Let’s face it: fraud is everywhere. You’ve probably received email messages from a Nigerian prince, asking to send funds immediately. Or worse, you might have gotten one of those false (but threatening) calls from the IRS, demanding payment and/or your social security number now.
Hopefully you are wise to these scams, and just deleted the emails and/or blocked those fake IRS calls. And if you didn’t, don’t give yourself a hard time. Scammers are working hard to try to fool you and take your money, and they’re cooking up new ways to do it every day.
Invoice fraud is one of the latest methods fraudsters are using to get a hold of your hard-earned cash. It goes something like this: a fraudster learns a bit about the person or business they want to extract funds from, including their location and the types of vendors they patronize. Then the fraudster impersonates a vendor and sends you a request for funds. Many requests have a high sense of urgency, like “Invoice is 90 days overdue. Pay now to avoid service cancellation.”
And surprisingly enough, people and businesses sometimes pay these fraudulent invoices without a second thought. According to a 2016 study, small to medium businesses in the UK lost an estimated 9 billion pounds to invoice fraud. Almost half the reporting businesses were the target of fraudulent invoices.
There are many reasons why a consumer or an accounts payable department might pay one of these fraudulent invoices. Accounts payable departments are notoriously behind in their duties. Many are just trying to stay afloat and pay as many invoices as they can, without a lot of due diligence. Consumers might take the time to review each invoice but still miss the signs that it’s fraudulent. So what can you do to keep from becoming a victim of invoice fraud? Here are a handful of ways both businesses and consumers can protect themselves.
Educate yourself and your employees.
In order to identify and prevent invoice fraud, you first have to know it exists and know what to look for. As a consumer, a great place to start is the Federal Trade Commission (FTC), the U.S Federal agency dedicated to consumer protection. The FTC offers scam alerts to keep consumers up-to-date on the latest scams. Use these alerts and the FTC site to educate yourself.
Business owners will need to educate themselves AND their employees - specifically, accounts payable staff. Make employees aware of possible invoicing scams, and encourage them to carefully review invoices for payment. Emphasize that speed is not an issue where fraudulent invoices are concerned. Create policies that detail exactly how to verify invoices prior to paying them. And if you have any bonuses or incentives tied to paying invoices quickly, consider changing those to incent lower a lower incidence of fraud.
Implement 3-way matching.
One procedure that will help weed out fraudulent invoices is 3-way matching. This process is really appropriate for businesses with a solid AP structure in place. 3-way matching requires an invoice to be verified with 3 different documents - the invoice itself, a purchase order (PO), and a receipt for goods and/or services. An employee would compare these 3 documents to make sure all the information matches up prior to paying an invoice. Red flags go up if the invoice doesn’t match the other information you have on file.
**If you do find an invoice that fails the 3-way matching test, a quick call to the vendor in question can confirm that it is indeed fraudulent. If it is, make sure to report it it to the FTC for investigation.
Automate your accounts payable processes.
You might be imagining groans coming from the general direction of your AP department as you contemplate 3-way matching. Visions of pulling up 3 pieces of paper or 3 different programs and manually verifying the data in them does NOT sound like fun. However, this process doesn’t have to be a manual one. Many accounts payable platforms offer various automated workflows, including those that cover 3-way matching. You and your AP staff can set up a series of rules on how 3-way matching and other automated AP tasks should work, and then spend your time dealing with exceptions. These automations save time and money, reduce fraud, and increase visibility.
Don’t switch payment methods without several sources of confirmation.
Another sneaky way that fraudsters trick us is to ask to change payment methods. You might pay a particular vendor via credit card or ACH. All of a sudden you receive a call from someone posing as the vendor, asking you to change to wire transfer payments. Or maybe it’s right there on the fraudulent invoice: “please remit payment via the new method indicated below”. This is an effective way for scammers to trip you up, outside the processes you’ve create to alert you to invoice fraud.
All that accounts payable automation we talked about before frees up time for the real work: exceptions. And this is one of them. Before changing payment methods for any vendor, make sure to verify the change with at least two other sources. This is the time to pick up the phone and call the vendor to verify (a) the request for a change and (b) the exact details of that request. Who knows - your vendor might actually have made a payment change request, but if the account details don’t match up, you may have a fraudulent invoice on your hands.
Only use payment methods that provide consumer protection.
This isn’t always going to be possible, as some vendors offer only a few types of payments. But it’s worth asking about upfront, to protect yourself from future scams. When establishing relationships with new vendors, ask for payment methods that offer consumer protection, like credit cards and PayPal. And familiarize yourself with those that don’t provide that level of protection, like wire transfers and bitcoin.
Ask vendors for extra security measures to prevent fraud.
Legitimate businesses will take extra measures to show customers they are trustworthy. As with payment methods, it’s good to ask about these measures upfront. Businesses can implement varying levels of PCI compliance to ensure the safety of credit card transactions.
They can also purchase custom domains (for example, billing.xyzcompany.com) to host their invoices to verify their identity at the initial transaction. Once you have the custom domain, it won’t change - which will generate red flags if a new domain starts requesting payment. White-labeled emails generally go along with custom domains, such that an invoice will be sent to you from the vendor’s specific email address instead of the platform’s alias (email@example.com).
There are ways to spot and prevent invoice fraud, but remember: scammers are creative. They’re constantly inventing new methods to fool us and commit invoice fraud. The best you can do is to stay informed, take precautionary measures, and report threats when you find them.