Cyber crime

Accounts Payable Fraud: Are You at Risk?

photo of niek dekker
Niek Dekker
6 Min
computer-employee-risk

Accounts payable fraud is becoming more rampant than in previous years. Cybercriminals are targeting organisations of all sizes with sophisticated cyber attacks. Not to mention, the Australian Competition & Consumer Commission (ACCC) reported in 2021, Australian businesses lost $277 million to payment redirect scams.

The damage of accounts payable fraud is too significant for CFOs to dismiss.

The consequence of having insufficient internal controls is difficult for anyone to recover. To combat AP fraud, we are exploring what accounts payable fraud is, types of AP fraud, detection, and prevention methods.

What is Accounts Payable Fraud? (AP Fraud)

Accounts payable fraud can strike any business. The attack can come from external perpetrators or an insider threat. The intent of the attack, is to deceive the accounts payable department in an effort to process fraudulent payments.

From small to medium businesses to large enterprises, every payment must be processed through the AP department. It is essential to recognize the type of scams involved, so CFOs and accounts payable managers know what to look out for.

billing-information

Types of Accounts Payable Fraud Schemes

Accounts payable fraud can come in several forms, below are the most common threats:

Billing Scheme

Billing schemes are designed to attack the payments system of a business. This can occur when an accounts payable staff member has issued a fraudulent payment while recording the payment as a legitimate business expense. This is also known as false invoicing.

This type of AP fraud can be hard to detect. Other forms of billing fraud can take place such as:

  • Overbilling: The practice of changing more than is legally or ethically acceptable
  • Overpayment: Receiving a larger amount of cash than the amount that was billed
  • False billing: Requesting to pay fraudulent invoices or funds without demonstrating an obligation to pay
  • Duplicate invoices: An additional invoice with slightly different attributes is submitted for the same goods or services
  • Fake vendor: A vendor, employee, or collusion of both, swindles a business by providing a fake vendor or account information to send direct payments to themselves

Inaccurate Vendor Master Data

Similarly, to how a business email compromise attack is formed, master data manipulation involves an external perpetrator. The perpetrator impersonates a third-party vendor and informs the organisation that their bank details have changed.

Cybercriminals achieve this type of fraud through the use of social engineering. If the AP team does not verify the recipient, then they may be paying a fraudulent account.

Kickback Schemes

A kickback scheme is considered to be a form of bribery and anti-competitive conduct. In this case, an employee may conspire with a third-party vendor and deprive the organisation of money. This is achieved when the employee inflates a supplier invoice to share profits.

The employee may then be considered an “insider threat.”

Business Email Compromise

Business email compromise (BEC) is a scam where cybercriminals use phishing emails to target organisations out of money or goods. Criminals may impersonate business representatives such as the CEO or CFO to commit fraudulent activities.

According to the Australian Cyber Security Centre (ACSC), there are three types of BEC scams such as:

  • Invoice fraud
  • Employee impersonation
  • Company impersonation

Identity Theft

Cybercriminals use identity theft to steal your organisation’s and suppliers’ information and use it to commit other fraudulent activities or sell it on the dark web to make profits. Once the information is stolen, they may attempt to deceive your accounts payable team into making the wrong payment.

credit-card-information

Accounts Payable Fraud Detection

Executives should look to create and enforce policies to identify and report any form of accounts payable fraud. By assigning security roles in each department, and enabling segregation of duties, AP managers and CFOs can regularly monitor and analyse any red flags in transactions that may point to potential fraudulent activity.

Red Flags to Lookout For

AP staff who perform more than one red flag should be considered as “high alert” and must be monitored:

Invoices

  • Duplicate payments
  • Unusual pricing
  • Rounded invoice numbers or amounts
  • Abnormal invoice volume activity
  • Unusual payment terms
  • Invoices without a PO number
  • Matching employee and supplier addresses
  • Excess number of adjusting entries
  • Invoice numbers that contain consecutive numbers
  • Any incorrect information on the invoice that does not align in the vendor file

Vendor Master File

  • Incorrect BSB and account number
  • Inaccurate and outdated information
  • Duplicate and inactive vendors
  • Split purchase orders
  • Goods received after invoice date

Cheque

  • Missing cheque numbers, address, and phone numbers
  • Missing signatures
  • Forged signatures
  • No magnetic ink character recognition (MICR) number
  • Sudden changes in deposit behaviour or volume
  • Cancelled cheques that are erased or altered
  • Fraudulent endorsements of cancelled cheques

