Invoice fraud is a real threat to your business. What do you need to know?
Part of the work we do with our clients is making sure they have really robust processes and controls, because the threat of fraud and cyber-crime has never been greater.
Supplier invoice fraud is particularly popular amongst the criminal fraternity and they’re getting really good at it.
So we all need to be more vigilant than ever.
The way it works is this:
Criminals pretend to be your regular suppliers and get you to change the bank details you have on your system so that you pay them, instead of your real supplier. And by the time your actual supplier starts chasing you for overdue payment your money is long gone.
You might be thinking that you wouldn’t be that stupid, and you’d spot a fake request to change bank details, BUT don’t underestimate how professional and thorough these fraudsters can be.
Their communication is likely to look just like your suppliers. They will often know details of your relationship with your supplier, and it’s not difficult for them to find out details of your invoices and even know payment due dates, which can make a real request difficult to differentiate from a fraud attempt. The email request may even appear to come from a genuine contact at your supplier; the fraudsters often hack email addresses to make them appear real. Paper requests can be appear to be on genuine company letterheads, so never assume something is genuine until you’ve checked it out.
Another warning sign is that the request is asking you to act with urgency.
Authorise all invoices for payment
Another key thing to look out for are fake invoices. Again these will look exactly like your normal invoices. With automated packages like Xero and QuickBooks being used as the norm now, email invoices are often forwarded straight to the accounting package without being authorised.
In the “old days” all invoices were checked against purchase orders, delivery notes AND physically signed off by a manager or director. This discipline seems to be disappearing and we strongly urge you to still make sure all invoices are in fact authorised before they can get onto the accounting system.
Apart from fake invoices, the good old fashioned reasons for checking invoices still remain:
- We might not have had the goods or service
- We might have been overcharged
- There may be a problem and we’re waiting for replacements or a credit note
A fraud can be difficult to spot if you don’t have really strong controls, processes and an awareness of what to look out for.
6 steps to keep you safe and avoid invoice fraud
- Create a formal process for changing supplier payment details – I’d suggest this involves getting sign off from someone senior in the business to avoid junior staff making changes without checking.
- When you get requests to change supplier bank account details, phone (not email) a known contact at your supplier to confirm, using a phone number you already have on file, not using any contact details in the change request.
- Don’t ever be pressured to change details quickly; a genuine supplier wouldn’t rush you unduly as they will always have their old bank account open to catch payments for many months (unless they’ve gone under and restarted as another business).
- Send out email remittances to your suppliers when you pay them – then they know to expect a payment.
- Make sure all purchase invoices are signed off by the person who ordered the goods or service (checking against a purchase order isn’t enough).
- Please make sure everyone working in finance, or involved in making supplier payments in your business reads this.