As a company, you must face the fact that the danger of financial fraud is real, and you can’t escape the importance of accounts payable (AP) fraud management any longer. According to research by the Association for Finance Professionals (AFP), in 2020, 74% of organizations were previously targets of payments scams. In the two years before, this number even reached over 80%. The damage of payment fraud has differed among companies, losses can be several hundreds to hundreds of thousands or even millions of dollars.
The amount of direct monetary losses due to fraud according to PwC's Global Economic Crime and Fraud Survey from 2018.
Companies keep falling victim to innovative fraud techniques and digitalization and emerging new technologies have provided fraudsters with the right toolbox for account payable fraud to become an increasingly attractive option for them. On top of that, if you have a company that executes a high number of payments, with a big team, and many suppliers, it becomes increasingly difficult to detect and prevent fraudulent payments manually.
What is accounts payable fraud?
Accounts payable fraud is any type of B2B payment that is done illegally or falsely. The perpetrator deprives its victim or the company of money in several possible ways. Accounts payable fraud can be committed by a company’s own employees, vendors, suppliers, cybercriminals, or scammers.
How does accounts payable fraud actually work?
Usually, accounts payable fraud starts with an employee who has the user rights to execute payments. Either the employee has false intentions and transfers company money to an allegedly trusted beneficiary party or the employee can be tricked into paying account beneficiaries money that is not destined for them.
Accounts payable fraud types and trends
Accounts payable fraud comes in different forms. You can categorize it into two main areas in B2B payments: internal and external fraud. Within them are several trends.
Internal fraud is caused by someone within your organization who purposefully commits fraud. As mentioned earlier, if you are working for a company with many payment transactions this can be difficult to detect. Especially when beneficiary accounts often look like legit suppliers.
Internal fraud can cost your company a significant amount of money depending on how long it has been going on and based on the regularity and the sum of the transactions. Internal fraud takes different shapes, these are the most common ones:
1. Billing schemes
Billing schemes are designed to make it look like your business executed payments to legitimate recipients, but they are fraudulent transactions to beneficiaries related to employees. They can be hard to spot when the fraudster sets up a shell company for them to create false invoices. Pretending that it would be a legitimate supplier.
2. Employee reimbursement fraud
A common type of fraud that can be hard to detect is reimbursement fraud, where your employees use false expense claims to receive expense reimbursements that they should not receive.
3. Kickback fraud
Kickback schemes mean that a supplier works together with one of your employees to deprive your business of money. This can easily be done when the involved employee has payment execution rights by inflating supplier invoices and then sharing the profit.
External fraud is committed by someone outside of your organization who tries to steal your company’s money or, for example, other sensitive payment information. There are several common fraud types and recent trends that your company should be prepared for.
1. Wire transfer scams
Wire frauds are popular among scammers. Perpetrators pretend to be someone you might know, a trusted source like a vendor, contact, or other company you work with. After that, they ask you to make direct wire transfers to their account. A recent disastrous example includes a Dutch company that made a 750,000 euro wire transfer to what was supposed to be one of their suppliers.
2. Phishing attacks or business email compromise
Phishing attacks are typically done by email but can also reach you by phone calls, text messages, or malicious websites. They are relevant for you and your colleagues to be aware of since 75% of organizations experience them. And according to Tessian, the average cost of a breach is $3.92 million - something you rather mitigate.
Phishing attacks typically aim to trick you into thinking that the message is coming from a reputable source. The attacks come in many forms, for more information you can check Tripwire’s article on common phishing attacks and how to protect against them.
3. Identity theft
Identity theft is a common type of online fraud where cybercriminals steal your information and use it under false pretense. The goal is the same as with other frauds: using your identity to access sensitive information or to manipulate you, or your colleagues, into making a wrong payment.
4. Account takeover
Account takeovers can be very challenging to spot because it means that someone external has access to your account through theft or misuse of credentials. By doing so, the fraudster has access to all information related to the account, allowing them to leverage that inside information to execute fraudulent payments themselves or lure others into doing so.
What is accounts payable fraud detection?
Accounts payable fraud detection is the ability to detect fraudulent payments that flow or are about to flow, out of your company. It is used in B2B payments to spot anomalies, such as erroneous and fraudulent payments from being executed, and it allows your company to identify fraudulent payment risks.
What is accounts payable fraud prevention?
Accounts payable fraud prevention is the management of preventing fraudulent payments from flowing out of your company. Most often, payment fraud detection and prevention go hand in hand. In order to prevent fraudulent payments from being executed, you have to be able to detect them first.
Steps to prevent accounts payable fraud in your organization
Accounts payable fraud can be mitigated in several ways. These are the eight strategies that are commonly used to help prevent accounts payable fraud:
1. Analyze your current payment processes
For you to start mitigating the risk of fraudulent payments, you need to get a better understanding of your company’s current payment processes. Things that you can consider here are:
- Which systems/banks are you using for payments?
