. Ensure the provider can meet core competencies first.

  • Proposals offering big checks/payouts can also be distracting. This leads to another important point, as described in the next column.

During your next RFP project, focus on what matters most to your Commercial Card business case.

During your next RFP project, focus on what matters most to your Commercial Card business case.

Dollars vs. Basis Points

Within his conference presentation, Frank Martien, Partner, First Annapolis Consulting, encouraged end-users to look beyond the basis points (bps) noted within a provider’s proposal. He makes the case that end-users can earn more rebate dollars with lower basis points if the provider helps you capture more card spend by acting as a key partner in your program. For example, how will a potential provider specifically help you:

  • convert more suppliers to card payments?

  • further automate internal business processes, as well as key suppliers’ business processes?

  • obtain program buy-in from your management?

  • increase your card usage?

More Information

For more RFP resources, visit the related webpage.

Your Experience

If you have RFP experience that you would like to share for possible publication by Recharged Education, please submit a contact form. I would love to hear your advice and lessons learned. Alternatively, provide a comment below.

Contacts

Greg Hamilton
Vice President
Public Sector Business Leader
Mastercard
Phone 303-617-9171
Mobile 303-621-4487
gregory.hamilton@mastercard.com

Vincent P. Eavis
MD, Partner & Global Practice Lead
PayTech Commercial AS
Mobile +44 7721 985700  
vince@paytech.no

Frank Martien
Partner
First Annapolis Consulting
Direct 410-855-8513
Mobile 443-994-1241
Frank.Martien@FirstAnnapolis.com

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Subscribe

Does program buy-in seem out of reach?

When I ask end-users about their biggest card program challenges, an unfortunate common response is lack of buy-in. A program that begins with strong management support may take a hit when a program champion retires or leaves the organization. This can cause a program manager to scramble in defense, which is especially frustrating considering Commercial Cards have proven to be an excellent payment option. Following are steps you can take to combat or even prevent internal resistance.

Strive for Consistency

Regularly share card program successes, so management continues to receive the message about the program’s value. This should not be a random task. Broaden your promotion to reach management throughout the organization. Internal job changes can mean you get a manager from another area someday. If he or she is already familiar with Commercial Card benefits and how the program has helped your organization, this can drive your program forward versus backward, keeping it up to par.    

Aim for the Green

In golf, the green is the target. The same is true in business except the green is money (USD currency). Management typically wants to see the impact of the card program on the bottom line. Within your promotions, feature the savings achieved and rebates earned. It is beneficial to include a mix of: 1) meaningful industry statistics, such as average process savings, and 2) specific metrics about your card program.

Learn from your peers who can tell you what works and what does not when seeking management support. Chad Robison, CPCP, Purchasing Card Program Manager, Intermountain Healthcare, relayed that he regularly informs management about the status of their card program. A key part of this is sharing industry best practices on various topics and noting whether his organization follows them. This is a great addition, as it provides education and encourages dialogue about how to improve the program. Management becomes more invested in its success. 

Reaching any daunting target requires focus to tune out the distractions and proper execution of a plan.

Reaching any daunting target requires focus to tune out the distractions and proper execution of a plan.

Address Program Risk 

Conducting a risk analysis to document program controls and what is needed to close any gaps can help ease management concerns. If a risk analysis has been on your to-do list for too long, check out the related content from Recharged Education, including a template available for purchase.

Related Resource

For more information on garnering buy-in for the card program, visit the related webpage.  

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Subscribe