Accounts payable fraud is becoming more rampant than in previous years. Cybercriminals are targeting organizations of all sizes with sophisticated cyberattacks. Not to mention, the Australian Competition & Consumer Commission (ACCC) reported in 2021, Australian businesses lost $277 million to payment redirect scams.
The damage of accounts payable fraud is too significant for CFOs to dismiss.
The consequence of having insufficient internal controls is difficult for anyone to recover. To combat AP fraud, we are exploring what accounts payable fraud is, types of AP fraud, detection, and prevention methods.
What is Accounts Payable Fraud? (AP Fraud)
Accounts payable fraud can strike any business. The attack can come from external perpetrators or an insider threat. The intent of the attack is to deceive the accounts payable department in an effort to process fraudulent payments.
From small to medium businesses to large enterprises, every payment must be processed through the AP department. It is essential to recognize the type of scams involved, so CFOs and accounts payable managers know what to look out for.
Types of Accounts Payable Fraud Schemes
Accounts payable fraud can come in several forms, below are the most common threats:
Billing Scheme
Billing schemes are designed to attack the payments system of a business. This can occur when an accounts payable staff member has issued a fraudulent payment while recording the payment as a legitimate business expense. This is also known as false invoicing.
This type of AP fraud can be hard to detect. Other forms of billing fraud can take place such as:
Overbilling: The practice of charging more than is legally or ethically acceptable
Overpayment: Receiving a larger amount of cash than the amount that was billed
False billing: Requesting to pay fraudulent invoices or funds without demonstrating an obligation to pay
Duplicate invoices: An additional invoice with slightly different attributes is submitted for the same goods or services
Fake vendor: A vendor, employee, or collusion of both, swindles a business by providing a fake vendor or account information to send direct payments to themselves
Inaccurate Vendor Master Data
Similar to how a business email compromise attack is formed, master data manipulation involves an external perpetrator. The perpetrator impersonates a third-party vendor and informs the organization that their bank details have changed.
Cybercriminals achieve this type of fraud through the use of social engineering. If the AP team does not verify the recipient, then they may be paying a fraudulent account.
Kickback Schemes
A kickback scheme is considered to be a form of bribery and anti-competitive conduct. In this case, an employee may conspire with a third-party vendor and deprive the organization of money. This is achieved when the employee inflates a supplier invoice to share profits.
The employee may then be considered an “insider threat.”
Business Email Compromise
Business email compromise (BEC) is a scam where cybercriminals use phishing emails to target organizations out of money or goods. Criminals may impersonate business representatives such as the CEO or CFO to commit fraudulent activities.
According to the Australian Cyber Security Centre (ACSC), there are three types of BEC scams such as:
Invoice fraud
Employee impersonation
Company impersonation
Identity Theft
Cybercriminals use identity theft to steal your organization’s and suppliers' information and use it to commit other fraudulent activities or sell it on the dark web to make profits. Once the information is stolen, they may attempt to deceive your accounts payable team into making the wrong payment.
Accounts Payable Fraud Detection
Executives should look to create and enforce policies to identify and report any form of accounts payable fraud. By assigning security roles in each department, and enabling segregation of duties, AP managers and CFOs can regularly monitor and analyze any red flags in transactions that may point to potential fraudulent activity.
