Trustmi Talks

A Key to Every Lock – How Trustmi Tmark Protects Customers and Their Vendors

5 mins read

Social engineering attacks are increasing, and you need to be ready to catch impersonation attacks and invoice fraud.

Let’s say that by some means of BEC, malicious attackers have solicited some of your company’s email addresses. They then proceed to contact customers or vendors, impersonating the finance department, requesting to change the bank account, resulting in funds transferred to 3rd parties. In the event there was no call back procedure in place, document legitimacy wasn’t questioned, or just the simple old story of fatigue and human error - a tremendous amount of funds is lost, and usually never recovered.

Hackers Are Ahead of the Curve

It doesn’t have to be an elaborate scheme; today’s hackers can use AI and advanced technology.

Since 80% of B2B payment requests run through the 300 billion emails sent daily, tracking and monitoring change requests becomes a major hassle for finance teams. Spam makes up about 45% of emails received each day.

When fraudulent emails look legit, it’s easy to make a mistake. The average person doesn’t check email meta-data to make sure a payment request and invoice match previous ones sent by the same vendor. While drowning in paperwork, AP and AR departments are forced to meet monthly deadlines and don’t have time to scrutinize every request.  

It’s a near-impossible task if those departments don’t have access to automatic, data-driven tools that help identify irregularities and deviations from baselines.  

Protect B2B Payments: Email Analysis Matched with ERP and Procurement System Records

Trustmi has a multi-faceted approach when it comes to the protection of B2B payments for our fortune 500 customers. We seamlessly integrate to all the organizations procurement and financial systems — including every possible ERP — and deploy our comprehensive ML models on employee mailboxes. We then proceed to piece together the whole fragmented picture; every file is analyzed across hundreds of data points, minding the gaps between email correspondence and ERP data entries, real-time vs delayed inputs.  

An email or a file contains much more information than meets the eye — from the location (IP address) down to file meta-data, Trustmi identifies potential breaches and compromises. Until recently, even Trustmi only analyzed 99% of the image, and we could only match vendors to their baseline if one existed in our systems. Tmark is our solution to go beyond basic DMARC and provide an additional layer of protection against payment fraud.

What Is DMARC?

“Domain-based message authentication, reporting, and conformance” (DMARC) is an email authentication protocol designed to protect domains from unauthorized use. This reduces email spoofing attempts, including BEC, phishing, social scams, and other cyber threats using sender policy framework (SPF) and domain keys identified mail (DKIM).  

The standard email authentication method of DMARC got our research team thinking: how can we deliver value to customers and vendors alike, using our sophisticated email detection capabilities?

In the research lab, our cyber experts found ways to infer crucial information in a non-intrusive way. Tmark was born using a subset of technical security features, delicately tweaked.

So, What Is Tmark?

Tmark provides the next step in payment security, reducing fraud and account takeover.  

As a preventative security measure, the Trustmi Tmark solution deploys detections that infer if a mailbox was compromised, location-based anomalies, mailbox rule sets (like forwarding mechanisms), and more. This information forms a comprehensive report for the vendor regarding different weaknesses we have detected.  

Because Tmark is deployed on AP mailboxes on one side and AR mailboxes on the other side, Trustmi can empower true security for businesses by confirming that the invoice leaving one mailbox is the exact invoice received by the other. Tmark creates a world where both businesses are completely secured in the payment process.

Trustmi helps you get your vendors to deploy Tmark for a confirmed validation process. Whether the vendor uses Google workspace or Office 365, it only takes them 3 clicks and about 30 seconds to set up Tmark on the organizational mailboxes — free of charge!

After deploying Tmark (and if the mailboxes are free of malicious activities), Trustmi issues a certificate of excellence and trust for the vendor, entering them into Trust network as a verified and trusted associate. As verified vendors start working with multiple Trustmi clients, they receive an elevated status and Trustmi recommends their business to additional clients.

Taking Advantage of Tmark Security Support

Fraud risks are something your company can’t afford. Trustmi takes your privacy and security seriously. Here is why you should take advantage of Tmark:

  1. We only process, detect and analyze specific mailboxes with incoming and outgoing invoices
  1. We help secure both domain environments while identifying suspicious activities within the email flow, and aid vendors in protecting themselves from impersonation attacks.  
  1. We prevent spoofed emails and detects compromised mailboxes with our unique IP, detecting sensitive breaches the vendor doesn’t find on their own
  1. We elevate B2B vendor relationships by building trust.
  1. Vendors using Tmark are likely to get paid faster, as companies can confidently process their invoices first

Trustmi helps corporations of all sizes mitigate their fraud risks by protecting both sides of the payment process. Our customers can offer their vendors Tmark free of charge to reduce their hurdles and help prevent millions of dollars of fraud.  

Want to learn more about how Trustmi can help you fully secure your payment process from end to end? Talk to our team today.