Stop Trying to Fix Payment Fraud with IT Software.
Business Email Compromise cost Australian businesses $84 million last year, with an average loss of $64,000 per incident. Your accounts payable process has manual override points that no technology tool will fix. We redesign the process, not the inbox.
The Anatomy of a Fraudulent Payment
When a $64,000 fraudulent invoice gets paid, it is rarely because a firewall failed. It happens because the finance team’s verification process was bypassed. These are the three vulnerabilities exposing your balance sheet today.
The Vendor Update Bypass
A supplier emails to say their bank details have changed. Your AP team updates the ledger and processes the payment. Without a mandatory, out-of-band verbal verification protocol, you have just handed cash directly to a compromised inbox.
Executive Impersonation
An urgent email arrives from the “CEO” demanding a quiet, immediate transfer for an acquisition or legal matter. If your process allows urgency to override standard financial controls, your team will bypass their own safeguards to comply.
The Single-Point Override
Your policy may state that large transfers require two signatures, but if the accounting software allows a single user to initiate and approve a batch file upload to the bank, the dual-authorization rule is an illusion.
How We Harden the Finance Workflow
AP Process Risk Review
We map your end-to-end payment authorization workflow. We identify all manual override points, review your vendor onboarding and change management procedures, and assess your current BEC awareness training. The outcome is a Process Risk Report detailing your exact financial exposure and the specific, non-technical workflow controls needed to close it.
AP Security Programme Design
We execute a complete redesign of your AP security framework. We deliver documented, board-approved AP security policies, implement hard dual-authorization workflows with clear thresholds, establish mandatory vendor change verification protocols, and provide live staff training to ensure the new rules become muscle memory.
Finance Process Assurance
A policy is only effective if it is followed. We provide ongoing monthly spot-checks of recent transactions against the newly documented procedures to ensure absolute compliance. This provides you with continuous assurance and serves as verifiable proof of controls for your cyber insurance renewals.
Led by Dean Kastelic
Former Enterprise CISO & Director of Cyber Defence, KPMG
Most cybersecurity consultants try to solve Business Email Compromise by selling you more IT tools. They don’t understand the financial workflows that actually govern the money.
As a former Enterprise CISO and KPMG Director, Dean Kastelic approaches AP fraud as a governance and process failure. We work directly with your finance team to harden the workflow, ensuring the controls are practical, effective, and auditable.
The BEC Vulnerability Self-Assessment
A 7-question diagnostic designed specifically for CFOs and Finance Directors. It maps your organization’s exact exposure to manual override points in the Accounts Payable workflow. Complete it in 5 minutes to find your estimated BEC exposure window.
Diagnostic Unlocked.
A copy is in your inbox. Download it directly below to evaluate your AP workflow vulnerabilities.
Download PDF ScorecardHas a peer company recently been hit?
If you have heard about an incident in your sector, or if your auditors have flagged weak payment controls, do not wait for the test to come to your inbox. Let’s harden the process now.
Book a Workflow Review