Overview
As a finance professional, you’re aware that the threat of fraudulent and malicious activity in your organization’s financial operations is ever-present. What you may not know is that it’s estimated that 25% of vendor fraud alone goes undetected, meaning that you could be losing money without even knowing it. While there is no failsafe way to provide protection against every possible breach, as your payments partner, Airbase works around the clock to protect your funds, critical data, and accounts.
Some of these controls are built directly into our product, placing you in the driver’s seat with unmatched visibility and control, including alerts for suspicious activity. Other risks are monitored outside the system by a dedicated team of risk specialists using state-of-the-art fraud detection systems to monitor transactions for any signs of irregularities. And this same team works with you and your vendors to resolve any issues. These efforts have resulted in saving our customers significant amounts of money and justify our decision to invest in this team and its work, which is beyond standard market practice.
Airbase uses stringent login and authentication protections to safeguard user accounts, reinforced with comprehensive device monitoring and behavioral biometrics to detect bad actors. We’re continually adding new methods and tools, especially ones with AI capabilities, to stay ahead of those with ill intent.
Vendor Control
Vendor fraud has been a growing problem for years, with a spike when, in the wake of the Silicon Valley Bank crisis, companies changed and added new bank accounts. Bad actors are continually looking for ways to access payment platforms and change account details to reroute payments to them. This is why Airbase has several alerts and cross-checks for vendor information, account validation, and notifications if bank account details get changed. We monitor all vendor activities of our customers, including payments, network activity, vendor information, and any other interaction that our customers might have with all of their vendors on our platform.
According to a 2022 survey of finance professionals conducted by research firm Censuswide, U.S. mid-market companies estimate that invoice fraud costs an average of $300,000 per business each year. Whether this is inflated or not, we know that AP operations are continually under attack, and the companies in the survey find, on average, one false invoice per month.
Front-End Controls
Dual Approval Workflows
Since Airbase was built for the finance team, we have created workflows in accordance with GAAP that give you granular control over the approval path each transaction takes. This can include as many stakeholders as you wish, e.g., Legal, Infosec, FP&A, Procurement, and budget owners.
Verified Vendor Status
When a vendor shares their payment and tax ID information, Airbase validates the vendor name and stated tax ID against the IRS records and marks them as “Verified” when they match. This automatic check happens quickly and ensures the finance team that the vendor is indeed who they say they are. See our Help Center article here.
Vendor Payment Notifications
Airbase platform notifies vendors about initiated payments and any changes to their payment or contact information as soon as they happen.
New Vendor Payment Information Flag
When vendor payment information is updated, the Airbase platform notifies users of the changes and provides best practices to help users ensure the changes are valid and authorized. See our Help Center article here.
Approval Policy for Vendors
The system setup includes a policy for approvers of changes to vendor information. When vendor payment information is updated, the Airbase platform notifies the assigned approvers, who must sign off on any changes to vendor information. This makes it easier to track the changes and ensures that every update goes through an approval workflow that is aligned with your company’s policy. See our Help Center article here.
Vendor Bank Account Validation Checks
Upon linking a vendor payment account, Airbase automatically processes a $0.00 transaction to the account to confirm that it is open and able to receive credits, cutting down on errors and delays in the case of incorrect bank account data.
Two-Factor Authentication (2FA) for Vendors
This secondary level of security helps prevent account takeover incidents by requiring a secondary method of authentication before vendors can update their payment information. See our Help Center article here.
Back-End Controls
Airbase prioritizes the security of your funds above all. Without revealing sensitive details that could be misused, we can assure you that robust measures are in place to safeguard your accounts.
Key features of our security strategy include,
- Implementation of advanced fraud detection systems: These systems constantly monitor for any signs of fraudulent activity, ensuring a swift response to any potential threats.
- Sophisticated data networks: We leverage these networks to verify the safety and legitimacy of vendor bank accounts, further enhancing your payment safety and security.
- A dedicated fraud investigation team: This team vigilantly oversees vendor activities and payments, operating around the clock for immediate detection and reaction to any signs of potential fraud. This immediate response is a crucial component in securing your funds.
- Secure login experience: The Airbase platform is optimized for Single Sign-On (SSO) functionality, though we do offer an alternative that is more secure than traditional username/password access. This helps keep the wrong people from accessing your account and allows for granular access control of your choosing. See our Help Center article here.
