Stay Ahead of the Game: Proven Strategies to Prevent Accounts Payable Fraud

AP Fraud can be particularly destructive as it leads to several repercussions, including financial losses, damage to business reputation, fines, and litigation. Sadly most companies wait for fraud to happen before taking action. 

It’s time to change that. 

If you are looking for actionable and effective ways to:

• Strengthen anti-fraud controls to mitigate risks.
• Reduce losses from fraud.
• Modernize safeguards to minimize digital and cyber threats.

Here are seven actionable tips to help your company prevent fraud in the accounts payable function. 

But first, let’s talk about AP fraud.

How Does AP Fraud Work?

Accounts payable fraud involves making illegal or false payments and begins with an employee who can execute outgoing payments. 

It can be committed by scammers, hackers, suppliers, employees, executives, and even owners.

AP fraud could happen when the person in charge intentionally transfers funds to a bank account disguised to be for a beneficiary or vendor. External perpetrators can also trick employees to send money to a fictitious vendor. 

Most Common Types of Accounts Payable Fraud

Fraud involving the Accounts Payable Department happens in many ways. However, the most common ones involve the following:

Billing Schemes

External and internal perpetrators could be involved in a billing scheme. Common types of fraud under this category include:

• Sending false invoices
• Using an inactive or invalid supplier’s details to submit a false billing
• Shell company schemes created by dishonest employees to issue fraudulent invoices for goods that did not arrive
• Creating a shell company to pose as a legitimate vendor for pass-through schemes. This vendor procures supplies requisitioned by the company from another vendor and sells them at a higher price to the company.

Check Fraud

Employees are more likely to commit check fraud since they have opportunities to alter, intercept, and forge checks. However, external perpetrators can also be involved in check fraud.

ACH Fraud

Another type of payment fraud involves Automated Clearing House payments. External perpetrators often target ACH during cyber attacks by using a compromised account to authorize fraudulent payments. However, employees may take advantage of their authority or ability to breach controls to commit fraud using ACH payments.

Expense Reimbursement Fraud

Expense fraud is one of the most common types of employee fraud. Dishonest employees may create invoices for fictitious expenses, charge personal expenses to corporate credit cards, overstate mileage, and submit duplicate invoices. 

Kickback Schemes

Often, kickback fraud occurs between an external and internal perpetrator. An employee may collude with a supplier who submits inflated invoices, secure orders without participating in the bidding, or provide substandard products at full price in exchange for benefits.

7 Effective Ways to Prevent Accounts Payable Fraud 

The most common fraud controls include external audits, internal audits, having a code of conduct, management reviews, and management certification of financial statements. These internal controls reduce fraud by at least 33%, but they’re not enough.

Consider adding the following controls to decrease duration and losses due to fraud.

#1. Require Multi-Factor Authentication for Employee Accounts

Fraudsters are more likely to succeed when they mimic or take over a trusted email account. For instance, your employees may not be suspicious when a supervisor’s official email account sends the invoice for payment.

Hence, it’s critical to impede account takeovers. A simple but effective way to prevent unauthorized access is to enable multi-factor authentication.

Entering only your username and password to log in requires single-factor authentication. Passwords alone are vulnerable – data leaks and bots make it easy to guess your password. With MFA, you can add an extra layer of security to corporate accounts. 

How MFA Works

Multi-factor authentication requires you to enter more than one credential to access an account. You may have to prove your digital identity through any of the following:

• PIN
• Code
• On-time SMS Code
• Using a Trusted Device
• Security Key
• Biometric verification

It impedes attempts to log in to official accounts and allows you to protect your corporate data and vendor and employee information.

Enabling MFA is necessary for valuable targets like high-ranking officials, executives, business owners, and company heads. 

Unfortunately, many companies and executives do not activate MFA. In a 2022 survey, 47% of small and medium-sized business owners did not see the value or understand MFA.[2] The same problem is prevalent among C-suite executives.

