If you’ve ever owned a car without automatic locks, you’ll know how easy it is to leave the doors open overnight. You grab the shopping, get distracted when you get inside the house, and it’s only the next morning that you turn the key and realize you’ve been lucky.
When it comes to payment frauds, businesses are leaving their doors unlocked all the time. There has been a surge of fraud attacks on businesses since the pandemic, with criminals shifting resources to digital avenues, making it more important than ever for businesses to protect themselves from attacks.
Today we’re looking at 6 common accounts payable frauds and how to prevent them.
Accounts Payable Frauds and how to prevent them
1. Billing Schemes
A billing scheme is simply a person (either an employee or an outsider) that gets a business to issue fraudulent payments by submitting fake invoices. While the most common culprit is an internal employee, successful phishing schemes can be a way for an outsider to pose as an employee or supplier in a more subtle way.
Billing schemes typically come in three forms:
- Shell companies: A shell company is set up and payments are made to accounts the fraudster has access to.
- Non-accomplice vendors: When a fraudster uses knowledge of your vendor list to generate fraudulent invoices with different payment details.
- Personal purchase: When the fraudster uses the company’s payment systems to buy a product or service for themselves.
How to prevent a Billing Scheme fraud
Checks and balances are the key here. While often difficult to achieve – especially within a small business – having multiple people along the chain will help both spot potential fraud and discourage people from trying.
It’s important to maintain a separation of duties in the purchasing process, have an approved vendor list that you regularly update, and require additional sign-off for non-approved vendor payments. Finally, picking up the phone and contacting the vendor directly if anything seems unusual will never be a bad step to take – no-one will be annoyed about you being careful with their money.
‘With commerce comes fraud.’
- Nathan Blecharczyk, co-founder and chief strategy officer of Airbnb
2. Authorized Push Payment (APP) Fraud
Often a direct result of a successful phishing attempt, APP fraud is where a fraudster uses their newly gained knowledge of the company details and processes to get in the middle of a transaction. By monitoring emails and analyzing past invoices and their timings, a fraudster can produce a genuine looking request for payment at just the right moment.
Another common tactic fraudsters use is impersonating an internal employee (often a senior executive) and asking another employee to authorize a payment into an account. They will often use language that conveys a sense of urgency to push that person psychologically and get it done quickly.
While phishing is the most common tactic, simple social engineering techniques can work also, such as ringing a company and using publicly available information to trick an employee into making a payment because of an ‘emergency’.
How to prevent an Authorized Push Payment Fraud
Common sense preventative methods, such as strong password protections and changing passwords frequently, can deter scammers, staff training will always be the top preventative tool. Making your staff aware of common scams and the tactics used will give them the power and confidence to ask questions when they are unsure. Company policies, such as always putting payments through the accounts department (rather than company credit cards), also add a layer of protection against APP payment frauds.
A typical organization loses 5% of its revenue to fraud every year, with a median loss of $125,000
- Association of Certified Fraud Examiners (ACFE)
3. ACH (Automated Clearing House) Fraud
ACH (automated clearing house) payments are electronic fund transfers. It’s another area where phishing (or by using social engineering techniques) can be the way in for the fraudster, although the culprit can also be an employee with official access or using nefarious means to gain access.
The difference between APP Fraud and ACH fraud is in the tactics used – APP uses information to trick an employee to pay someone they shouldn’t, while ACH fraud attacks the actual system the payment is being made through.
Once the fraudster has access to the files they can edit a vendors profile within the system, including the payment information.
How to prevent an ACH fraud
As ACH fraud is essentially a way of attacking a digital network, the first step is to make that network as secure as possible. By using multi-layer, multi-factor authentication security processes, you can deter all but the most determined and skilled fraudsters, and automated payment systems will bring additional layers of security. However, as is the case with so many of these frauds, it’s the human factor you must look out for most, both in training and identifying suspicious behavior.
