By Branden Jenkins, COO, Medius
Finance teams the world over are grappling with the problem of invoice and payment fraud.
Criminals continue to extract hard-earned cash out of businesses, who all too often are unprepared for this rampant type of fraud.
It is a subject we research into heavily here at Medius. According to our latest Financial Professional Census, which canvassed 2,750 organisations, the average estimated cost of invoice fraud to middle markets businesses is something in the region of $280,000 per year.
In the space of 12 months, these companies reported a combined 34,000 cases, the average finance team spotting one incidence of invoice fraud per month. In addition, many attacks pass under the radar.
The UK particularly paints an even more worrying picture. Where, financial professionals estimate over £295,000 is lost annually to invoice fraud per business.
Our findings are backed up by recent research carried out by Barclays, a British bank, which found that UK firms lost more money to invoice related scams than any other type of fraud during the three month period ending February 2022. Its data has also shown that the average value of funds stolen has increased by 13%.
The situation in the UK is not helped by the fact its finance teams face the highest churn out of any markets we observe. According to our survey, almost one in five finance professionals leave between seven and 11 months into their new job, which is almost 10 percentage points higher than any other country surveyed. Across the globe, the average tenure in finance teams is 30 months.
This is a problem, simply because a frequent churn of staff impacts on resourcing and continuity of processes, leaving companies even more prone to fraudulent activity passing through unnoticed.
The awareness problem
Indeed, globally there is a massive problem regarding awareness of invoice and payment fraud, and just how badly it is impacting businesses.
According to our findings, the vast majority (95%) of firms are aware of invoice fraud in some way, which is good news – however, one in four (25%) finance professionals do not know or cannot estimate how much it has cost their company.
We read a lot about payment scams impacting consumers and the general public, be it through malicious emails and text messages, or even call centres asking for bank details over the phone. However, our research consistently shows that businesses are equally vulnerable to these kinds of fraud – if criminals see a vulnerability, they won’t hesitate to try and exploit it.
And the problem is not going to go away anytime soon, not least because there is a general reluctance among businesses to talk about it. Indeed, admitting to fraud breaches has the potential to damage brand reputation and harm supplier relationships.
It happens to the biggest and seemingly most secure brands, too. Meta and Google are perhaps the most high-profile examples. In 2019, a man pleaded guilty to posing as a hardware supplier as part of a scam which defrauded the companies of more than $100 million.
What this shows is that no company, no matter its size, is immune. If this issue is to be addressed in a meaningful way, we must be prepared to hold frank and open discussions about the problem. Only then will our knowledge of what is happening increase, which in turn will prompt remedial action.
What are the most common invoice and payment scams?
We can help to start those conversations by sharing our own insight, not least around the types of scam that are most frequently defrauding businesses. Here, I will outline those scams that every organisation should be aware of.
The first and second of these scams exploit the digital sphere. Payment technology advances, a demand for convenience both from vendors and customers, and e-invoicing and taxation mandates from governments around the world have precipitated a shift to digital settling of payments.
This is opening more doors for cyber-savvy invoice criminals, who will continue to adapt their methods as new technologies and payment processes emerge.
The first scam I want to highlight involves illegitimate vendors. This is the place where many seasoned invoice scammers will start – here, they will get into an organisation’s system by submitting mundane invoices for low amounts, low enough to be passed through without questioning.
Over time, lots of small value payments can add up, and it is allowed to happen because businesses often lack the adequate processes to properly vet and set up vendors on their systems, making it too easy for low-value invoices to bypass approvals.
How can this scam be overcome? Ideally, multiple people within organisations will oversee which vendors are on the payable list.In addition, finance teams can bring in expertise from third parties to verify legitimate companies.
On the flipside, invoice fraudsters are also posing as legitimate vendors, with invoice spoofing and fake invoices being another scam to watch out for.
This involves making subtle changes to invoice information such as company addresses, routing numbers and contact details, just enough to ensure the payment is directed to the criminal account without arousing the suspicion of finance teams who automatically trust the source. Indeed, in many cases, they will simply view a change in banking details as a prompt to update their vendor system.
