Finance
Accounts Payable fraud: Do you know who’s accessing your finances?
Global Banking & Finance Review®
Company
By Mark Blakemore, CFO at Compleat Software
The use of social engineering and phishing attacks on accounts payable (AP) departments are rising according to a report by the European Payments Council, and they remain one of the most instrumental ways to infiltrate a company’s finances.
Fraud techniques have greatly evolved over the past couple of years. Scam phone calls, text messages, emails, and even fake websites and social media posts are tricking employees to hand over personal information that can be used to authorise payments.
Hidden behind anonymity, the pandemic offered the perfect way to trick employees. Impersonation scams have skyrocketed, with criminals posing as banks, government bodies, and even health officials to trick people out of their money.
Fraudsters have now shifted their focus from complicated, large-scale computer systems to company executives and employees. As a result, authorised push payments (APP) fraud – tricking people into sending money by posing as a genuine payee – increased 71 percent during H1 2021, with more than £750 million stolen through fraud.
Businesses need to get a better handle on their accounts payable processes, or risk losing millions to fraudsters.
Where does the fraud challenge stem from?
All accounts payable departments will receive a suspicious invoice every now and then, but as fraudsters become more sophisticated in style and technique, the need for tighter cybersecurity procedures in accounting departments remains.
And although fraudsters have long made the finance and accounts payable department their prime target, a couple of recent updates (or lack of) have combined to increase the risk of fraud to new levels.
The first is a reluctance to digitise old-fashioned processes, and the reliance on manual processes significantly increases the risk of human error creeping in. Staff working in different locations from each other hasn’t helped either, as team leaders are unable to physically keep an eye on staff in case they get tricked by someone posing as a fake vendor or overpayments.
Linked to this, and very much a long-standing issue for finance teams, is a distinct lack of visibility into the accounts payable process. Many finance leaders don’t have access to real-time data and insight into what their team is working on, leaving them stranded whenever fraud does take place.
There are also plenty of businesses nationwide that are sending and receiving paper invoices, again opening themselves up to risk. According to one study, 31% of UK businesses are still faxing paperwork, while 39% are posting invoices and 9% continue to accept paper cheques.
These problems are rooted in manual, paper-based processes. The more we rely on them, the greater the risk of inaccuracies, human error, and fraud.
How can businesses fight back?
If humans are one of the root causes of the issue, it makes sense to try and take the load off. We’re not machines able to log, scan, and analyse masses of data, but perhaps machines could help tighten up processes and defences.
The majority (61%) of CFOs agree that digitalising AP processes would help increase visibility in the finance department. The same report goes on to add that companies that utilise automation in their accounts payable department feel confident in their ability to prevent fraud.
If humans were one of the root causes of fraud, automation is the safety net businesses need to keep them secure. Technologies powered by artificial intelligence (AI) and machine learning (ML) are providing organisations with tools that can automatically detect fraudulent activity as well as decreasing the likelihood of it ever happening in the first place.
For example, when receiving an invoice from what looks like a genuine supplier, systems can instantly analyse information such as bank details, address, and amount requested against previous financial documents. If one tiny detail doesn’t match up, payment is refused until it’s resolved.
Then there’s the issue of access. As fraud can also take place from internal staff, businesses are using platforms to move away from simply stashing finance documents in a filing cabinet or digital folder to only granting access to records to those who need it.
But employees can also be a company’s greatest line of defence, especially as the vast majority (61%) of fraudsters are caught by employee tips. Arming accounts payable staff with technology that can provide detailed insight into the AP process and sniff out suspicious activity before it becomes a problem is a must.
Fighting fire with fire
Humans can’t be perfect all of the time, but highlighting and preventing fraud isn’t a 9 to 5 kind of job. Automation in the accounts payable department can be a powerful weapon in giving businesses the confidence that they will be protected even if they become a target.
Having employees working in several different locations and with manual processes means businesses cannot hope to defend themselves against a new, constant wave of fraudulent activity – both inside and outside of the organisation.
It only takes one convincing email or misplaced document for fraud to take place, and businesses need to make sure they free themselves from risk with technology that can act as their best defender.
Accounts payable refers to the money a company owes its suppliers for goods and services received but not yet paid for. It is a liability on the company's balance sheet.
Fraud is a wrongful or criminal deception intended to result in financial or personal gain. It can occur in various forms, including identity theft and financial scams.
Phishing attacks are fraudulent attempts to obtain sensitive information, such as usernames and passwords, by disguising as a trustworthy entity in electronic communications.
APP scams occur when fraudsters trick individuals into authorizing payments to them, often by impersonating legitimate businesses or individuals.
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. It involves measures to safeguard sensitive information from unauthorized access.
Explore more articles in the Finance category
