According to the 2023 AFP Payments Fraud and Control Survey, 65% of financial professionals reported that their company was the victim of an attack or attempt of payment fraud. Despite the large percentage, this is the lowest level of fraud reported since 2014. With a target on the back of most large organizations, it’s more important than ever for firms to understand and mitigate accounts payable vulnerabilities in order to protect against payment scams.
This blog provides insights into invoice scams, a common accounts payable fraud method. Keep reading to protect your organization against invoice fraud by learning about: the different types of invoice fraud, how to identify fake invoices, and security best practices with AP automation.
Key takeaways
- Security and fraud prevention is a priority for companies as many say scams are rising or holding steady year-over-year.
- AP automation can help combat mounting invoice scams with added payment controls and automated invoice checking.
- MineralTree’s automated AP solutions can help mitigate security and fraud concerns through advanced security features.
What is an invoice scam?
“Scam” and “fraud” are two words that put every AP department on edge. It’s one thing to ensure the books are balanced and payments are made on time – but it’s another to deal with the aftermath of processing a fraudulent invoice. Unfortunately, these scams have become commonplace for many AP departments.
An invoice scam typically involves an invoice sent from a fraudulent party posing as a trusted supplier requesting payment. These documents can appear legitimate at first glance, with most of the company details matching those of an established vendor. There is just one exception: typically, the fraudster changes either the payment address or the bank account information.
These invoices often request immediate payment. This urgency is designed to get the AP department to quickly render payment before there is any time to suspect anything is awry.
Types of invoice fraud
Research shows that nearly 80% of organizations experienced attempted or successful payment fraud last year. Larger organizations are at an even higher risk for these kinds of fraudulent activity, as bigger teams allow for larger communication gaps between AP staff and departments making purchases.
The exact ways in which invoice fraud occurs can vary, but it typically falls into one of the following categories:
Fake or altered invoice
This is the primary method of invoice fraud, described in the previous section. This approach occurs when a fraudster sends an invoice posing as an established vendor but changes the payment address and/or bank account information to steal the payment.
Email interception and hijacking
Fraud can occur when scammers gain access to a vendor employee’s email account, typically via a phishing email. Then they monitor email traffic and wait for the right opportunity to strike, inserting themselves into an email thread where they can update payment methods with buyers to direct payment to their own bank account. According to the 9th Annual State of AP Report, 96% of buyers cited phishing as one of the most common types of fraud related to AP in their organization.
Business email compromise (BEC)
Business Email Compromise in accounts payable occurs when a fraudster sends an email posing as a trusted third party, typically a vendor or someone within your company. The email may contain a time-sensitive payment request, funds transfer, or bank information. According to the State of AP report, 42% of companies reported an increase in BEC scams in the last 12 months
Overpayment scams
In some cases, fraudulent actors will send a fake invoice with a higher payment amount, and then request reimbursements for the overpaid amount. Once the refund is provided, the scammer will accept the original full amount, leaving the company to pay the difference out of pocket.
Account takeover
In instances of account takeovers, clients’ emails are compromised. The bad actor then contacts vendors with new payment details in the hopes of accessing unpaid invoices.
Employee fraud
Since employees have intimate knowledge of a company, they can use this information to help facilitate an invoice scam.
How to spot fake invoices: Warning signs of an invoice scam
Spotting fake invoices can be tricky, especially if your company receives a large volume of invoices and runs on manual processes. These circumstances often make it impossible for teams to carefully check every invoice for these common red flags. That said, these are the top four signs to see whether or not an invoice is real:
Contact information
The contact information or payment address for the vendor is different from their previous invoices.
Different payment information
The payment or bank account information for the vendor is different from their previous invoices or does not match existing records in your ERP system. Alternatively, you could receive duplicate invoices with the same or slightly altered information.
ERP data mismatch
There is a mismatch between the invoice image (or other invoice information) and your ERP data.
Urgency for processing
The invoice is sent with a sense of urgency, requiring rushed payment without valid reasoning. Bad actors often leverage urgency to bypass normal accounting processes. This is especially common with CEO fraud.
Services not yet rendered or mismatch in services delivered
The invoice is for services not yet rendered, or the invoice includes mismatched or incorrect information that doesn’t align with the goods or services listed.
Unusual dollar amounts
The invoice includes unusual dollar amounts such as rounded numbers or higher amounts than normal or expected.
