Use the digital transformation you invested in during the pandemic to prevent invoice fraud, as we shift back into our physical offices.
In February 2020, right before the pandemic, Shark Tank investor Barbara Corcoran lost almost $400,000 after a criminal used a spoofed email address to send a fraudulent invoice to her bookkeeper. This type of invoice fraud has become more commonplace during the lockdown.
Unfortunately, employees working from home are more likely to miss red flags and process fraudulent invoices.
Vaccination efforts and other measures are making returning to the office safe, but don’t assume that fraudsters will stop targeting your accounts payable (AP) department. Indeed, high levels of fraud will continue to exist, and it’s time to rethink your AP process to improve fraud prevention.
Many organizations invested in digital transformation in 2020 to accommodate for remote work. Don’t let this momentum stop. Rather, use it to keep transforming your processes. Here are nine best practices you can implement as a line of defense against invoice fraud.
1. AP automation tools
Manual entry is a source of human error and makes you vulnerable to insider threats. Legitimate errors can compromise your organization, and you shouldn’t underestimate the danger of malicious insiders. In fact, a 2020 study found that 61% of organizations have been victims of this type of fraud just in the last year.
Replace manual data entry with digital invoices that are more difficult to tamper with. You can use automation tools to save time and eliminate data entry. This system will help you adopt a standard digital format for your invoices that make invoice fraud and mistakes less likely to blend in.
2. Three-way matching
Vendor fraud schemes often rely on invoices that don’t match what you ordered. Automating three-way matching between purchase orders, supplier invoices and delivery receipts will help you identify discrepancies.
3. Evaluated Receipts Settlements
Evaluated Receipts Settlements (ERS) is one of the best practices you can implement for a safer invoice process. It makes sense when dealing with high-volume vendors.
With ERS, your system matches the delivery receipts to your purchase order. Then you issue a payment based on this information. As a result, you have a streamlined AP process and have eliminated the risks that invoices introduce.
4. Rules and hierarchy
A well-defined approval hierarchy can protect you from insider threats and make vendor fraud easier to spot. Going back to the office is an opportunity to review your internal processes and update your rules and best practices. Having the right controls in place adds a layer of difficulty for fraudsters who are trying to bypass rules.
Here are some areas where improvement might be needed:
- Implement additional levels of approval. Using at least two levels reduces the risks of invoice fraud.
- Turn your approval process into a well-documented workflow with a clear structure.
- Look into how employees make purchases and update the way you manage and approve purchase orders if needed.
- Save time by automating approval channels with AP software.
5. A new process for a new environment
COVID-19 has been a disruptor, and if you’re like most organizations, the past year might feel like you’ve been playing catch up. However, this environment has created a real opportunity for growth and transformation.
Remote work means employees have to rely on emails more. So, review your communication policies and establish best practices for implementing approvals and controls in a digital environment.
Also, look into adopting new tech solutions. Fraud prevention software that leverages AI can give you an advantage as the threat of invoice fraud continues to increase.
6. BEC software
Even if you automate your AP process, some vendors will still send invoices via email. Don’t exclude these invoices from your fraud prevention program.
Criminals often target emails. Between malware, spearphishing and spoofed invoices, business email compromise (BEC) cost a total of $1.7 billion in 2019.
BEC software adds a layer of protection by providing recipients with features like risk scores and alerts. It’s one of the best ways to detect invoice fraud and phishing attempts.
7. Payment exceptions
Exception issues often require manual resolution, which is time-consuming and can result in errors. Include payment exceptions when updating your rules and controls.
You can reduce your chances of ending up with payment exceptions by making larger payment batches and fewer payment runs.
8. Segregation of duties
Employees might be eager to collaborate more after returning to the office. Your team might also have a backlog of approvals to process.
However, this shouldn’t impede the segregation of duties. The person approving purchases cannot be the same employee who is in charge of approving payments. Failing to segregate these important duties leaves you vulnerable to fraud.
9. Training on invoice fraud
Fraud-related training makes employees less likely to fall victim to common fraud schemes. Here’s how you can deliver a training program that makes a difference:
- Focus on helping employees recognize common red flags of phishing emails since 94% of malware is delivered via email.
- Seek new training resources to reflect the latest trends in criminal schemes.
- Look into using new methods of delivery if some of your employees are still working remotely.
- Use short training refreshers and quizzes or other activities to measure knowledge retention.
Protect Yourself with Fraud.net
You can take action against invoice fraud by updating current processes and implementing these nine best practices.
Fraud.net can protect you from BEC schemes with Email Shield. It is a free tool that protects your AP team from fraudulent emails thanks to the following features:
- Real-time monitoring. Email Shield continuously monitors emails and issues real-time risk scores and alerts to flag emails from unverified contacts, phishing emails and other threats.
- AI and machine learning. Our BEC software uses these technologies to learn and adapt. You can set customized rules and benefit from an adaptive system that can’t be reverse-engineered.
- Consortium data. We use data from our network to flag malicious agents. If a criminal targeted another organization in our network, Email Shield will flag this sender, even if they haven’t targeted your organization before.
Start building a safer AP process today with Email Shield. Install this tool for free, or contact us for a free demo or fraud analysis to learn more about our other solutions.