Many businesses become a prime target for payment fraudsters during the run up to Christmas. The combination of an increased rate of trade and seasonal festivities can mean that employees handling business payments are less on the ball than usual. New research from Accura, the insights business of VocaLink, reveals that one in four small businesses say that payment related fraud is one of the biggest risks to their business, with 27% having experienced invoice, mandate or CEO fraud directly.
Invoice fraud happens when a company is tricked into changing bank account payee details for a sizeable payment. Mandate fraud occurs when criminals trick businesses into changing payment details, such as standing orders and direct debits, in order to divert payments and CEO fraud. It involves impersonation of senior company officials, to coerce employees to transfer company money under the auspice of a legitimate business purpose.
When businesses have been victims of payment fraud, the result can be catastrophic; it is therefore a huge concern for entrepreneurs. What’s more, the risk of SMEs falling victim to fraud seems to increase over the winter months with Action Fraud reporting over 1,800 cases of mandate fraud alone in the last quarter of 2015, higher than any other point in the year. This may be when spending is at its highest in to the pre-Christmas months and business owners let down their guard.
Invoice redirection is one type of fraud that can adversely impact businesses of all sizes. In cases of this type, fraudsters pretend to be an existing supplier and convince the company to change their details and make payments to a different bank account. Millions of pounds are unwittingly handed over to fraudsters every year through this type of scam. In some cases, large sums of money are transferred several times before the crime is even discovered and unfortunately the funds are often never recovered. A company will still owe the ‘real’ supplier, which can often result in business closures and job losses.
It is relatively easy – yet vitally important – for businesses to protect themselves by implementing a few simple measures to minimise the risk of invoice redirection fraud, particularly those who rely on online systems and data for their day-to-day operations. Unfortunately, even when companies take the steps outlined below, relentlessly innovative fraudsters continue to scam businesses out of their hard earned money, and many companies are turning to their banks for assistance.
One prominent UK bank is using innovative technology, which has been developed by Accura. The system alerts the bank to possible cases of invoice redirection, CEO and mandate fraud before the funds have left an account, allowing the bank to liaise with its customers to either validate or halt the payment. It is hoped that solutions such as these will be play a key role in the fight against online fraud.
But there are steps that small business owners can take to reduce the risk of falling victim to this type of fraud before it occurs. In line with industry best practice, Accura has set out below five top tips to help small businesses to mitigate the risk of invoice redirection fraud.
- Raising awareness. Ensuring that staff members who are responsible for paying suppliers are both knowledgeable and cautious is key to the prevention of this type of fraud. All staff should be made aware of the existence of such fraud and they should be trained to recognise the potential warning signs. For example, to scare employees into paying quickly, fraudsters may state on the invoice that the due date for the payment has passed, or threaten that non-payment will affect their credit rating, so employees should be instructed to check that the goods or service have been provided in every instance before payment is made. They should never be pressured into doing something quickly without being sure that the request is legitimate.
- Establishing a best practice. Successful fraud of this type is often the result of an unreliable accounting system and therefore it is essential that a company establishes a ‘best practice’. If possible one supplier contact who is responsible for the payments should be identified and clearly noted on the supplier file. This person should be contacted in all suspicious circumstances. Payment verification techniques such as three-way matching either manually or automated can be hugely beneficial in the detection and/or prevention of fraud. This refers to matching three documents – the invoice, the purchase order, and the receiving report. All processes should be documented and readily available to staff members.
- Contacting the supplier. Where changes to suppliers’ details are requested, extra checks and processes should be implemented. A supplier should always be contacted using the original contact details that are held on file. The payer should feel confident to contact the supplier should they have any cause for concern. It can be useful to inform a supplier once any payment has been made and the account details to which the amount has been paid should be clearly communicated. Where larger or one-off invoices are raised, a one to one meeting with the supplier may be beneficial.
- Storing supplier information. It is commonplace for companies to publicise details of their suppliers on their website and in other public material. This provides invaluable ammunition for fraudsters who glean as much information as they can before posing as a supplier. Companies are advised to consider whether such information adds value and where it is deemed unnecessary, such information should be removed.
- Financial information. Bank statements should be checked regularly and any anomalies should be investigated and raised with the bank as soon as possible. As with all sensitive information, invoices and bank statements should not be left lying around. Every supplier invoice should be verified as in many cases when genuine and fake invoices are compared the discrepancies are immediately obvious.
With more than 20 years’ experience in the payments industry, during his career Jim has run businesses for market leaders such as NatWest, Barclaycard, JP Morgan and Vodafone. He has also led start-ups such as Simpay. He has a strong track record of successfully building, launching and managing innovative payments products and businesses. He joined VocaLink in 2012, and since then has led VocaLink’s core UK business, developing strategic propositions for the business across areas such as alternative payments (mobile, digital) and access (PayPort).
For more information about VocaLink, visit the company website.
A further £2.5m is expected to be raised from crowdfunding on Tuesday.
Official figures from the Office for National Statistics (ONS) showed that retail sales fell by 0.3% in January 2017.
IBM has been actively working with companies to make blockchain ready and integrated for businesses.
Yet more Google technology is infiltrating the payments industry.