In 2021, 71% of financial professionals reported that their company was the victim of an attack or attempt of payment fraud. Despite the large percentage, this is the lowest level of fraud reported since 2014. With a target on the back of most large organizations, it’s more important than ever for firms to understand and mitigate accounts payable vulnerabilities in order to protect against payment scams.
The following guide provides valuable insights into invoice scams, a common accounts payable fraud method. Keep reading to protect your organization against invoice fraud by learning about: the different types of invoice fraud, how to identify fake invoices, and security best practices with AP automation.
What is an Invoice Scam?
“Scam,” and “fraud” are two words that put every AP department on edge. It’s one thing to ensure the books are balanced and payments are made on time – but it’s another to deal with the aftermath of processing a fraudulent invoice. Unfortunately, these scams have become commonplace for many AP departments.
An invoice scam typically comes in the form of an invoice, sent from a fraudulent party posing as a trusted supplier requesting payment. These documents can appear legitimate upon first glance, with most of the company details matching that of an established vendor. There is just one exception; typically the fraudster changes either the payment address or the bank account information.
These invoices often request immediate payment. This urgency is by design, to get the AP department to quickly render payment before there is any time to suspect that anything is awry.
Types of Invoice Fraud
Fraudsters had successfully targeted 58% of organizations’ accounts payable departments via email scams. Larger organizations are at an even higher risk for these kinds of fraudulent activity, as bigger teams allow for larger communication gaps between AP staff and departments making purchases.
The exact ways in which invoice fraud occurs can vary, but it typically falls into one of the following three categories:
Sending a fake/look-alike invoice:
This is the primary method of invoice fraud, described in the previous section. This approach occurs when a fraudster sends an invoice posing as an established vendor, but changes the payment address and/or bank account information to steal the payment.
Joining and hijacking an email thread:
Fraud can occur when scammers gain access to a vendor employee’s email account, typically via a phishing email. Then they monitor email traffic and wait for the right opportunity to strike, inserting themselves into an email thread where they can update payment methods with buyers to direct payment to their own bank account.
Sending a fake email:
Business Email Compromise (BEC) in accounts payable occurs when a fraudster sends an email posing as a trusted third-party, typically a vendor or someone within your company. The email may contain a time-sensitive payment request, funds transfer, or bank information.
How to Spot Fake Invoices: 4 Signs That an Invoice Isn’t Real
Spotting fake invoices can be tricky, especially if your company receives a large volume of invoices and runs on manual processes. These circumstances often make it impossible for teams to carefully check every invoice for these common red flags. That said, these are the top four signs to see whether or not an invoice is real:
- The contact information or payment address for the vendor is different from their previous invoices.
- The payment or bank account information for the vendor is different from their previous invoices or does not match existing records in your ERP system.
- There is a mismatch between the invoice image (or other invoice information) and your ERP data.
- The invoice is for services not yet rendered.
The best way to combat accounts payable fraud is to have proper checks in place that look for the following red flags. Many firms today utilize an AP automation platform to automate this process and free up their team to focus on other projects.
Whether or not your team uses manual processes or an AP automation platform, your AP workflow should cross reference vendor payment details for each invoice with your organization’s ERP records to minimize fraud. While most organizations today have some sort of way to validate vendor information, 17% of companies still lack the tools or resources in place to cross-examine payment information. Requiring approvals for high-value invoices prior to payment is another best practice amongst firms to prevent scams.
Any time an existing vendor’s contact and payment information changes, AP staff should follow up with the vendor directly to confirm accuracy and legitimacy (i.e. with a voice phone call for verification). Weak controls that allow individuals (either the vendor or someone within the AP department) to manually change vendor payment details without additional checks are prime opportunities for scammers.
How AP Automation Reduces Invoice Fraud
The best way to reduce invoice fraud is to adopt an AP automation and payment solution that enables dual payment controls and guarantees fraud protection. As part of the automated invoice processing, invoices for certain items or above certain amounts can automatically route to authorized individuals for approval before processing.
Automation and payment solutions can also automatically check the information on each invoice against all records in the ERP system, alerting the AP team of any mismatches in the payment address, banking information, or even the invoice image. This completely eliminates the need to manually check this information for each incoming invoice. Instead, AP team members only need to step in after they receive an alert. On that note, businesses should ensure all information in their ERP system is accurate and up to date.
The supplier payment process is another common pain point that AP automation can alleviate. According to the State of AP Report, enrolling and managing suppliers is the number one pain point for buyers throughout the supplier payment process. An AP automation and payment solution includes additional controls for checking the accuracy of vendor information both during initial set-up and anytime there is a change. These added payment controls, automated invoice checking, and vendor information accuracy scans significantly reduce the probability of invoice fraud and its potential business impact.
Protect Your Business from Fraudulent Invoices with MineralTree
The most recent State of AP Report indicates that 34% of buyers view fraud protection as the number one driver for their supplier payment method, and 49% of buyers who make electronic payments expect increased security and fraud protection to accompany the service. MineralTree’s AP automation solutions come with the ability to mitigate both external and internal fraud risks through advanced security features, such as two-factor authentication, segregation of duties, dual approvals, audit trails, and integration with bank Positive Pay.
Whenever a vendor’s payment info is changed, MineralTree automatically generates an email notification to all accounting managers. The platform also offers a vendor audit report that shows any changes made to the vendor page, along with who made the changes, a timestamp, the old values, and the new values. If you’d like to see how MineralTree and AP automation can help protect your business from fraudulent invoices, request a free demo today.
Frequently Asked Questions:
How common is invoice fraud?
Invoice fraud is a prevalent problem for companies. Nearly 7 out of 10 of companies (68%) are affected by BEC (business email compromise) each year.
Which payment method is most likely to be targeted via fraudulent activity?
Checks are the most common payment type to be targeted by scammers. Two out of three companies have experienced check fraud. However, since companies are switching payment methods, fraudsters are beginning to target these as well. With AP automation, there are tools in place to protect your company against fraudulent activity.
What should be checked on an invoice?
AP teams should cross reference the mailing address, vendor information and payment details for each invoice with their ERP to protect against invoice fraud. They should also note any discrepancies to follow up with the relevant vendors.
What should my company do if we receive a fake invoice?
Companies residing in the US can report fake invoices to the Federal Trade Commission here.