You don't need a business degree to know the importance of a strong bottom line. A good bottom line drives revenue, fuels growth and leads your company to long-term success. It's only natural that you'll want to defend it when it is threatened by something such as invoice fraud.
For those not familiar with invoice fraud, it's a common issue that can have a dramatic impact on a business. It's
The first step in identifying invoice fraud and stopping it is knowing what you are looking for. A common example (and I include more below) occurs when a criminal impersonates a supplier. Next, they start sending fake invoices or manipulating genuine ones by inflating charges, all to gain a financial advantage.
It sounds easy enough to avoid, right? It might be if a business works with a handful of vendors and processes a handful of invoices. But that's not the case for many businesses. Consider the following:
- The average organization works with 11 third parties, and 98% of organizations work with a third party that has suffered a breach.
- Skynova
research reports that nearly half of businesses (48%) handle up to 500 invoices each month. For many others, that number is significantly higher. Whatever the figure, this makes spotting fraudulent invoices a challenge.
As if the two factors above weren't enough, these issues are exacerbated by companies' continued reliance on manual review processes that lack the stringent oversight needed to spot fraudulent activity. Some typical tactics include:
- Subcontractor billing: An unethical business may take advantage of loopholes in the billing arrangement and inflate invoices.
- Dishonest vendors: One of a company's vendors may create a bill for goods or services that were never actually rendered in the hope that the person processing the paperwork will not bother to check.
- Threat actors: A criminal may infiltrate a vendor and send false invoices or ask to change bank account details. Then, payments are diverted from the actual vendor to another account.
As businesses begin to work with teams to educate them on invoice fraud and to put in place effective measures to identify and stop this activity in its tracks, there are six common types of losses that result from business payments that all businesses should be on the lookout for. These include:
1. Duplicate payments. At first, glance, identifying and removing duplicate invoices would seem like a fairly straightforward process. Think again. According to research from
Some of these duplicate payments are resubmitted intentionally for nefarious reasons. However, legitimate invoices are often resubmitted for payment accidentally and processed a second time due to flaws in a company's invoice-tracking system or mistakes resulting from a manual entry process. Naturally, businesses with automated detection solutions in place are far more likely to flag and stop these transactions from occurring.
2. Overcharges. For a homeowner getting work done on the house, it's common practice to price out options and find the vendor who can do the best job at a fair price that will stay on budget. In the business world, many companies lack oversight of pricing agreements and fail to benchmark what they are paying versus current market rates. When these relationships aren't checked regularly, vendors can take advantage and begin overcharging. And these costs can add up.
3. Recurring invoices, Also referred to as "unfilled subscriptions," these occur when a company receives invoices for a service or product they are no longer using. Subscription models offer many benefits, but they also introduce new challenges, especially for companies that lack an invoice verification process and fail to compare expense sheets to expected costs. For these businesses, these charges are slipping through the cracks, and the money lost can grow dramatically if they fail to act — according to
4. Fake invoices. As I mentioned, fake invoices attempt to get businesses to pay for goods and services that were never delivered or rendered. They are especially effective when the target business has lax verification processes and does not employ a cross-referencing step with purchase orders or contracts. Bigger companies, in particular, are especially susceptible to being duped due to the communication gaps that exist between the accounts payable team and the department responsible for the purchase. Businesses with an automated payment security solution in place can detect these fake invoices and stop payments before they are released.
5. Phishing and social engineering. We are all familiar with phishing campaigns and have been educated on what to look for. However, these campaigns aren't just targeting consumers. They are also aimed at businesses and leverage emails or communication that appear to come from a vendor or client, and in many instances, employees lack the proper training to recognize phishing emails. According to Egress'
This doesn't even take into account the latest deepfake schemes, which elevate these attacks to an entirely new level. One prominent example occurred earlier this year in Hong Kong, when attackers used a deepfake of a CFO in a video conference in their elaborate social engineering ploy to trick a finance employee into making a fraudulent $25 million wire transfer.
6. Insider fraud. In some instances, the perpetrator behind a fraudulent invoice is someone on the inside, such as an employee. Unlike an outsider, employees are far more familiar with the company's inner workings, including key processes like the B2B payment approval flow and the financial systems used (ERP, vendor databases, etc.). This knowledge makes internal bad actors more apt to sneak in fraudulent invoices unnoticed.
No matter the type of invoice fraud you might experience, the impact is equally significant. Individual smaller-sized companies may lose hundreds of thousands of dollars annually due to unauthorized transactions or payments for undelivered goods or services. But larger businesses with annual revenue in the billions could stand to lose millions or tens of millions of dollars a year. This money could be reinvested in new business initiatives to help set the businesses up for longer-term success. And let's not forget a company's financial obligations to investors. Beyond the financial implications, invoice fraud can tarnish a company's reputation and, in turn, affect the level of trust between organizations and their vendors.
Fighting back
There is good news. Businesses have options to prevent invoice fraud and a great place to begin is with vendor due diligence. As when hiring a contractor to work on your home, take the time to investigate each vendor. This includes not just looking at their credentials but also their reputation and track record.
Once a vendor has been selected, implement processes to protect invoice payments from supply chain attacks. This requires abandoning static vendor questionnaires and adopting a more modern alternative that can manage vendor profiles and changes to their payment information, as well as monitoring their activities, tracking and controlling their permissions and access to internal systems, and enforcing security practices.
Next, make sure you get what you're paying for. Just because you process a significant number of invoices each month is no excuse for not ensuring each reflects the goods and services you received. Cross-reference invoices with purchase orders, contracts, and delivery or service completion records. In addition, have a bank validation process in place that ensures you're paying the right vendor or supplier. There are also ways to automate these checks and ensure the three-way match and proper bank account validation are conducted correctly and efficiently, so make sure to stay informed on all the best practices.
In all these cases, your employees are key. Implement comprehensive training programs that teach teams how to identify the common invoice fraud examples outlined earlier and new, developing tactics that are gaining momentum. In addition, work with teams to implement and follow policies and procedures, including those focused on vendor onboarding and management. These should feature regular audits and reviews where the performance of each vendor is reviewed, and issues and discrepancies are addressed. Teams should also work to strengthen internal controls by segregating duties and following approval workflows for invoice authorization.
A critical final step is technology. Even with the best teams and well-thought-out policies and procedures, companies should invest in automated AI-powered software solutions. With features such as duplicate payment and fraudulent invoice detection, business email compromise alerts, and secure vendor onboarding and management, these systems can fully secure the invoice payment cycle so finance teams can rest easy knowing their B2B payments are going to the right place.
Invoice fraud manifests in various forms, each of which poses a significant threat to a company's financial health, reputation and overall survival. Fortunately, by proactively educating their staff, enacting robust policies and procedures, and bolstering their defenses with a trusted payment security solution, companies can effectively mitigate these risks and safeguard their assets and integrity.
