As accounts payable processes continue to become more digital, the AP department faces evolving challenges, and fraudulent payment requests pose a significant threat to financial integrity. In fact, the FBI’s Internet Crime Complaint Center received over 840,000 complaints about cyberattacks and malicious cyber activity resulting in nearly $7 billion lost in 2021. Unfortunately, most of the victims targeted were small businesses. Organizations are tasked with safeguarding resources to maintain trust with stakeholders and vendors, making it imperative to strengthen AP processes to protect against fraudulent activities.
Fortunately, the right technology and automation solutions can be a strong defense for businesses. Leveraging advanced data analytics, machine learning algorithms, and intelligent automation solutions helps proactively identify and mitigate fraudulent payment requests, ensuring the integrity of financial transactions.
In this blog, we explore the critical role of automation in protecting accounts payable against fraud, and how cutting-edge technologies empower all organizations to detect potential risks and suspicious activities, enhance compliance, and improve security within the payment process.
What is a Fraudulent Payment Request?
A fraudulent payment request is an attempt to initiate a financial transaction for illegitimate purposes. These requests often involve manipulation or impersonation tactics to trick an organization into transferring funds or making payments to unauthorized recipients. Fraudulent payment requests may come from phishing, impersonating, forged documentation, or exploiting vulnerabilities in internal controls.
Many fraudulent payment requests share similar characteristics. Any of the following actions or omissions should be a red flag for a deeper investigation before any payment is rendered:
- Urgency or pressure: Fraudulent requests often emphasize urgency or high-pressure tactics to prompt immediate action by the victim while discouraging scrutiny and rational decision-making.
- Unusual payment patterns: Payments requested outside normal procedures, irregular payment amounts, or unfamiliar vendors may signal potential fraudulent activity.
- Lack of documentation or verification: Some fraudulent requests may be missing supporting documentation, such as purchase orders or contracts, and resist any verification attempts by the company to conceal their illegitimacy.
Types of Payment Fraud
There are many kinds of deceptive tactics used to manipulate organizations to transfer funds or make payments to unauthorized recipients. Understanding the various types of fraudulent payment request schemes is essential for implementing effective prevention and detection measures. Here are some of the common types of payment fraud:
Invoice Fraud involves the submission of falsified invoices or the manipulation of legitimate invoices to deceive organizations into making payments for goods or services that were never rendered or overpriced. Fraudsters may impersonate existing suppliers or create fictitious companies to use this scheme. Invoice fraud often exploits weaknesses in invoice processing and approval procedures and relies on the assumption that payments will be processed without thorough investigation.
CEO/CFO Impersonation involves fraudsters impersonating high-ranking executives within the targeted organization to request urgent payments or wire transfers. These requests often exploit the authority and credibility of senior leadership to add pressure on the employees to bypass standard approval processes. These fraudsters may claim the need for confidentiality or provide made-up emergencies to justify the urgent transaction.
Vendor Payment Redirects occur when an email account is compromised or a fraudster impersonates a legitimate vendor to request changes to payment details that redirect funds to their accounts instead of the intended recipient. Typically, legitimate communication between the organization and its vendors is intercepted, either through email spoofing or an account takeover. By posing as an authorized vendor representative, organization employees are tricked into updating payment information, leading to unauthorized fund transfers.
Employee Expense Fraud involves the submission of false or inflated expense claims by employees for personal gain. Fraudulent expense reports may include fictitious expenses, inflated costs, or duplicate reimbursements. Employees can perform this fraud at various levels within the organization, often exploiting weaknesses in expense reimbursement processes, such as lax oversight or inadequate documentation requirements.
Phishing Emails and Social Engineering tactics are commonly used to deceive employees into sharing sensitive information or unknowingly authorizing fraudulent payments. Phishing emails impersonate legitimate entities and often include malicious attachments or links designed to steal login credentials or install malware. Social engineering tactics exploit human psychology and trust to manipulate individuals into performing unauthorized actions, such as initiating fraudulent payments or disclosing confidential information.
Payment Interception involves intercepting legitimate payment instructions or altering payment details to redirect funds to fraudulent accounts. Fraudsters may exploit vulnerabilities in communication channels or compromise financial systems to intercept payment instructions and modify bank account details. Unfortunately, this can result in significant financial losses for organizations, especially when payments involve large sums or international transactions.
Being familiar with the various types of fraudulent payment requests and the different tactics fraudsters may use, you can ensure robust security controls and automated solutions are implemented to detect and prevent such threats effectively.
Potential Impacts of Payment Fraud for Businesses
Any type of payment fraud that happens to a business can lead to negative outcomes, whether it causes financial loss, reputation damage, or organizational disruption. Some of the most serious ways payment fraud affects businesses include:
- Financial Loss: When fraud allows an unauthorized entity to steal funds or goods from a business, those costs may have to be absorbed or passed onto customers and clients, ultimately hurting the bottom line.
- Chargeback Fees: Customers disputing a credit card charge may result in the business having to cover a chargeback fee. If a business has a higher chargeback ratio, the payment processing provider may charge an additional fee.
- Reputation Damage: Occurrences of fraud can hurt customer retention, decrease customer lifetime value, and tarnish a business’s reputation as customers believe the company is insecure or untrustworthy.
