Four steps toward cyber and payments-fraud resilience for Mid-Corporate technology companies

Here’s how finance and operations leaders can make controls auditable, enforceable, and hard to bypass.

By Justin Ellerman, Head of Cyber Client Advisory, Cyber Resiliency & Human Defense, Wells Fargo, and Anil Khilnani, Fraud Education & Awareness Program Lead, Wells Fargo

As technology companies achieve scale, the attack surface expands in predictable ways: more systems, more users, more vendors, and more pathways to move money. That complexity is what fraudsters look for; especially where processes vary by team, region, or ‘how we’ve always done it.’

The strongest programs are often not the ones with the most tools. They are the ones with standards that hold under pressure, controls that are auditable, and a response plan that has been practiced; the process is what is done day to day, not what was once drafted and forgotten.

Why this matters now

Modern fraud attempts are often designed to look routine. A request that ‘fits the pattern’, a vendor update, a revised invoice, a change in payment instructions, can slip through if the organization prioritizes speed over verification, or if individuals are not on alert for this type of attack.

Leadership teams should view cyber and payments fraud in the same category as liquidity, compliance, operational resilience, and reputation. It deserves executive level visibility because disciplined, proportionate control over money movement and access is essential. 

Step 1: Keep an executive view of top loss scenarios, and assign owners

Mid–corporate organizations benefit from a thorough risk catalog, a short list of the scenarios that could produce material loss. The list should be current, owned, and tied to specific controls, not static or sidelined.

For many organizations, those scenarios include BEC/vendor impersonation, payment redirection, privileged account compromise, ransomware, cloud credential theft, and third–party compromise.

  • Publish a one–page ‘scenario – control – owner’ map and review it quarterly.
  • Track near–misses and control exceptions as operational KPIs and risk indicators.
  • Align Finance, IT/Security, and Operations on escalation thresholds and decision authority.

Step 2: Make payment controls auditable, and difficult to bypass

At scale, the risk isn’t that controls don’t exist, it’s that they are inconsistently applied. Individuals or teams that prize providing outstanding customer service to the other departments may adopt informal approvals, exceptions, and ‘just this once’ workarounds to fulfill that mission. These are the openings that might get exploited. 

In addition, individuals may be approached with “special requests” of high prestige that must remain “secret”. These need to be expressly codified within corporate culture that they will not occur, and must always be challenged.

The objective is not to slow the business. It is to ensure that controls hold at quarter–end, during travel, through acquisitions, and during vendor transitions.

  • Standardize dual control and segregation of duties across all payment types and bank platforms.
  • Implement external channel verification for changes to vendor banking details, payment templates, or beneficiary setup; consider specialist products (such as Account validation tools) to add to existing workflows and maintain audit trails for all record changes.
  • Use bank–provided tools aligned to your payment mix, such as Positive Pay for checks and ACH filters/blocks for ACH exposure.
  • Perform periodic entitlement reviews for banking, ERP/AP systems, payroll, and cloud admin roles; remove standing access that is no longer needed.
  • Instrument monitoring: alerts, daily reconciliation, and clear exception escalation paths.
  • Consider human staffing rotations, or enforced absences to protect the process from internal vulnerabilities.

Step 3: Make people part of the control system

In many incidents, the first signal is human: unusual urgency, a slightly wrong domain, a vendor change request that bypasses normal process, or an out of the ordinary payment that ‘is out of the ordinary’ or ‘secret.’

The right approach is continuous, role–based reinforcement, especially for AP, treasury, payroll, procurement, and executives.

  • Engage the people, ensure they are trained and regularly tested.
  • In many cases your teams are the ones with the most insight into how your systems could be circumvented, their insights can identify additional possible risk.
  • Set clear red flags for vendor changes and executive payment requests.
  • Run recurring simulations and short refreshers tied to real incidents and near misses.
  • Establish a no–fault escalation channel and reinforce that verification is expected, even for senior leaders.
  • Measure outcomes and KPIs: exception rates, verification compliance, time–to–escalate, and near miss capture.

Step 4: Extend discipline beyond your walls, and practice response

Third parties, cloud services, and software dependencies can create concentrated risk. Resilience requires visibility and proportionate diligence. Pair that with response readiness: a practiced plan, rapid banking escalation, and clear communications authority.

  • Maintain an inventory of material third parties; classify by criticality and data exposure; reassess periodically.
  • Apply proportionate due diligence at onboarding and renewal; focus on access pathways and data flows.
  • Define incident response roles (including Treasury and the bank contact) and conduct tabletop exercises.
  • If suspicious payment activity is detected, notify your bank immediately so recall and recovery options can be explored quickly.

Deepfake–enabled fraud

Deepfake–enabled fraud is no longer a theoretical or emerging risk, it is an active control consideration for any organization operating at scale in a virtual environment. Addressing it requires a deliberate combination of technology, process discipline, and leadership awareness. The organizations that adapt quickly will be best positioned to preserve both operational velocity and financial integrity in an environment where digital interactions can no longer be taken at face value.

Leading organizations are responding with a layered approach:

  • Technology controls: Emerging tools can help detect AI generated audio and video, though none should be viewed as fully preventative given the pace of model advancement.
  • Process and governance reinforcement: Critical approvals, particularly around payments, data release, or contract changes, are being redesigned to require secondary verification that is independent of voice or video alone.
  • Human and analogue safeguards: Many firms are introducing low tech validation mechanisms such as pre agreed code phrases, internal references, or structured callbacks that external actors are unlikely to anticipate or convincingly replicate.

Often the most resilient organizations are not necessarily those with the most technology, they are the ones with disciplined standards, enforced process, trained teams, and practiced responses.

That discipline protects liquidity, supports operational resilience, and strengthens trust with customers, investors, and boards.

How Wells Fargo can potentially help

We work with finance, treasury, and operations leaders to translate cyber and fraud risk into controls that are practical, enforceable, and auditable.

Our focus is on the areas that most often drive financial loss: payment workflows, approvals, vendor changes, identity access, monitoring, and escalation.

  • Cyber Client Advisory supports best practices and maturity discussions aligned to executive governance and operational resilience through Cyber Wargaming, offered complimentary to clients.
  • Payments fraud controls reviews to pressure–test wire/ACH/check processes, approval paths, and exception handling.
  • Support configuring bank–provided controls (dual control, alerts, Positive Pay, ACH filters/blocks) and aligning them to your payment mix.
  • Fraud education sessions for treasury/AP/payroll and executive teams, built around the scenarios that drive financial loss.
  • Coordination and rapid escalation playbooks with your Wells Fargo contacts for suspected fraud events.

To pressure–test your current controls and identify high–return improvements, contact your Wells Fargo representative:

  • Schedule a cyber advisory consult.
  • Request a payments fraud controls review.
  • Work with Wells Fargo to standardize and operationalize bank–provided controls across payment rails and approval paths.

The views expressed are intended for Wells Fargo customers, prospects, and other parties covering the Food and Agribusiness industry only. They present the opinions of the authors on prospective trends and related matters in food and agribusiness as of this date, and do not necessarily reflect the views of Wells Fargo & Co., its affiliates and subsidiaries. Opinions expressed are based on diverse sources that we believe to be reliable, though the information is not guaranteed and is subject to change without notice. This is not an offer to sell or the solicitation to buy Wells Fargo product or service including security or foreign exchange product.

Wells Fargo Bank, N.A. Member FDIC.

RO-5550213

LRC-0626