Employee Behaviour

  • Same employee performing multiple tasks
  • Unwilling to share duties or take leave
  • Skipping approval steps
  • Consistently seeking loans or advances
  • Replacing current vendors with close-relationship vendors
  • Regularly working out-of-office hours
  • Gambling addictions
  • Excessive drinking or other unpleasant habits
  • Requesting funds before annual leave or when short-staffed
  • Bullying or harassment
  • Multiple phone calls made to the same vendor
  • Requesting unnecessary access to systems and sensitive information
  • Consistently disorganised or incomplete record keeping
  • Conflicts of interest with vendors
  • Complaints from suppliers about overdue payments

Third-Party Vendors

  • Above-average payments per vendor
  • Vendors providing missing data like vendor addresses or phone numbers
  • History of criminal or civil penalties for illegal or unethical conduct
  • History of improper payment practices
  • History of termination by other businesses for improper conduct
  • Request for payment to offshore bank accounts
the-importance-of-a-correct-and-up-to-date-vendor-master-file
The Importance of An Accurate Vendor Master File
The Vendor Master File (VMF) can be identified as the bible of any accounts payable (AP) department. With so much incorrect data resigning in several VMFs, how can your AP team act with confidence?

In this vendor master file guide, we dive into your first line of defence against fraud and error.

Accounts Payable Fraud Prevention

If you are a CFO or finance director, then you must incorporate prevention methods to avoid your AP department making errors or fraudulent payments.

Once your team can identify the type of threats they are faced with, they can proactively manage accounts payable threats effectively and report back. Here are several techniques to get you started:

Strong Internal Controls

CFOs can start strengthening internal controls by automating manual controls and removing any duplicate processes. By having these controls in place, you can safeguard your organisation’s assets to improve fraud detection and prevention.

You can start incorporating the following to reduce the risk of AP fraud:

  • Segregation of duties
  • Reconciliation process
  • Board oversight
  • Transaction and activity reviews
  • Assigning authorisation and approval roles

Anti-Fraud Culture

Developing a strong anti-fraud culture will effectively help your organisation prevent, detecting and responding to fraud. A positive culture will encourage accounts payable staff to work ethically as well as combat fraudulent activities.

According to the Commonwealth Fraud Prevention Centre, the five main levels of implementing an anti-fraud culture are the following:

  1. Making staff aware of AP fraud through promotional activities
  2. Establishing an internal fraud risk matrix
  3. Conducting fraud training and other exercises
  4. Reviewing processes and key performances of AP staff
  5. Reviewing and refining processes to minimise gaps

Technology Tools

By implementing strong internal controls, anti-fraud culture, and technology to continuously monitor fraud risk indicators, you are significantly minimizing the risk of accounts payable fraud.

Utilizing technology software has proven to be an effective solution to proactively detect fraud, allowing you to investigate fraudulent payments.

Visit our quick guide for more information about how to prevent accounts payable fraud, to start incorporating prevention methods in your accounts payable team.

Protect Your Organisation Against Accounts Payable Fraud

Your accounts payable team is faced with all types of fraud internally and externally each year. Whether they are faced with sophisticated phishing emails or are conspiring with third-party vendors, cyber crime syndicates will stop at nothing.

PwC’s Global Economic Crime and Fraud Survey 2022 shows that 46% of surveyed organisations reported experiencing some form of fraud or other economic crime within the previous 24 months. Without establishing strong internal controls and promoting anti-fraud culture in the workplace, you may fall victim to accounts payable fraud.

With Eftsure, not only are you able to identify errors, payment fraud, and scam attempts but you can also verify new onboarded suppliers and track any payment information if changed.

With our unique green and red thumb indicators, your accounts payable team can identify, in real-time, each outgoing payment and ensure it is being sent to the intended legitimate third party. This gives your AP team assurance that they are not being defrauded when processing EFT payments.

Contact Eftsure today, for a full demonstration of how we can protect your organisation against accounts payable fraud.

business-email-compromise-incident-response-guide
BEC Incident Response Guide for Finance Teams
Learn how to respond to a Business Email Compromise attack by following the necessary steps.

Download the Business Email Compromise (BEC) Incident Response Guide today to strengthen the odds of recovering your funds following a BEC attack.

Related articles

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.