In an increasingly digital age, safeguarding financial assets has become a paramount concern for businesses of all sizes. The realm of accounts payable, in particular, stands as a critical juncture where AP fraud can quietly infiltrate and wreak havoc.

Enter cloud-based AP automation, a technological bulwark against illicit activities. This dynamic fusion of cloud computing and automation not only streamlines the accounts payable process but also erects a formidable barrier against potential fraudsters. In this blog, we delve into the intricate web of financial security, exploring how cloud-based AP automation stands as a sentinel, actively thwarting fraudulent attempts. Join us on this journey as we uncover the tactics, strategies, and technologies that are reshaping the financial landscape, fortifying businesses against the ever-present threat of fraud.

 

Examples of AP Fraud in Accounts Payable

Here are some of the most common types of fraud in AP:

1. Invoice Fraud

Overbilling: A supplier intentionally inflates the price on an invoice for goods or services that were provided at a lower cost.

Phantom Invoices: Fraudsters create fake invoices for goods or services that were never delivered or provided.

2. Employee Fraud

Ghost Employees: A dishonest employee creates fictitious employees and submits timecards for them, then collects the pay.

Collusion: An employee conspires with a supplier to create fake invoices or approve inflated prices in exchange for kickbacks.

3. Vendor Fraud

Shell Companies: A dishonest vendor sets up a fake company and bills the organisation for goods or services that were never provided.

Kickbacks or Bribes: Vendors may offer or provide kickbacks or bribes to employees in exchange for preferential treatment.

4. Duplicate Payments

Accidental Duplicate Payments: Due to errors or system glitches, a company might unintentionally pay the same invoice twice.

5. Misappropriation of Funds

Misdirected Payments: An employee redirects payments meant for a legitimate vendor to their own account.

Expense Fraud: Employees submit false or inflated expense reports for personal gain.

6. Phishing and Social Engineering

Impersonation: Fraudsters pose as a legitimate vendor or executive and request a change in payment details to divert funds.

7. Manipulation of Financial Records

Falsifying Financial Statements: Employees or external parties alter financial records to hide fraudulent activities.

8. Unauthorised Access

Unauthorised Approvals: An employee with inappropriate permissions approves invoices or payments they shouldn’t have access to.

9. Redirection of Payments

Man-in-the-Middle Attacks: Hackers intercept communications and alter payment details to redirect funds to their own accounts.

10. Identity Theft

Stolen Vendor Identity: A fraudster poses as a legitimate vendor and submits invoices for payment.

 

Real World Examples of Fraud

NatWest Payment Processor Fraud (2019):

In 2019, an employee at NatWest’s payment processing centre in Birmingham was found guilty of orchestrating a fraud scheme. The individual created fake invoices and directed payments to their personal account. The fraud amounted to approximately £200,000.

University of York (2017):

In 2017, an employee at the University of York was convicted of submitting false invoices for personal goods and services. The fraud amounted to over £300,000.

Columbia Sportswear (2019):

A former employee of Columbia Sportswear created a fictitious company and submitted fraudulent invoices for marketing services. The company paid out over $3 million before discovering the scheme.

Sungard Availability Services (2019):

In 2019, a former employee of Sungard Availability Services, a company that provides IT services, was found guilty of a fraudulent scheme. The employee created and submitted false invoices for goods and services that were never provided. The fraudulent invoices amounted to over $1.5 million.

Walmart Vendor Fraud Scheme (2019):

In 2019, Walmart filed a lawsuit against its former VP of Replenishment, alleging that he had engaged in a fraudulent scheme involving fake invoices. The individual was accused of embezzling millions of dollars over several years.

Scotiabank Heist (2020):

In 2020, a former Scotiabank employee in Canada was charged with a $30 million embezzlement scheme. The employee allegedly created fictitious companies and submitted fraudulent invoices for services that were never provided.

Krebs on Security Vendor Fraud (2020):

In 2020, security expert Brian Krebs reported an incident where a vendor’s email was compromised. The fraudsters intercepted legitimate invoices, altered the bank details, and sent them to the victim’s clients. This resulted in payments being directed to the fraudsters’ accounts.

Redbridge Council (2012):

In 2012, an employee of Redbridge Council in London was found guilty of orchestrating a fraud scheme involving fake invoices. The individual submitted false invoices for work that was never done, resulting in a loss of over £700,000 to the council.

London Borough of Croydon (2011):

A former employee of the London Borough of Croydon was convicted in 2011 for creating false invoices and diverting payments to her personal bank account. The fraud amounted to over £170,000.

Surrey County Council (2011):

In 2011, an employee of Surrey County Council was convicted for submitting fake invoices for personal goods and services. The fraud amounted to approximately £500,000.

It’s crucial for businesses to implement robust internal controls, conduct regular audits, and utilise technology like cloud-based AP automation to help prevent and detect fraudulent activities in their accounts payable processes.

