Fraud can happen at any time and to any company. Do you know the ways to protect yourself and your business?
Organizations throughout history, regardless of size, have been susceptible to some form of invoice fraud. Research reveals small and medium-sized businesses are at more risk of being targeted for invoice fraud. However, corporate giants aren’t immune either.
WHAT IS INVOICE FRAUD?
invoice fraud is a criminal act where fraudsters send fake invoices claiming to be from a genuine supplier, usually notifying your company that their payment information has changed and redirects payment of your outstanding invoices to their own personal bank account by impersonating your business or employees, or even a supplier or vendor.
Funds are often quickly transferred so recovering money from fraudulent accounts can be extremely difficult.
COMMON TYPES OF INVOICE FRAUD
- Fake Invoice: This type of fraud occurs when an invoice is created and then submitted for payment for products or services that were never actually delivered or carried out. In this scenario, a vendor could be working alone, a hacker could be responsible – something known as invoice re-direction, or a vendor could be colluding with an employee of the invoiced organization to ensure that the fake invoice passes through the AP process.This fraud can be particularly effective if your business is still processing payments manually based on each invoice.
- Duplicate Payment: One of the biggest costs experienced by accounts payable departments is through the payment of duplicate invoices. An inside connection to the business makes it easier to get away with this blatant deception, but external parties often try to get away with the crime by submitting invoices for amounts low enough that they’ll fly under the radar. Not all duplicate invoices are fraud, sometimes a vendor will re-submit an invoice if there has been a delay with payment. If any gaps exist within the AP department’s PO and invoice matching process, these invoices will sometimes end up being paid twice.
- Labor Mischarging: Vendors may include false information on an invoice regarding the numbers of staff employed and/or hours worked on an order for the purpose of inflating an invoice and increasing the payment they receive. Typically, the amounts aren’t inflated significantly enough to raise red flags. The idea here isn’t to get a big payout. Scammers rely on volume to get away with as many small amounts as possible.
- Shell Companies: Invoicing via a shell company is another typical form of fraud. Shell companies refer to the business entities that typically have no physical presence and no employees other than a mailing address. Internal fraudsters, mostly wayward employees, use the fabricated name and addresses to collect disbursements from false billings.
- Phishing schemes: Phishing schemes occur when fraudsters trick accounts payable personnel into transferring funds by acting as legitimate companies. Phishers often duplicate an authentic supplier email which they use to send fake invoices/bills to companies.
RED FLAGS FOR INVOICE FRAUDS
Having staff aware of these red flags is a simple, and effective, way to prevent invoice fraud from taking place in the first place.
General red flags:
- Weak controls over the review and payment of invoices
- Discrepancies between contract or purchase order, receiving documents and invoices
- Discrepancies between contractor’s billings and supporting documents
- Invoice is in a round number amount if that is unusual
- Total payments to a contractor exceed total contract or purchase order amounts
Red flags of false invoices:
- No receiving report for invoiced goods or services
- Invoiced goods or services cannot be located in inventory or accounted for
- No purchase order for invoiced goods or services
Red flags of inflated invoices:
- Invoice prices, amounts, item descriptions or terms exceed or do not match
- Discrepancies between invoice amounts and supporting documents
Red flags of duplicate invoices:
- Multiple payments in the same time period
- Multiple invoices with the same:
- Description of goods or services
- Invoice number
- Purchase order number
- Total amount paid to vendor exceeds invoiced amounts.
STRATEGIES TO REDUCE THE RISK OF INVOICE FRAUD
Although invoice fraud is prevalent, there are things you can do to prevent your company from becoming a victim. Prevention starts with a more thorough review process that can filter out the problem. There are several ways to prevent invoice fraud and mitigate fraud risks in the AP department. Here are a few.
- Use 3-Way Matching: Three-way matching refers to the process of matching the invoice, purchase order, and receiving report to validate the details of purchase before any payment is made. Three-way matching is arguably one of the most comprehensive ways to process a vendor invoice to minimize the risk of fraud.
- Segregation of Duties: Allowing a single employee to handle all financial transactions, including submitting POs, invoice validation, and payments, ultimately increase the risk of fraudulent activities. Segregation of duties refers to a workplace principle that ensures a single individual is not given the authority to carry out two or more conflicting sets of responsibilities. For example, the employers who tender POs shouldn’t approve invoices, while those who select and onboard vendors should not be pay invoices.
- Review and Verify Payment Details: When a vendor changes their payment details, always follow through and confirm with them. It’s best to call or establish direct contact one way or another to independently verify payment details before releasing payments.
- Review Bank Statements Periodically: From time to time, you should review bank statements and report any suspicious debits quickly. This can help you identify issues in their early stages.
- Automation of the AP Department: Using AP automation software is an excellent way to mitigate invoice fraud. When the AP process is automated, invoice details are automatically matched and recorded in the system. This greatly reduces the need for human input, which ultimately brings down margin for error and fraud.When an employee has to independently match invoices, there’s always a risk of fraudulent invoices passing through and being approved. With AP automation software, they’re immediately flagged.
Alia Noor (FCMA, CIMA, MBA, GCC VAT Comp Dip, Oxford fintech programme, COSO Framework)Associate Partner
Ahmad Alagbari Chartered Accountants