- Who has access to these systems? And more importantly, who can execute payments?
- How is your current user right management working?
- What’s your procedure when an invoice to be paid shows up that is out-of-the-ordinary?
- Through which channels can you be invoiced?
- Are bigger payment sums examined thoroughly?
- How many payments go out on a daily basis?
- Are you able to identify who made which payments?
Once you understand your current payment process, you can more easily identify the parts of it where the risk of fraud is higher.
2. Have regular audits in place
Make sure to audit and monitor your payments regularly and look out for any red flags. With frequent monitoring, you can identify external fraud attempts, but it also prevents internal fraud attempts since employees know they’re closely watched.
3. Use audit trails
By using audit trails, you can exactly identify payments to their source at any point in time. This allows you to examine where something went wrong along the payment process, or which employee tampered with any of the payments.
4. Use the four-eye principle
A four-eye principle is a quick way to reduce erroneous or fraudulent payments. The second pair of eyes may spot something wrong with the payments you are about to send out. For larger sums, you can even have a six-eye approval process.
5. Set rules in your payment process based on best practices
Strengthen your payment process by focusing on best practices and make sure to communicate this to your colleagues. Establish a culture where invoices are only paid if they have a purchase order, or if they are coming from registered suppliers from within your payments network. If your team notices a spontaneous or exotic payment request, a safety procedure should be in place before sending the payment. And you should always encourage the people making payments to cross-reference the request with different people and channels in case they are unsure.
6. Create a fraud awareness program
Your accounts payable department is the most vulnerable to being targeted by fraud attempts according to research conducted by J.P. Morgan and AFP. To lower the risk of them falling victim to the different types and trends related to payment fraud, you can set-up an awareness program. The more aware employees become the lower your risk as a company to fall for payment fraud will become.
7. Use process automation
Most manual payment processes leave you with gaps in the process that become vulnerable spots to payment fraud. For instance, when your payment file batches are sitting idle in a folder or shared file waiting to be uploaded to the bank, it leaves room for tampering. Even if the process up to that point was fully secure. These vulnerable gaps and risks can be reduced when you start automating your payment process.
8. Implement payment sanction screening
A sanction screening tool screens your outgoing payments against sanction lists to help you detect anomalous payments. If something suspicious occurs, the tool can alert you before the payment is sent to the beneficiary account. For this, you would need to create a sanction list first, which can be based on your historical payment data. And, if needed, you can use 3rd party sanction lists for additional screening.
Accounts payable fraud prevention and detection solutions
It will be increasingly difficult to manage the payment process safely when your organization increases in size. Payment fraud becomes inevitable when you have many different systems, ERPs, hundreds of payments a day, an increasingly large finance or treasury team, and a big network of suppliers and partners. As a result, companies often work with payment fraud detection and prevention vendors that can help them save a lot of money that would otherwise be lost.
Some solution providers only offer you a solution for payment sanction screening, whereas others can help you with the entire payment process. The right type of payment fraud solution mostly depends on your needs. These are some of the top accounts payable fraud vendors on the market:
1. Nomentia Payments and anomaly detection
Nomentia offers a complete payment solution to streamline and automate all payment processes in a centralized place with integrated payment process controls and compliance screening. You can easily define fraud detection rules in the solution to spot fraudulent payments and set up a workflow with actionable follow-up steps. This way you can block fraudulent payments from being executed, and you will get notified whenever something shady happens.
Nomentia offers its payment and fraud solution as a stand-alone or as part of a more advanced cash and treasury management setup.
Medius offers an AP automation software with three-way matching, allowing your business to avoid the payment of fraudulent invoices and incorrect sums. By automating the payments process you can also reduce the risk of human errors.
Nsknox offers an accounts payable protection service that verifies outgoing payments by validating accounts and making sure payments are only made to validated payees.
NetGuardians recently rolled out a solution for corporates whereby you can easily upload your payments to their platform, which they analyze and score against their sanction data. The possible fraud cases will then be highlighted in the resulting report.
SWIFT has a transaction screening service that screens your incoming and outgoing messages against sanction lists, alerting you if it detects any suspicious activities.
Protect your company against accounts payable fraud
Whether you are working in a smaller organization or a bigger enterprise, payment fraud should be a priority. Make sure that your organization establishes a culture where internal fraud attempts are highly discouraged and take the necessary steps to prepare employees for any external fraud attempts. Once you optimize and automate your payment processes, it is also less likely to fall for accounts payable fraud.
Last, we recommend looking into fraud prevention solutions when your organization increases in size; with many payments, finance team members, suppliers, and source systems, it will become increasingly challenging to tackle AP fraud.