Involving different people during the vendor setup, invoice approval and payment process is not only good business practice, but helps you to protect your business from fraud.
External Fraud usually follows two main schemes:
An external person requests that the bank details of a vendor – usually posing as an employee of this vendor – are changed. Once the payment is made, the funds are not received by the original vendor, but by someone posing as them, taking the funds and vanishing. This is especially an issue when the payment is made across borders. To avoid this, a second, independent check of any change of bank details should be considered. And instead of calling back the number provided to check, using the details already in your vendor master data – or even better, through an independent source like the internet, and going through the switchboard, asking for the accounts department, to confirm the change of banks, helps to ensure that the change of bank details was legitimate. This check should be undertaken from a person independent to the one that updates the banking details.
The second scheme, known as the “CEO Fraud”, is becoming more popular: an email from a very senior person within the organization is faked, requesting an urgent payment to a vendor that is not yet set up in your system. To avoid this “social engineering” fraud, such an “urgent” email should be reviewed in detail: is the email really from the person that seems to have sent it or an imposter? Check for minimal changes in the email address: The domain name on the imposter email often has minimal deviations, that only are visible under a “magnifying glass”. Or the email is supposedly sent from a personal email account of the senior person in the company. In both cases an independent check with the originator is suggested. And: start a new email thread, using the standard email that you have for this senior person, instead of replying to the email thread. Or use a different way of communication: Instant Messaging, Text or even a Phone Call.
And again, as said in the section about internal fraud: having 3 different people involved in paying for this request (one during setup, one for approving the invoice and one for initiating the payment) helps to prevent this kind of fraud as well, given that the proper procedures are followed and not thrown overboard because a senior person requested the payment.
The FBI has reported between October 2013 and December 2016 over 40,000 incidents, with a total loss of $5.3 Billion – that is an average loss of over $130,000 per incident.
Whilst it seems cumbersome to implement and follow strict rules of Segregation of Duties, and with that involving more people in getting a payment processed, it finally helps to prevent internal and external fraud. Just imagine what happens if your team is not following the rules and $130k are lost?
Please see our blog post on internal fraud and fill out the brief form below to learn more about how the NetChain Squared platform can protect your organization from external fraud as well .