Another study finds that only 8% of executives utilize MFA for most of their devices and applications. This is a cause of concern as 87% have passwords leaked on the dark web.[3]

#2. Validate Vendor Information

While all businesses have to be vigilant, data from Barclays show that 55% of scam-related losses for small businesses are due to invoice fraud. In this type of fraud, scammers impersonate vendors to update payment information. On average, SMEs lose £2,100 annually due to invoice fraud. [4]

Validating vendor information is an effective way to avoid invoice scams. However, two-thirds of organizations are not validating payment to confirm whether vendors receive the proceeds. 

Improve Fraud Detection 

Your AP department can improve the detection of a fake vendor account with these simple steps:

• Check the vendor master file to compare items such as:
  • Tax ID number
  • Bank account details
  • Vendor addresses
• Calling a vendor when you receive a request to change payment information.
• Confirm payment transactions for large orders.

Additional tips to avoid invoice scams

1. Do not use the contact number provided in the “suspicious” email to confirm changes to payment information.
2. Do open attachments and links without verifying the sender and reading the body of the email, even if it seems to be from a trusted source.
3. Conduct a background check when doing business with a new supplier.
4. Implement a policy to validate all large transactions with vendors.
5. Conduct unannounced vendor audits to catch fictitious vendors and verify whether payments are for legitimate transactions.

#3. Evaluate AP Controls Regularly and Require Full Compliance with Procedures

Fraud is more likely to happen when there are insufficient controls in place. Lack of internal control is the biggest contributor to fraud.

Make it part of your operating procedures to evaluate fraud controls annually. If there were significant changes to business operations, re-assess controls. Replace or add new safeguards if needed.

Key Internal Controls in Accounts Payable

Some of the most critical controls in the accounts payable function include:

• Separation of duties for approving invoices, receiving orders, approving payment, and reviewing and reconciling records
• Match invoices with the purchase order and delivery receipt
• Check if invoices get paid on time
• Review and update vendor files regularly
• Keep accurate inventory records

According to ACFE, 20% consider management override as one of the top contributors to committing fraud.

Suppose a manager at Company A receives a legitimate-looking invoice attached to an email requesting immediate payment. 

If the manager believes the email and authorizes immediate payment, bypassing verification procedures, fraud is more likely to succeed. However, if the invoice follows the usual approval process and goes through all the necessary verification and approval, there’s a higher probability of evading the attack.

#4. Cultivate a Security Awareness Culture 

As companies embrace hybrid and remote work, security awareness is a must. Scammers exploit weaknesses in the accounts payable process – the individual users. Even if you have a state-of-the-art infrastructure, fraudsters can still gain access to your system by taking over an employee’s account. This is why organizations have to train all employees to detect fraudulent transactions and act accordingly.

Imagine this scenario.

Your employee receives a suspicious email that happens to have a malicious link. The employee thinks it is a legitimate transaction and sends it to multiple people to confirm. Recipients may click on the link since it came from a trusted source. As a result, the attack affects their accounts too. 

If the employee had the necessary training to combat a phishing scheme, you could avoid having multiple accounts compromised. 

Educate and Train Employees to Combat Fraud

Studies during COVID revealed that 80% of organizations reduced susceptibility to phishing attacks through security training.[5]

Despite the increase in phishing attacks, companies do not provide adequate training to employees. About 36% limit training to certain departments and roles. Only 64% conduct formal training sessions.

Preventing fraud in AP should involve security awareness and fraud training. Schedule ongoing training and send “suspicious” emails as part of a test to evaluate your team’s ability to recognize scams and phishing attempts. 

#5. Set Up a Corporate Ethics and Compliance Hotline

Scammers and external fraudsters are not always to blame for accounts payable fraud. Internal perpetrators – employees, managers, executives, and even owners – could be involved in fraud. And according to the 2022 report by the Association of Certified Fraud Examiners, having a hotline to report fraud is the most effective detection method.

 42% of organizations uncovered fraud due to tips, and more than half of the reports are from employees. If fraud is a significant concern for your growing organization, set up a dedicated hotline to report fraud or other unethical behavior. 