- Legal and Regulatory Consequences: While no fraud protection can be 100 percent safe, businesses do have an obligation to take adequate steps toward fraud prevention or face potential legal and regulatory consequences. Payment fraud puts businesses at risk of industry regulations and standards noncompliance, which may result in fines, legal action, and reputational damage.
- Operational Disruption: Investigating and resolving fraudulent transactions takes a lot of time and resources to update security measures and implement new policies and procedures to prevent future incidents. Diverting these individuals and departments from other critical functions to focus on security updates will often disrupt productivity and efficiency.
Protecting Your Business from Fraudulent Payment Requests
Protecting your business against payment fraud requires a strategic, multifaceted approach with strong security measures. Strategies that can prove successful in helping protect against fraudulent payment requests include:
- Ensure Secure Payment: AP departments working with digital payment systems should ensure these are encrypted for built-in fraud protection. Encryption makes it difficult for unauthorized parties to access sensitive data.
- Implement Strong Authentication Measures: Two-factor or multifactor authentication (MFA) or biometric authentication ensures only authorized users have access to sensitive information.
- Regularly Monitor Accounts: All accounts should be regularly monitored for suspicious activity, such as unusual transactions or payment pattern changes.
- Educate Employees and Customers: Employees should be trained to identify and report suspicious activity, and customers or vendors should be informed about how to spot possible fraudulent scams like phishing emails.
- Limit Access to Sensitive Information: In addition to strong authentication measures, sensitive information should only be accessible to those who need the information to perform their duties.
- Implementing AP Automation: Some AP automation solutions, such as the AP automation offered by DataServ, can perform many of these protective actions for you, such as regularly monitoring account activity and encrypting data, making it much easier to reduce the risk of payment fraud.
How AP Automation Prevents Fraudulent Payment Requests
Utilizing a proven AP automation solution offers businesses various benefits that help prevent fraud. The visibility AP automation provides into the payment process creates an easy-to-follow audit trail that allows you to see if an internal payment request was actually made. Additionally, automation enforces strict adherence to business rules and forces you to standardize your processes and do everything the same way, which is a huge step toward preventing fraud.
Of course, that’s not all automation can help you achieve. With AP automation, your business can:
- Allow your vendors to send invoices through your company in a set way (usually by dollar amount)
- Ensure that every invoice gets proper approval before it is paid
- Process your invoices faster, allowing you to run analytics on them
- Use data instead of physical receipts for validation
- Guarantee that your invoices and payment information are secure in a cloud-based environment that can be accessed anytime, anywhere
- Improve controls and solve common control issues, such as:
- Authorization overrides
- Gaining payment approval
- Monitoring purchase order splits
Make the Most of AP Automation by Following Best Practices
While automating your AP workflow will decrease the risk of fraud, there are still several best practices to be mindful of once an automation system is in place. Our advice is to:
- Use the AP automation system’s efficient matching functionality to validate accurate transactions
- Create an approval matrix
- Manage vendor master records
- Use preventative controls in place of detective controls
- Automate audit controls when possible
- Always follow your procedures, such as working your duplicate checking queue
To underscore the importance of fraud prevention, the Association of Certified Fraud Examiners (ACFE) recently released its 2024 Report to the Nations on Occupational Fraud and Abuse. It stated that the typical organization loses 5% of revenue annually due to fraud. ACFE also reports that a lack of internal controls is the main organizational weakness of occupational fraud victims.
For additional insights into how AP automation can help reduce the risk of fraud and for tips on how to identify potential fraudulent payment requests, click here to watch a video with Joe Zulich, Manager of Accounting Operations at White-Rodgers and fraud prevention and risk management expert.
A Familiar Tale of Fraud: The Mattel Phishing Attack
In 2015, the popular toy company, Mattel, fell victim to a phishing attack that nearly cost the company $3 million. This all-too-familiar tale of fraud reminds us how an automated accounts payable solution can prevent any size company from falling prey to these scams.
The Backstory
On April 30, 2015, a [Mattel] finance executive got a note from the newly installed [Mattel] CEO, Christopher Sinclair, requesting a new vendor payment to China. The finance executive didn’t see anything wrong with the request, but checked protocol anyway.
Transfers required approval from two high-ranking managers; [the finance executive] qualified and so did the CEO. The transfer was made. In total, $3 million was wired to the Bank of Wenzhou in China. [The finance executive] mentioned the payment later to Sinclair, who denied making the request.
The Resolution
Mattel contacted law enforcement and their U.S. bank, but were told that it was too late – the money was gone. The thieves had hit Mattel at just the right time. A new CEO had just started and the company was getting ready for massive growth in China, so payments to the nation wouldn’t be out of order.
But Mattel got lucky. May 1 was a banking holiday as it was Labor Day in China. The following Monday [May 4] they were able to get assistance from local law enforcement and banking officials to freeze the account that held the stolen funds. Two days later, the money was recovered.
The banking holiday falling the day after the fraudulent request was made was Mattel’s saving grace, but most companies don’t always get lucky breaks like that and the money they wire to overseas thieves typically cannot be recovered.
Prevent Fraudulent Payments with AP Automation from DataServ
There’s no question that the right AP automation solution can help mitigate the risk of fraud, saving your company money and maintaining positive relationships with vendors and customers. Contact DataServ today to learn more about how our AP automation solution can work for your business and prevent payment fraud.