Using AP Automation and Payments to Mitigate Fraud
Over the past few years, AP departments have been fending off payments fraud the way Luke Skywalker battles Darth Vader in Star Wars.
It has been both a tough and changing fight.
Since the pandemic started, bad actors have used societal changes and increase in digital transactions to innovate numerous ways to separate companies from their cash.
In fact, PYMNTS reported “business email compromise (BEC) fraud attacks targeting invoices and payments rose 155% between Q2 and Q3 2020. A recent survey also revealed that nearly half of all organizations reported severe fraud attempts on their systems in 2021, and 15% suffered major financial losses as a result”.
While there are lots of ways fraud is perpetuated, there are several actions AP departments can take to minimize the chances of payments fraud.
1) Centralize invoice processing and payments with AP automation and payments
Much of AP’s fraud vulnerability comes from multifamily, CRE and other Real Estate companies using decentralized paper processes across multiple properties. These leave gaps fraudsters can exploit.
For example, if each property manager for a Multifamily company collects stacks of invoices, sends them to a corporate headquarters, and then leaves the puzzled AP team to sort through all the invoices, get them routed for approvals, and then paid with a paper check, there’s a lot of places a bad actor can insert themselves into the process. They could impersonate a vendor, send duplicate invoices, or target the paper checks.
With automated accounts payable processes, however, all invoices travel through centralized AP software, giving everyone – from property managers to CFOs – complete visibility into every step of from invoice ingestion to payment.
There are also audit logs and reporting. Invoices have a complete digital audit trail, showing who approved them and when. Invoice approval workflows are also visible, as well as whether they have been changed (and by whom). Many systems, like Nexus, also send alerts about duplicate invoices.
2) Segregate invoice responsibilities
While the AP automation and payments system has a lot of safeguards to help mitigate fraud, it’s important that the AP department take additional actions. Segregation of duties is one of the most important ones to implement.
For example, it’s important that employees who can change the Master Vendor Record are not the same folks that can approve or pay invoices. That makes it more difficult for an employee (or someone impersonating an employee through BEC) to slip in a fraudulent invoice or change a vendor address. A good segregation of responsibilities may look like this:
3) Be on the lookout for invoice fraud perpetuated by employees and bad actors impersonating employees and suppliers
Another important control is to be on the lookout for invoice fraud from any and all sources. Three common scenarios are:
- An employee’s account can be compromised, and the employee access is used to perpetuate fraud
- The employee can be a bad actor themselves
- A suppliers’ account can be compromised by a bad actor who then impersonates the supplier
In these situations, the bad actor can submit an invoice that’s already been paid - but claim it hasn’t been paid. They’ll then provide new payment instructions, and get the funds deposited into their own account.
Another common scheme involves an employee submitting a false invoice from a fictitious company in the Master Vendor Record that looks similar to an existing vendor. They’ll then submit invoices for that new illegitimate vendor – with the hope that they won’t be discovered because their name is extremely similar to a real vendor.
AP teams must keep their guard up and pay close attention to the details. Some AP systems, like Nexus, have reporting that can help them easily spot changes to any invoice approvals or payments that list company names, amounts, and dates, letting them see subtle differences immediately.
4) Automate change requests from suppliers or verify by phone
Making sure vendors are who they say they are is important to mitigating fraud as well. Some AP automation and payments companies have extra validations set up to make sure all their vendors’ data is verified.
For example, Nexus has a self-service supplier portal, NexusConnect, that vets suppliers automatically before they can sign up to send their customers invoices or receive electronic payments. It also checks to see if the supplier is not on the Office of Foreign Assets Control (OFAC) list to ensure the supplier is not under any sanctions. If they are, they are prevented from setting up an account.
Furthermore, once a vendor has been established in NexusConnect, anytime they attempt to make an account update – such as to their address, phone, company name – a new check will automatically be triggered.
5) Choose the most secure payment method to pay vendors
Cutting back on paper checks and favoring electronic payment methods can help reduce fraud too. Per the Association of Financial Professionals (AFP), paper checks are targeted most frequently by fraudsters, and remain one of the biggest threats for AP Teams.
On the other end of the security spectrum are virtual cards, which are among the most secure payment methods. These one-time use cards are issued by a B2B payments company (like Nexus) and emailed to the supplier for the exact amount of the invoice(s) due.
Per the 2023 AFP Payments Fraud & Control Survey, virtual card payments represent only 9% of targeted payment fraud versus 63% for checks.
Deploy good practices companywide
While AP teams can help lessen the risk of fraud by adopting these practices, the company also has to be vigilant too. They can’t ignore common security protocols, such as multifactor authentication and employee training. Combatting fraud is a team effort and everyone has to do their part.