iscoverAccountants don’t need to become cyber security experts, but they do need to understand where existing processes can fall short in today’s heightened threat environment, one CEO has said.
Cyber criminals, everyday accounts, and the role of accounting professionals
22 July 2025
•
9 minute read
In conversation with Accountants Daily, Jon Soldan, the chief executive of payment fraud prevention platform Eftsure, has reflected on how cyber criminals are exploiting everyday bank accounts through mule accounts to move millions, and why it’s getting harder to stop them.
According to Eftsure, mule accounts are being increasingly used by cyber criminals to funnel stolen funds – often across borders – posing serious challenges that many institutions are simply unprepared for.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Challenges
Cyber criminals “almost always take the path of least resistance”, Soldan said, whether that means targeting accounts belonging to an individual pensioner or multinational enterprise.
“Everyday accounts are a common target because they’re often used for quick transactions, with faster payments increasing a scammer’s chances of getting away with a payout.”
“Many companies also have a gap between their cyber security strategy and their anti-fraud controls – scammers are happy to exploit these gaps, often by impersonating trusted contacts and finding ways to evade anti-fraud controls via social engineering and human error. These are the sorts of risks that IT and security professionals can’t eliminate, while many accounting controls are designed for a largely analogue world.”
This presents, Soldan noted, significant challenges for accounting professionals, who tend to be on the frontlines of cyber crime, “since the vast bulk of cyber crime is financially motivated”.
“There’s a big challenge in third-party risk – no matter how strong your security and anti-fraud controls may be, you cannot guarantee every vendor’s controls will be just as strong.”
“Australia’s federal anti-scam framework does not require banks to reimburse scam victims, and it can be difficult to recoup stolen funds. This puts a heavy onus on accounting and finance professionals to be the final guardrail against fraudsters, who are increasingly leveraging technology like AI capabilities (and a growing pool of stolen data) to personalise and sharpen their tactics.”
“To mitigate these risks and overcome challenges, accounting professionals need ways to modernise their controls and audit trails, which will help bridge the gap between cybersecurity and accounting.”
Steps to take
When asked how accounting professionals can better support their clients and businesses in the face of such criminality, from vendor onboarding to point of payment, Soldan said cyber criminals are looking for ways to divert money fraudulently across the entire payment life cycle.
“It’s critical for both accountants and their clients to know that cybercriminals are finding novel ways to make traditional verification methods obsolete. Something as simple as changing vendor payment details requires verification and should be checked against all relevant channels within the business.”
“We don’t want to adopt the same tactics as cyber criminals, of course, but they are early adopters of technology. Accounting professionals and leaders can even the playing field by finding technology solutions that add multi-factor verification and layers of security across payment lifecycles, and certainly at the point of payment.”
Accounting professionals must acknowledge, Soldan went on, that cyber crime is a financial risk that now goes far beyond simply an IT issue, with collaboration needed across teams to ensure defences are robust.
“Accountants don’t need to become cybersecurity experts, but they do need to understand where existing processes can fall short in today’s heightened threat environment,” he said.
“If something feels off, be it a slightly unusual payment request or a change in supplier details, always take the time to verify. Build a culture that encourages pause and scrutiny over speed when it comes to releasing funds – this includes building a ‘no shame’ culture where no one feels embarrassed to ask questions, point out unusual activity, or flag their own mistakes.”
“Finally, adopt layered systems that integrate real-time verification tools, third-party data sources, and visibility over payment workflows. Proactivity is your strongest defence,” he added.
Looking ahead
As scams become more targeted and sophisticated, Soldan concluded, even the most cautious businesses can be vulnerable if their systems, people and controls aren’t aligned.
“Modern finance teams are looking beyond traditional accounting controls and toward purpose-built tools that embed validation directly into the payment process,” he said.
“Ensuring that this is built into your systems, with real-time checks against external data sources, helps teams catch fraudulent payment details before money leaves the business.”
You need to be a member to post comments. Become a member for free today!