It’s estimated that in 2020, 1 in every 4,200 emails was a phishing attempt.
- Symantec Cyber Security
4. Check Payment Frauds
While checks seem to be a thing of the past, they are much more popular than you might think. In 2019, a study by the Federal Reserve found that 14.5 billion checks were processed that year.
Check fraud is very common (one study found 75% of all businesses that suffered accounts payable fraud was because of check fraud), and it can come in many forms. The simplest way is for the fraudster to make out a check and change the payee or write checks for personal expenses and charge it to the business account.
Fraudsters will also send vendors double-payments or purposely overpay them, and then intercept the check when it returns to cash it elsewhere.
How to prevent Check Payment Frauds
There are several methods of preventing check fraud, from good processes to technological solutions. Firstly, preventing the physical checks within a business to be easily accessed is a must, while also properly storing voided checks will help with reconciliation. Speaking of reconciliation, doing it regularly will mean you’ll spot any fraud quickly.
A proactive way to prevent check fraud is to use a positive pay service. Essentially, positive pay means your bank will compare checks received each day to an issue file you send them and highlights items that don’t match across the two lists, flagging them for your review.
"Torture the data, and it will confess to everything."
- Ronald Coase, British economist and Nobel Prize winner.
5. Expense Reimbursement Fraud
Expense Reimbursement Fraud is when an employee submits a false expense report after making purchases on their personal credit card, creates fake expenses for items or services never purchased, overstates expenses, or submits duplicate reports to be reimbursed twice.
This can range from the relatively minor to serious, systematic frauds. Whichever end of the scale it occurs though, a study by the Association of Certified Fraud Examiners found that expense reimbursement fraud accounted for 21% of fraud within small businesses, to 11% in large enterprises.
How to prevent Expense Reimbursement Fraud
Regular spot-checks, formal warnings for minor offenses (depending on company policy), and regular audits will discover most types of expense frauds.
Another method commonly used to spot fraud is applying Benford’s Law. This principle states that in naturally occurring number sets, smaller numbers (like 1 and 2) will show up at the start of each data point more frequently than other numbers. For example, the number 1 appears as the leading significant digit about 30 % of the time, while 9 appears as the leading significant digit less than 5 % of the time.
Knowing this principle means that a person can examine data sets (like expense receipts) and see the likelihood of whether fraud has occurred.
6. Kickback Schemes
Kickback schemes are when an employee colludes with an outsider and receives a reward (financial or otherwise) to change a business decision. They can be very damaging as they may not leave a direct paper trail like other frauds, and can become a stepping stone to other frauds, such as billing schemes.
Vendor selection can be a key area where kickback schemes occur. Vendors may attempt to bribe an employee with straight cash or reciprocal awards (such as event tickets, holidays, etc.) so they are selected over competitors.
How to prevent Kickback Schemes
As is the case with so many of these frauds, having multiple people in the chain is a great deterrent to people. All bids should be viewed and judged by multiple people, while a gratuities policy to make rules clear to people is also a must. Audits on vendors selection and purchases over a certain dollar amount will also help you spot fraud early.
Locking the (automatic) doors to prevent payment frauds
We will probably never be able to end fraud altogether. Systems are unlikely to ever become invulnerable, no matter how sophisticated the technologies, and people certainly never will be. What businesses can do, however, is build up layers of protection to decrease the likelihood of fraud occurring in the first place and lessen its impact if it ever does.
In so many payment frauds, it happens because of weak links in the process combined with an inability of staff to check for errors due to overwork or overly complex systems.
Implementing automated accounts payable systems will begin giving the power back to businesses in preventing, spotting, and limiting fraud. Automated red flags, the improved ability to examine data and the audit trail generated by automated payment processes are key weapons in the fight against fraud.
After all, it’s easier to lock the car door when it’s automatically done for you.
To discuss how TransferMate can support your organization to keep fraudsters out, click here.