Red Flags to Lookout For
AP staff who perform more than one red flag should be considered as “high alert” and must be monitored:
Invoices
Duplicate payments
Unusual pricing
Rounded invoice numbers or amounts
Abnormal invoice volume activity
Unusual payment terms
Invoices without a PO number
Matching employee and supplier addresses
Excess number of adjusting entries
Invoice numbers that contain consecutive numbers
Any incorrect information on the invoice that does not align in the vendor file
Vendor Master File
Incorrect BSB and account number
Inaccurate and outdated information
Duplicate and inactive vendors
Split purchase orders
Goods received after invoice date
Cheque
Missing cheque numbers, address, and phone numbers
Missing signatures
Forged signatures
No magnetic ink character recognition (MICR) number
Sudden changes in deposit behavior or volume
Cancelled cheques that are erased or altered
Fraudulent endorsements of cancelled cheques
Employee Behaviour
Same employee performing multiple tasks
Unwilling to share duties or take leave
Skipping approval steps
Consistently seeking loans or advances
Replacing current vendors with close-relationship vendors
Regularly working out-of-office hours
Gambling addictions
Excessive drinking or other unpleasant habits
Requesting funds before annual leave or when short-staffed
Bullying or harassment
Multiple phone calls made to the same vendor
Requesting unnecessary access to systems and sensitive information
Consistently disorganized or incomplete record keeping
Conflicts of interest with vendors
Complaints from suppliers about overdue payments
Third-Party Vendors
Above-average payments per vendor
Vendors providing missing data like vendor addresses or phone numbers
History of criminal or civil penalties for illegal or unethical conduct
History of improper payment practices
History of termination by other businesses for improper conduct
Request for payment to offshore bank accounts
Accounts Payable Fraud Prevention
If you are a CFO or finance director, then you must incorporate prevention methods to avoid your AP department making errors or fraudulent payments.
Once your team can identify the type of threats they are faced with, they can proactively manage accounts payable threats effectively and report back. Here are several techniques to get you started:
Strong Internal Controls
CFOs can start strengthening internal controls by automating manual controls and removing any duplicate processes. By having these controls in place, you can safeguard your organization’s assets to improve fraud detection and prevention.
You can start incorporating the following to reduce the risk of AP fraud:
Anti-Fraud Culture
Developing a strong anti-fraud culture will effectively help your organization prevent, detect, and respond to fraud. A positive culture will encourage accounts payable staff to work ethically as well as combat fraudulent activities.
According to the Commonwealth Fraud Prevention Centre, the five main levels of implementing an anti-fraud culture are the following:
Making staff aware of AP fraud through promotional activities
Establishing an internal fraud risk matrix
Conducting fraud training and other exercises
Reviewing processes and key performances of AP staff
Reviewing and refining processes to minimize gaps
Technology Tools
By implementing strong internal controls, anti-fraud culture, and technology to continuously monitor fraud risk indicators, you are significantly minimizing the risk of accounts payable fraud.
Utilizing technology software has proven to be an effective solution to proactively detect fraud, allowing you to investigate fraudulent payments.
Visit our quick guide for more information about how to prevent accounts payable fraud, to start incorporating prevention methods in your accounts payable team.
Protect Your Organization Against Accounts Payable Fraud
Your accounts payable team is faced with all types of fraud internally and externally each year. Whether they are faced with sophisticated phishing emails or are conspiring with third-party vendors, cybercrime syndicates will stop at nothing.
PwC’s Global Economic Crime and Fraud Survey 2022 shows that 46% of surveyed organizations reported experiencing some form of fraud or other economic crime within the previous 24 months. Without establishing strong internal controls and promoting anti-fraud culture in the workplace, you may fall victim to accounts payable fraud.
With Eftsure, not only are you able to identify errors, payment fraud, and scam attempts but you can also verify new onboarded suppliers and track any payment information if changed.
With our unique green and red thumb indicators, your accounts payable team can identify, in real-time, each outgoing payment and ensure it is being sent to the intended legitimate third party. This gives your AP team assurance that they are not being defrauded when processing EFT payments.
Contact Eftsure today, for a full demonstration of how we can protect your organization against accounts payable fraud.
BEC Incident Response Guide for Finance Teams
Learn how to respond to a Business Email Compromise attack by following the necessary steps.
Download the Business Email Compromise (BEC) Incident Response Guide today to strengthen the odds of recovering your funds following a BEC attack.
The Importance of An Accurate Vendor Master File
The Vendor Master File (VMF) can be identified as the bible of any accounts payable (AP) department. With so much incorrect data residing in several VMFs, how can your AP team act with confidence?
In this vendor master file guide, we dive into your first line of defense against fraud and error.
