business process compromise (attack) (BPC)

Business Process Compromise (BPC) is a cyber attack in which the attacker attempts to access specific business processes in order to compromise them for financial gain.

In the BPC attack, the attacker targets internal company communications and money transfers and payrolls, which he spies on unnoticed and filters out the relevant transfer data. If he has sufficient account data, he can carry out money transfers for his own benefit.

BPC attackers use the same vulnerabilities as other attackers and gain access to the desired transactions. The email system can also be used as an opening gate. In Business Process Compromise, cyber attackers have detailed knowledge of the functional processes of money transfers. They know the payment processes in accounting or human resources and can thus infiltrate the payment notification.