What the Midterm Elections Taught Us About Vendor Payments Fraud
Vendor payments fraud has reared its ugly head on the campaign trail, and this is bad news for everyone.
Vendor payments fraud continues to reach new heights as the AFP reports 78% of businesses are now experiencing it. However, this type of fraud is not limited to the corporate world. We learned this during former Tennessee Governor Phil Bredesen’s campaign for election into the United States Senate in 2018.
Bredesen, who was targeting the seat to be left open by Bob Corker, was in the midst of a comprehensive campaign when his cyber-security firm noticed an anomaly in what appeared to be a standard request for payment from one of his campaign’s media buyers. Upon close investigation, the cyber-security firm found the email address requesting a wire transfer, which appeared to be identical to the real media buyer’s, was registered through an Arizona-based registrar.
If not for this subtle indicator picked up by a hired professional cyber-security firm, it’s very possible the Bredesen’s campaign would have been robbed. By leveraging the real-time nature of wire payments, this fraud attempt could have ended with an instantaneous transfer from the first fraudulent account to another, making the payment impossible to recover.
What This Means for Businesses
“Thanks to alert action by campaign management, no funds were diverted,” stated a letter written by campaign lawyer Robert E. Cooper Jr. “However, due to the fact that the impostors knew the media buy was imminent, we are concerned that there has been an authorized intrusion into the extended campaign organization.”
This is where businesses need to pay attention. The Bredesen campaign’s concern here is valid. As evidenced by this intricately planned attempt, fraudsters are only getting more and more clever in their attempts to steal. And unlike political campaigns, which have the luxury of privacy while planning (in most cases), businesses that are publicly traded must often disclose large amounts of information that can be used against them in a countless number of fraud schemes.
Even privately-run businesses can be manipulated with any amount of information that becomes available. In fact, another common play out of the payments fraud playbook targets businesses with traveling CEOs. While the CEO is away, a fraudulent request for an immediate and time-sensitive wire transfer will reach the accounts payable team from an email address that appears to belong to the CEO. Without thinking twice, the AP team transfers the funds as soon as possible only to find out the request was never actually made.
What Businesses Can Do to Mitigate Risk
While there are a lot of different types of best practices that businesses can adopt to mitigate fraud risk, without an automated accounts payable solution it is very challenging to maintain them. Adopting an automated accounts payable process enables you to build best practices like these into your AP process and enforce them automatically:
Segregation of Duties: AP Automation solutions designate separate roles in the accounts payable process by creating separate login credentials and separate dashboards. Not only does this make it incredibly challenging to forge approvals, but prevents the aforementioned fraudulent CEO wire request .
Dual Factor Authentication: AP Automation solutions also require Dual Factor Authentication to decrease the feasibility of account takeovers. Every time someone logs in, they are required to not only enter their password, but also a verification code delivered via email or text message.
Auto PO Match: For those businesses leveraging POs, AP Automation can take the pain out of matching them to corresponding invoices by doing it automatically and flagging any that are mismatched.
Easier access to electronic payment methods: Electronic payments, in contrast to paper checks, offer layers of security by encrypting payment data in transit. Virtual card technology goes a step further by employing the use of tokenization and restricting each payment to a one-time-use credit card number for a fixed transactions amount.
← Back to Invoice-to-Blog