This type of scam is difficult to detect within companies that handle large numbers of payments on a daily basis, and perpetrators can even operate from within the vendor and paying company themselves.
To deal with this threat, firms should consider deploying cybersecurity solutions such as capture technology – this can help to identify fraudulent invoice details without the need for manual inspection.
Taking steps to reduce invoice and payment fraud
These are just three specific invoice and payment scams that criminals are currently using to defraud businesses out of vast sums of earnings.
In response, businesses need to establish a system of checks and regulations that every member of their finance and AP teams can follow with ease and consistency. In doing so, the likelihood of human error leading to a fraudulent invoice making its way through the system and all the way to payment will be markedly reduced.
Such a system of checks and regulations should involve the validation of important vendor data, including key information submitted on invoices of lower values that may otherwise pass through unchecked. Addresses, contact information, bank details – ensure these are legitimate and even consider bringing in third party validation experts from time to time to provide peace of mind.
Technology can and should complement these processes. We have already cited capture technology – these anomaly detection solutions leverage artificial intelligence and its applications to help detect suspect details and unearth invoice frauds in real time. Importantly, it removes manual and repetitive process burdens from what may already be overstretched finance teams.
Similarly, organisations should consider automating the end-to-end invoice and payment process. This, once again, will reduce the opportunity for fraudulent invoices to extract payment as a result of human error.
And it is an area that Medius sees significant room for progress. Our research shows that some 43% of invoices still need some form of manual intervention before they are settled – meanwhile, more than six in 10 (62%) of finance professionals view their company’s payment software as outdated.
Once again, the situation in the UK makes for interesting reading. Somewhat surprisingly, London lags behind the rest of the UK when it comes to automating finance departments – where, only 25% of respondents say they track and measure their automation practices (the UK average being 31%). This is significantly lower than here in the US, where the figure is 43%.
Problems are emerging from a lack of automation practices. Almost four in 10 UK finance professionals (39%) told us they can’t close their books on time, and that paying supplier invoices remains the biggest challenge facing their departments. This is reflected in the fact that, among the markets we studied, the UK takes the longest time to process invoices (27 days versus 14 in Denmark). All of this helps to create an environment that is conducive for invoice fraud to succeed.
Of course, it is not a problem unique to the UK. Globally, more than one-fifth (21%) of finance professionals agree that their organisations do not innovate enough in the field of finance automation, despite the fact that 45% believe that automation provides them with a chance to be more innovative. Meanwhile, 40.75% agree that automation allows suppliers to be paid quicker.
Sticking to manual processes simply does not afford the time for these finance professionals to fix internal processes – resultantly, there is little room for the sort of workflow innovation that will enable a more effective response to invoice fraud.
The need for cross-departmental collaboration
That said, it is not just finance teams who should be responsible for countering invoice fraudsters.
Another important finding from our research centres around how efforts to combat payment fraud are all too often siloed.
Indeed, the responsibility to detect and prevent this activity is not shared between finance and IT in almost six in 10 firms (57%), where either one or the other department assumes total ownership of the task. Worryingly, just two in five businesses (42%) have both teams collaborate around the issue.
For the remaining 58% of firms, opening forums for discussions between IT and finance departments is an obvious place to start in the fight against invoice fraud. Cross-pollinating expertise, sharing experiences, and proactively working together will lead to all parties being better informed about the threats they face and how to effectively respond.
Likewise, industry-wide collaboration between businesses is also crucial, and once again there is room for improvement. Under half (46%) of finance professionals said that they discuss new counter fraud tactics with their industry peers, listen to the advice of vendors and/or read educational content.
As supply chains become more complex and invoice fraud continues to rise in tandem, collaboration both internally and externally will be critical to stemming the tide of funds finding their way into criminals’ bank accounts.
Indeed, finance and accounts payable teams face numerous challenges in an increasingly complex business environment. They need technology to move from automation to elimination – eliminating the invoice, fraud, and wasted time on needless manual tasks. This, in combination with knowledge and experience sharing amongst peers, will be how invoice fraudsters are stopped in their tracks.