Accounts payable fraud is a major problem. Scammers are moving rapidly to cash in big bucks. They’re taking advantage of the Digital Era’s easy access to private accounts and information in malicious ways that are easily overlooked.
According to the Association of Certified Fraud Examiners’ most recent report, there were $6.3 billion in total losses from ACFE cases in 2016. Across all industries, banking and finance services were the biggest victims at 16.8%, losing an average of $192,000 annually.
But as technology evolves, accounts payable automation (AP automation) is making it hard to crack the code to fraudulent AP attempts. The big question is this: How are scammers taking advantage of business bucks? Forbes named the top five business accounts payable fraud practices hitting finance departments the hardest:
- Identity theft: Using another person’s personal information including tax returns, social security number, or financial information.
- Payroll fraud: Entering a payroll service or software with the intention of stealing money. This includes entering incorrect hours, “buddy punching” for hours not worked, and unapproved pay rate adjustments.
- Return fraud: Returning goods or services in exchange for more money than valued, including “renting” items and returning stolen goods in exchange for cash.
- Money fraud: Using fake printed money.
- Workers compensation fraud: Falsifying employee information or records to collect benefits or avoid legal accountability. This can include unapproved payroll or job status.
The truth about paper checks
Checks may seem convenient and cost-effective, but the risk is greater than the reward. According to the Association for Financial Professionals’ 2017 Payment and Fraud Control Survey, checks continue to be the top vehicle for payment fraud. The survey points out that three-fourths of businesses that were victims of accounts payable fraud were targeted via checks. Wire transfers were the second most targeted payment method, while credit cards followed closely in third place. Despite the high numbers for check fraud, surprisingly, only 10% of all surveyed victims suffered a financial loss.
If there aren’t plans for checks to leave your office anytime soon, some best practices may reduce the risks:
- Print the word “VOID” on a scanned or copied check to prevent duplicate account deductions.
- Use customized cardstock that cannot be found elsewhere specifically for your business.
- Use dual-tone watermarks, warning banners, and high-resolution banners that cannot be easily replicated to match the originally printed check.
To combat the security risks of paper checks, businesses are starting to trust tech for accounts payable processes. Accounts payable automation streamlines invoice and electronic payments for business with more control and visibility.
Businesses that implement this cloud-based SaaS accounts payable automation solution reap big benefits that protect them from scammers: visibility into all electronic payments and vendors, scans for duplicates and errors, and full control for approvers and exceptions.
When it comes to accounts payable fraud, none of the security measures for paper checks can top the security of accounts payable automation. With automation, there’s no paper trail for scammers to follow. Most solutions include fraud protection such as ‘Positive Pay,’ an automated fraud monitoring system that searches for red flags and suspicious vendor changes including duplicate electronic payments and invoices.
Beware! Digital compromise is on the rise
As industries migrate to tech, it’s no secret that scammers are following their footsteps for fraud attacks. Email is the quick and easy way to get an employee’s attention. A work email often comes with immediate required attention or expectations. Keeping that in mind, fraudsters are leveraging emails several ways to catch the attention of employees easily.
Business Email Compromise (BEC) is the top accounting fraud attack for the B2B world—especially the finance department. Simply put, BEC fraud is defined as an email scam that demands money. Scammers send convincing emails that imply urgency and require steady payments from businesses.
According to an FBI message, between 2013 and 2016, BEC attacks targeted 22,292 U.S. victims amounting to over one billion dollars in attempted and definite loss.
Normally, after researching the business and their target employee, the hacker sends urgent emails requesting payment on behalf of the CEO or CFO. According to recent Proofpoint reports, scammers are targeting a wider range of roles and identities. In Q4 of 2017, 41% of businesses under attack reported that at least five employees were targeted.
The emails can be convincing. Wire transfers and checks are the top two target methods that scammers employ. Why? Canceling checks or wire transfers can be quite difficult. Checks can also be easily replicated.
On the other hand, electronic payments for business are easily traceable and verified. To help you stay informed, the Internet Crime Complaint Center (IC3) has created a list of BEC scenarios to watch out for.
Scammers are also falsifying email history by adding “Re:” or “Fwd:” at the beginning of an original email. In Q4, Proofpoint reported that 11% of all forms of email attacks were generated with this method.
Lastly, there’s the Follow-Up Scam. To score big against businesses, scammers make suspicious calls to potential victims offering products in exchange for services. The scammer then makes follow-up calls with immediate and urgent demands without the victim knowing they have access to the victim’s bank account and personal information. Before the victim knows it, the scammer has bamboozled their finances and identity from a simple phone call.
How can businesses avoid these risks? Accounts payable automation reduces the capabilities of scammers and outside parties to approve invoices or create vendors without the proper permissions and approvers. Accounts payable automation services automatically offer fraud protection by allowing finance departments to double check business invoices and electronic payments in a secure, cloud-based space.
To avoid email fraud, partner with your IT department to enforce email security. Implementing proper security with regular training keeps employees alert and aware of suspicious scams.
Best practices and precautions can save the day
The fear of financial information falling into the wrong hands is a common one. Manually managing vendors and invoices often leads to mistakes, including duplicates, entry errors, and information for potential attacks.
In a recent PYMNTS.com article, APEX Analytix Senior Vice President Phil Beans highlighted the biggest problem with accounts payable processes.
“The front-end process is manual, and data flows through too many hands. Only a limited number of outside data sources are taken into account, and vendor master teams are pressured to push through the changes to meet processing SLAs (Service Level Agreements).”
In the article, Beans shared the number one best practice for any finance department as a precaution. The key is enabling internal fraud regulations and monitoring for every transaction, big or small.
Finance departments may find also find risk relief in RegTech as a security solution—fraud preventative technology. Instead of managing compliance and risks manually, finance departments are investing in cloud-based technology for simple security management. According to the Financial Services Round Table study, RegTech global demand will grow to $118.7 billion by 2020 due to an increase in cyber-attacks and technology modernization.
The study shares that business developments are now driven by technology, which is driving new security measures and risk monitoring approaches.
Implementing technology so finance departments can be alert to suspicious activity is essential in catching every attack that may otherwise slip through the cracks manually.
Vendor verification is the primary safeguard to prevent accounts payable fraud from vendors during procure-to-pay processes. As a precaution, the FBI suggests that businesses only purchase goods from companies with copyrights or a trademark. They also recommend buying from reputable vendors, and those with a brick and mortar address instead of a P.O. box.
According to the APEX Financial Leaders’ Benchmarking Report, less than half (44%) of surveyed businesses ask for their vendor’s physical business address. The same percentage ask for a daytime phone number to verify information.
The best practice for managing vendors is to regularly monitor a master vendor file that’s free from duplicates, inactive vendors, or abbreviations. It’s critical to limit access to the master vendor file. To reduce the risk of fraud, the same person should not be able to also enter invoices or disburse payments. As an additional best practice, require a second approver for payments that exceed a certain dollar amount.
To fight AP fraud, finance departments should invest more in cloud-based payment solutions and security platforms. Even though paper-based payment processes may seem safe internally, there’s less visibility, accurate reporting, and control. Fraudsters are wising up to attack employees and accounts in ways they least expect. The biggest way to protect information is a cloud-based, secure SaaS—especially when managing payment processes. It’s better to be safe than sorry.