Combatting fake invoices
The best way to combat accounts payable fraud is to have proper controls in place that look for red flags. Many companies today utilize an AP automation platform to automate this process and free up their team to focus on other projects.
Whether or not your team uses manual processes or an AP automation platform, your AP workflow should cross-reference vendor payment details for each invoice with your organization’s ERP records to minimize fraud. While most organizations today have some sort of way to validate vendor information, 17% of companies still lack the tools or resources in place to cross-examine payment information. Requiring approvals for high-value invoices prior to payment is another best practice amongst firms to prevent scams.
Any time an existing vendor’s contact and payment information changes, AP staff should follow up with the vendor directly to confirm accuracy and legitimacy (i.e. with a voice phone call for verification). Weak controls that allow individuals (either the vendor or someone within the AP department) to manually change vendor payment details without additional checks are prime opportunities for scammers.
What to do if invoice fraud is detected
Swift action is key to combatting invoice fraud scams. Here’s an overview of the steps youra company should follow once a fraudulent invoice has been detected:
- Stop pending payments related to the invoice
- Investigate the accuracy and validity of the invoice
- Notify applicable banks and payment processors, who can help freeze related accounts or transactions
- Inform relevant team members across departments, including finance, legal, IT, and in some cases, the impacted vendor
- Thoroughly document processes to gather evidence for legal investigations, and to help outline best practices for preventing fraud in the future
- Report the fraud to applicable regulatory bodies such as the FTC, DOJ, etc.
- Reach out to insurers to discuss potential fraud coverage to help mitigate loss
How to reduce invoice fraud with AP automation
The best way to reduce invoice fraud is to adopt an AP automation and payment solution that enables dual payment controls and guarantees fraud protection. As part of automated invoice processing, invoices for certain items or above certain amounts can automatically route to authorized individuals for approval before processing.
Automation and payment solutions can also automatically check the information on each invoice against all records in the ERP system, alerting the AP team of any mismatches in the payment address, banking information, or even the invoice image. This completely eliminates the need to manually check this information for each incoming invoice. Instead, AP team members only need to step in after they receive an alert. Businesses should ensure all information in their ERP system is accurate and up to date.
The supplier payment process is another common pain point that AP automation and digitization can alleviate. According to the State of AP Report, 39% of businesses plan to convert more payments to digital, with 39% of respondents citing increased security and fraud protection as a driving factor. An AP automation and payment solution includes additional controls for checking the accuracy of vendor information both during initial set-up and anytime there is a change. These added payment controls, automated invoice checking, and vendor information accuracy scans significantly reduce the probability of invoice fraud and its potential business impact.
Protect your business from fraudulent invoices with MineralTree
The State of AP Report indicates that 36% of buyers’ current payment methods are driven by security and fraud protection. MineralTree’s AP automation solutions come with the ability to mitigate both external and internal fraud risks through advanced security features, such as two-factor authentication, segregation of duties, dual approvals, audit trails, and integration with bank Positive Pay.
Whenever a vendor’s payment info is changed, MineralTree automatically generates an email notification to all accounting managers. The platform also offers a vendor audit report that shows any changes made to the vendor page, along with who made the changes, a timestamp, the old values, and the new values. If you’d like to see how MineralTree and AP automation can help protect your business from fraudulent invoices, request a free demo today.
Invoice fraud FAQs
Tl;dr? If you’re short on time the frequently asked questions below provide a quick snapshot of what AP teams need to know about fake invoices.
How common is invoice fraud?
Invoice fraud is a prevalent problem for companies. Nearly 7 out of 10 of companies (68%) are affected by BEC each year.
Which payment method is most likely to be targeted via fraudulent activity?
Checks are the most common payment type to be targeted by scammers. Two out of three companies have experienced check fraud. However, as the payment landscape continues to evolve and more organizations embrace digital payment options, fraudsters are beginning to target these as well. With AP automation, there are tools in place to protect your company against fraudulent activity.
What should be checked on an invoice to avoid scams?
AP teams should cross-reference the mailing address, vendor information, and payment details for each invoice with their ERP to protect against invoice fraud. They should also note any discrepancies to follow up with the relevant vendors.
What should my company do if we receive a fake invoice?
Companies residing in the US can report fake invoices to the Federal Trade Commission here.
How do companies identify fake invoices?
The best way to identify fake invoices is to:
- Verify vendor information
- Review the invoice carefully
- Check for official branding and logos
- Look for typos and grammatical errors
- Check payment instructions
- Review payment history
- Use fraud detection software
- Stay vigilant