Cards
Our card fraud detection system uses sophisticated methods to stop fraudulent activity. While we can’t share the specifics for security reasons, we would note that preventing fraud is an ongoing effort, though it’s not possible to eliminate it completely.
We work hard to find the right balance between a smooth user experience and effective fraud controls. If we suspect a transaction is fraudulent, we decline it but reach out to the cardholder via email and our mobile app to confirm. We try to avoid inconveniencing our users while combating fraud, but it’s a challenging task. Your feedback is valuable, so please contact us at support@airbase.io with any thoughts or concerns.
If fraud slips through, our dedicated team handles chargebacks. We collaborate with our bank partner and Visa for a decision and provide you with regular updates. If the merchant is liable, you’ll get a refund, even if your card is suspended.
Card Controls
These provide added security and peace of mind for cardholders, as they can proactively manage their card usage and respond quickly to any suspicious activities. It’s important for cardholders to regularly review their account settings and adjust the card controls based on their needs and preferences.
Spending Limits
Cardholders can easily set and change pre-defined spending limits on their cards to control how much can be spent within a certain timeframe. See our Help Center article here.
Card Lock/Unlock
This feature allows the cardholder to temporarily disable their card if it’s misplaced, stolen, or if a transaction is suspected to be fraudulent. By locking the card, they can prevent unauthorized use until it’s found or replaced. In Airbase, the cards are auto-locked if receipts are not uploaded for the corresponding spend. See our Help Center articles on how to lock an Airbase Virtual Card and Physical Card.
Card Restrictions Based on Merchant Category
This feature disallows the use of the card outside their intended types of spend. See our Help Center article here.
Pre-Approval Processes
Users must obtain approval via customer-configured approval chains before a virtual card can even be issued. See our Help Center article here.
Suspected Fraudulent Transaction
When Airbases suspects a transaction to be fraudulent, we decline the transaction but also reach out to you via email and mobile app notifications to determine if it was a legitimate charge. If there is confirmation that the transaction is valid, Airbase proceeds with the transaction on the next submission. Related Help Center article here.
Card Suspension
Aside from locking the card when a transaction is suspected as fraudulent, if the cardholder is sure that fraud is the case, then the cardholder or Admin can suspend the card (physical or virtual). This is an irreversible action and you’ll have to issue a new card to the vendor (if it’s a virtual card) or employee (if it’s a physical card). Related Help Center article here.
Chargebacks
Chargebacks are a valuable tool for customers to respond to fraudulent or unauthorized transactions and resolve disputes with merchants. Here’s how chargebacks help customers:
Fraud Protection: Chargebacks are often used to report unauthorized transactions made on a customer’s account. If a customer notices suspicious or fraudulent activity on their card, they can initiate a chargeback to have the money refunded and prevent further losses.
Dispute Resolution: Chargebacks allow customers to challenge transactions that they believe are incorrect, defective, or misrepresented. This can be particularly useful when a customer receives damaged goods, doesn’t receive the product or service as described, or encounters any other issue with the purchase.
No Need to Deal with Unresponsive Merchants: Sometimes, customers may face difficulties in resolving issues with merchants directly. The chargeback process enables you to reach out to Airbase to mediate the dispute, sparing you the burden of trying to deal with unresponsive or uncooperative merchants.
Those who would take your organization’s money are not going away anytime soon — we confront them every day in our activities. They are constantly adjusting and becoming more sophisticated, and it’s our job to stay a few steps ahead of them. With Airbase, you don’t have to be alone in this fight; we’re in your corner with a product and a team of risk specialists who put your protection first. We cannot thwart every malicious attack, but by using a system like Airbase and applying vigilance, it’s less likely you’ll become their target.
This summary is intended to provide an overview of how we protect your financial security and to demonstrate our commitment to that security without making any representations of protection for any specific incident or Airbase customer. If you have questions, please reach out to our risk team via email at fraud@airbase.io.
Airbase modern spend management offers Guided Procurement, Accounts Payable Automation, Expense Management, and Corporate Cards (Virtual Cards and Physical Cards). It’s the best way to control spending, close the books faster, ensure compliance, and improve productivity. Airbase brings efficiency to a seamless procure, pay, and close process with a user experience that accountants and employees love.