Is your organization protected from AP fraud?

Between 2013 to 2015, tech-giants Google and Facebook wired more than $100M to a single individual who submitted fraudulent invoices. The incident became a perfect case in point defining the risks that companies, regardless of their size, scope and industry, are exposed to when it comes to security and fraudulent accounting practices.

With invoice processing being the closest touch-point to cash-flow within a company, it is no surprise that small and mid-sized organizations using manual accounts payable processes are at greater risk of becoming victims of occupational fraud and abuse.

Globally, occupational fraud and abuse cases reported a $7.1B US loss in 2018, as per the Association of Certified Fraud Examiners study of 2,690 cases. The same year, 82% of financial professionals in North America reported their organization experiencing attempted or successful payment frauds from occupational fraud and abuse; a 20% increase from 2014. Although staggering, these reported and known losses represent only a tiny fraction of the frauds committed against organizations worldwide.

The global rise in occupational fraud and abuse is related to the evolution of digital technology.

While digital technologies are transforming businesses and economies, creating a hotbed of innovation and growth, they are also making criminal activities more attainable than ever. With almost 80% of organizations introducing digital innovations, World Economic Forum considers cyberattacks and data fraud or theft to be two of the top five risks that CEOs are most likely to face.

What are the common types of AP fraud?

Fraud typically occurs within the accounts payable functions both internally and externally. It can have a detrimental impact on an organization’s finances, operations, and reputation — and it doesn’t discriminate against company size or type.

The most common types of internal AP fraud include:

• False billing where employees might be creating false invoices or disguised line items.
• Fraudulent payments by employees via checks or Automated Clearing House (ACH) payments.
• Conflict of interest situations where an employee may overpay a vendor.
• Tampering with financial reporting, where an employee changes data after completed payments.

The most common types of external AP fraud include:

• Duplicate payments to vendors paid more than once for the same invoice in different formats.
• Unapproved vendors, leading to false payments

Mid-market organizations that are still processing high invoice volumes manually for a multitute of vendors are at greater risk of fraud as they may not have as many controls in place. However, there are steps they can put in place to greatly improve their AP risk management.

Solutions to prevent AP fraud for all-sized organizations:

• Verify vendors to only add vendors to the system that are approved and verified.
• Move AP to a digital environment to remove inefficiencies and security concerns.
• Automate approval process to track every movement of an invoice.
• Constantly review transactions, randomly audit, and create electronic audit trails.

A well-trained workforce using these practices mentioned, is a company’s first line of defense against fraud in AP operations, internally and externally. For example, vendors should always be verified to ensure they are not pretenders before being added to the system. One method for fake vendors to commit fraud is Business Email Compromise (BEC), involving spoofing and phishing attacks of high-level employee emails for payment approvals. Here are some stats on recent cyber fraud activities:

• 80% of companies reported BEC fraud in 2018, up from 77% in 2017.
• Between December 2016 and May 2018, there was a 136% increase in identified global exposed losses.
• BEC scams have been reported in 50 US states and 150 countries.
• Victim complaints filed with the Internet Crime Complaint Center (IC3) and financial sources indicate fraudulent transfers have been sent to 115 countries.

AP Automation helps reduce fraud risk

More than one-third of payments fraud are internal, involving employees. Yet many organizations still use manual accounts payable (AP) processing, which leaves room for error and fraud. It enables employees to authorize payments that could go undetected.

With AP automation, only authorized employees have access to electronically stored data. It gives companies greater oversight and control by setting up an internal system of checks and balances. AP automation can help protect organizations from the digital sophistication of criminals, both externally and internally.

AP automation is no longer reserved for large enterprises; small to mid-market organizations can also access these solutions. Investing in a fully automated AP solution will allow employees to instantly find, report on, and access AP data, and respond to any anomalies efficiently.