A study by JP Morgan found that 65% of companies1 have already experienced invoice fraud or attempted invoice fraud. These scams directly affect their bottom line because it is practically impossible to recover money that has been sent erroneously. The increasing sophistication of fraudsters means that companies must contend with a wide variety of tactics when trying to protect themselves against scams. How can you detect fraud attempts? How can you protect yourself? Let’s count the ways.
I. The three types of money transfer fraud
1. The fake supplier bank details scam
This is also called vendor fraud. The scammer contacts one of your employees who is authorized to wire money, for example an accountant. But they have stolen the identity of one of your service providers, which they thoroughly researched ahead of time. They inform your employee of so-called changes to their bank details and forward their new account information.
Needless to say, the swindler vanishes once the money is deposited into the fake account.
It’s hard to detect this type of fraud because the scammer uses an email address that looks like the real vendor’s email. And the company knows the vendor well. It’s a powerful way to trick someone!
Anouk Jouy
Director of the Advisory Finance Division
Fluxym
2. The fake supplier account scam
This scam exploits a weakness mostly found in large companies. These companies work with countless suppliers, and some have not established a procedure for checking supplier information before creating a new account. The problem in this case is that any employee can request to open a fake supplier account and link it to bank details without anyone knowing. Then that corrupt employee can scam the company out of money to benefit themselves or someone they know. If there is no procedure for reconciling invoices with purchase orders, the fraud goes virtually unnoticed. It can ultimately lead to considerable losses.
3. The CEO scam
In this scam, the fraudster emails or calls a company pretending to be the CEO of the parent company or group. After speaking a few times to gain trust, the scammer asks for an unplanned international bank transfer claiming that it’s an emergency or confidential. They send the details for the foreign bank account, and the company wires the money.
It’s clear that scammers have become very sophisticated. So, how do you avoid these traps?
II. Detect fake transfer orders
Warding off scammers starts by finding out how they infiltrate the company and learn their routines. They generally know the company very well and the loopholes in its transfer verification system.
An example of recurring fraud tactics
When scammers contact companies, they tend to create a heightened sense of urgency while using reassuring tactics to justify it. This way, they hope to gain special privileges without having to follow any internal procedures. This is the most common technique.
Warning signs
No one is immune to fraud or a scammer’s pressure tactics. However, some factors should raise suspicion and trigger verification processes.
The method of payment may offer some clues:
- A request to change the recipient’s bank account or information
- Invoices that are higher than usual
- Unusual invoicing frequency, like early invoices and requests for immediate payment
For scams that involve fake vendors or employees, there may be warning signs in the emails:
- Strange wording, spelling mistakes or odd syntax
- Graphics like a logo or signature that the contact doesn’t usually use
- An email address that is different than usual or perhaps slightly off
III. Three best practices for handling fraud
1. Systematize your verification process
Why change a good thing? A crucial part of securing your payments is raising awareness among your teams. Employees who are likely targets must know the best practices to follow before making any transaction.
For example, remind them to always:
- Compare emails they receive with prior emails from the supplier or employee, especially details like the address, last name and signature.
- Check if a purchase order was created by the purchasing department and matches the invoice that was sent.
2. Establish control procedures
As you’ve seen, preventing fraud is mostly about ensuring people aren’t making hasty decisions on their own. This requires setting up verification processes that:
- are planned ahead of time,
- contain several concise steps,
- involve multiple people, and
- differ for each type of bank transfer, i.e., invoicing, advances and invoices for overhead expenses.
Separation of tasks reduces the risk of fraud by involving multiple people in making changes to bank details. You can strengthen your defenses against scams with other internal control procedures. For example, you can prohibit the use of a “miscellaneous supplier” category in supplier accounts (account 401). It’s an invitation for all sorts of unverified vendors! Instead, categorize suppliers into more specific groups.
Companies have to establish longer procedures that give internal teams time to verify invoices. It fights fraud by preventing payments that are urgent or out of scope.
Anouk Jouy
Director of the Advisory Finance Division
Fluxym
3. Use the right software
Procure-to-Pay solutions can simplify your logistics controls and make transactions secure. They do this with two functionalities:
- Automated reconciliation of purchase orders, deliveries and invoices. This is the key to detecting scams like overcharging and duplicate invoices.
- Easier distribution of roles across your company’s divisions. This compartmentalizes tasks, from listing suppliers to paying them.
Separation of tasks in practice:
The “four-eyes principle” only works when each person is assigned a different role. For example, the person who enters the supplier’s bank details should never be the one who approves the supplier!
Another advantage of Procure-to-Pay solutions is the budget overage alert system. These solutions help buyers carry out their duty of care and make it easier to keep them on task.
No company is safe from the threat of fraud, and scammers know how to get creative. Nevertheless, there are many things you can do to thwart their attempts and protect your business. You can significantly reduce the risks by using constant vigilance, rigorous control procedures and targeted software. These programs include automated Procure-to-Pay solutions. They streamline your controls and the reconciliation of invoices and purchase orders.
A well-managed Procure-to-Pay process also offers numerous benefits like improving supplier relations, saving time and money, and managing processes.
1 Payments Fraud And Control Survey Report, AFP and JP Morgan, 2023