Data suggests that most whistleblowers reported tips via email (40%) and web-based forms (33%). Reported median losses from fraud are $100,000 for organizations with a hotline, while those without are 100% higher at $200,000. Businesses also uncovered fraud faster at 12 months compared to 18 months for those without hotlines.[6]

How to Implement an Effective Fraud Hotline

Maximize the benefits of creating a fraud hotline with these tips:

1. Provide several options to make a report, such as an email, web form, text message, or telephone.
2. Guarantee anonymity of reporters and maintain the confidentiality of information.
3. Inform employees that the hotline exists.
4. Create protocols for handling reports sent through the hotline.
5. Consider hiring an external provider to manage the hotline. 

#6. Rotate Employees and Implement Mandatory vacations

Job rotation and mandatory vacation only make up 25% of fraud controls in many organizations. However, ACFE finds that median loss from occupational fraud decreases from $140,000 to $64,000, a 54% drop when companies implement job rotation and mandatory leaves.[6]

Fraud duration also decreased from 16 months to 8 months.

Allowing employees to occupy the same position for a long time breeds familiarity with vendors. This makes it possible for employees to:

• Exploit position to commit fraud
• Take advantage of weaknesses in the AP process to commit fraud
• Cover their tracks to avoid fraudulent activities from being detected

In about 20% of fraud cases, perpetrators had an unusually close association with a supplier, making it necessary to require job rotation for employees in high risks positions. 

Another method to mitigate fraud is to require employees to go on mandatory leave. Unwillingness to share existing duties with other employees is a behavioural red flag.

Employees hiding something often hesitate to leave work even for a day because they’re worried about getting caught. When employees go on vacation, another employee takes over. Handing over a task to someone new makes it possible to spot anomalies in the Accounts Payable Department since a second employee reviews the transactions.

#7. Move Invoice Approval Workflows Outside of Email 

Email may be a convenient communication tool, but it is one of the riskiest methods to approve invoice payments. Replace email with an invoice approval solution.

Changing where invoice approvals happen makes your accounts payable function more efficient. It also brings the following benefits: 

1. AP approval workflows improve accountability. Most companies have shared email accounts making it harder to track who saw the invoice or modified it.
2. A separate invoice approval solution makes it harder for fraudsters to infiltrate your invoice approval process even if an email account gets compromised. 
3. Your company will have a proper audit trail. Invoice approval solutions like Envoice leaves a record of who accessed or modified the account. 
4. Access to automated invoice approval workflows with built-in controls that allows you to customize rules and enforce compliance. For instance, it’s easier to catch duplicate payments, unusual invoice volume, or multiple payments to the same vendor.
5. Invoices are less likely to get stuck and cause payment delays. Approvers receive a notification when they need to approve an invoice. You can also designate substitute approvers who can take over if someone is out of the office.
6. Having all invoice-related communication means fewer emails, phone calls, and trips to the manager’s office to confirm a transaction. This improves collaboration and ensures everyone is on the same page, making it less likely for fraudsters to succeed in deceiving AP staff to approve a fraudulent billing.

Improve Fraud Detection Through Automation

In most companies, AP teams struggle to keep up with increasing invoice volume. About half of AP staff started working longer hours in mid-2022 to keep up with the increasing workload. You can’t expect overworked employees to spot anomalies like duplicated suppliers or fictitious vendors. 

As AP schemes become more elaborate, organizations must invest in automation. Leveraging AI enables real-time monitoring to enhance detection and eliminates manual tasks to free up time for your AP team. 

Automation allows your AP team can focus on resolving issues and investigating suspicious trends and patterns. Combining intelligent technology with fraud training and better processes improves your AP team’s ability to detect and prevent fraud. 

Start taking a proactive approach to AP fraud. Move email approval workflows to the Envoice platform. 

Sign up for a free trial today. 

 

Article Resources:

[1] https://acarp-edu.org

[2] https://www.scmagazine.com

[3] https://www.scmagazine.com

[4] https://home.barclays

[5] https://www.infosecurity-magazine.com

[6] https://acfepublic.s3.us-west-2.amazonaws.com