5 Ways to outsmart invoice fraud

Every day, more than 400 businesses are targeted by business email compromise — with a range of tactics designed to exploit vulnerabilities within accounts payable systems and processes. According to Symantec 2017 Internet Security Threat Report, fake invoices are the No. 1 type of phishing scam for businesses, and spear-phishing emails (also called “whaling”), which involve using spoofed emails to impersonate executives or authorized purchasers, are on the rise.

Even if you have tight controls on cybersecurity, phony invoices could still be coming through your system. Whether you’re running a small business or a large firm, there’s always a risk for human error. That’s why con artists use tactics that are increasingly difficult to detect.

Detecting fake invoices

It’s a common scenario: Someone in your organization receives an urgent email regarding an overdue invoice. The message appears to be from an approved vendor, and the recipient is instructed to pay now to avoid disruption of service. The invoice is passed through for payment and doesn’t raise any red flags. The scam could go undetected for a number of months — especially if the invoices appear to be legitimate and the amounts are small — resulting in hundreds or thousands of dollars in fraudulent payments.

Here are five tips to educate employees and avoid falling victim to fake invoice fraud:

1. Develop a matching process. Anyone who handles invoicing and payments should be trained to use a process for verifying invoices. The invoice should match up with a purchase order and receipt of goods or services, if applicable.
2. Monitor invoices even of small amounts. Some companies require extra review of invoices that exceed a certain threshold. But con artists may submit invoices in smaller amounts to try to slip through. Employees should look closely at every invoice coming through, large and small, even if it isn’t large enough to require additional review.
3. Track invoice activity. If you have a tracking system in place, it’s easier to see trends that could signal fraud. For example, let’s say you typically pay a particular vendor once a month, and you see 10 invoices come through this month. A tracking system can help you double-check anything outside the norm.
4. Implement a vendor approval process. Fraudsters might use fake business names or issue invoices under a legitimate name with a fake address. Your vendors should go through a verification process to confirm they are legitimate before they start work or get paid for services.
5. Automate accounts payable systems. Accounts payable software can enhance security by streamlining the workflow for your team. Key documents needed to verify invoices and purchase orders are captured within a secure system rather than sorting through piles of paperwork. Automating these tasks can reduce fraud by adding extra system checks and increasing visibility of the workflow.

Fraud protection starts here

With a combination of internal best practices and using Positive Pay and other fraud detection and control systems, you may be able to prevent or limit financial losses from fraud. We offer ACH Positive Pay with blocks and filters so you can designate which businesses are legitimate trading partners and monitor your accounts for ACH fraud. Contact your business banker at California Bank & Trust to learn more about how we can help you fight fraud[cite::171::cite] [cite::172::cite].