 

How to Avoid Fraud In AP

To avoid fraud in accounts payable, businesses can implement a combination of policies, procedures, and technology solutions. Here are some key steps:

 

1. Establish Strong Internal Controls:

• Implement segregation of duties so that no single individual has control over all aspects of the accounts payable process.
• Require dual authorisation for sensitive transactions, such as large payments or changes to vendor details.

 

2. Vendor Verification and Due Diligence:

• Conduct thorough background checks on new vendors before establishing a business relationship.
• Confirm the legitimacy of vendors through independent sources or trusted third-party services.

 

3. Invoice Verification and Approval Workflows:

• Set up rigorous approval workflows to ensure that invoices are reviewed and approved by the appropriate personnel before payment.
• Verify that invoices align with purchase orders, delivery receipts, and contract terms.

 

4. Automate Invoice Processing:

• Implement cloud-based AP automation solutions that utilise advanced algorithms to detect discrepancies and fraudulent activities.

 

5. Use Electronic Payments and Secure Platforms:

• Shift towards electronic payment methods like ACH transfers or virtual credit cards, which have built-in security measures.
• Use secure, encrypted platforms for communication and transactions.

 

6. Monitor for Unusual Activity:

• Regularly review accounts payable reports and transaction logs for anomalies or suspicious patterns.
• Set up alerts for unusual activities, such as sudden changes in payment amounts or vendor details.

 

7. Perform Regular Reconciliations:

• Reconcile accounts payable records with bank statements and other financial records on a regular basis to detect discrepancies or unauthorised transactions.

 

8. Implement Strong Password Policies and Security Measures:

• Enforce strong passwords and regular password changes for all accounts payable systems and platforms.
• Use multi-factor authentication (MFA) to add an extra layer of security.

 

9. Conduct Employee Training and Awareness Programs:

• Educate employees about common types of accounts payable fraud and how to recognise suspicious activity.
• Encourage a culture of vigilance and reporting any potential issues promptly.

 

10. Regularly Review Vendor Contracts and Agreements:

• Ensure that vendor contracts are clear and comprehensive, specifying terms, deliverables, and payment details.
• Monitor vendor performance and address any discrepancies or concerns promptly.

 

11. Perform Internal and External Audits:

• Conduct regular internal audits to review accounts payable processes and identify any potential weaknesses or areas for improvement.
• Engage external auditors to provide an independent assessment of accounts payable controls.

 

12. Stay Informed About Emerging Threats:

• Keep abreast of evolving fraud tactics and cybersecurity threats to proactively adapt security measures.

 

By implementing these measures, businesses can significantly reduce the risk of accounts payable fraud and protect their financial assets.

 

AP Automation Solution Features for Reducing AP Fraud

Cloud-based accounts payable (AP) automation reduces fraud through a combination of advanced technologies, secure processes, and real-time monitoring. Here’s how it works:

Everything you need to know about automated invoice processing

Advanced Data Validation: Cloud-based AP automation employs sophisticated algorithms to automatically validate invoice data. It checks for discrepancies, duplicates, and unusual patterns, flagging potentially fraudulent invoices for further review.

 

Invoice Matching: The system matches incoming invoices with corresponding purchase orders and delivery receipts. This reconciliation process ensures that the goods or services were actually received before payment is approved, reducing the risk of fraudulent invoices.

 

Rule-Based Approval Workflows: The system allows businesses to establish custom approval workflows. These rules ensure that invoices are reviewed and approved by the appropriate personnel, minimising the chance of unauthorised payments.

 

Real-Time Monitoring: Cloud-based AP automation provides real-time visibility into the entire invoice processing cycle. This process intelligence allows for immediate detection and response to suspicious activities, including irregular payment amounts or unusual vendor details.

 

Audit Trails and Transaction Logs: A comprehensive audit trail is maintained, documenting every action taken within the system. This transparent record helps in tracing any suspicious activities back to their source, providing crucial evidence in case of fraudulent activity.

 

Multi-Factor Authentication (MFA): Cloud-based systems often incorporate MFA, requiring users to provide multiple forms of authentication before accessing sensitive financial data. This additional layer of security helps prevent unauthorised access.

 

Machine Learning and AI: Advanced machine learning algorithms can analyse historical data to identify patterns indicative of fraud. Over time, the system becomes better at distinguishing between legitimate and suspicious transactions.

 

Alerts and Notifications: Cloud-based AP automation can be configured to send alerts or notifications for unusual activities, such as a sudden change in payment amount or a new payee. This immediate notification allows for prompt action to prevent fraudulent payments.

 

Secure Access Controls: Role-based access controls ensure that only authorised personnel have access to sensitive financial information. This prevents unauthorised individuals from tampering with or approving invoices.

 

Encrypted Data Transmission and Storage: Data is encrypted both during transmission and while at rest on the cloud servers. This protects it from interception or unauthorised access by cybercriminals.

 

Regular Security Updates and Patch Management: Cloud providers are responsible for maintaining the security of their platforms. They regularly apply security patches and updates to address vulnerabilities and emerging threats.

 

 

About the Author