5 tips to prevent payments fraud
This practical advice from higher-ed insiders offer a look at how to prevent business payments fraud
While it may be a surprise to the average person that business payments fraud is the largest source of cybercrime in the U.S, it’s at the forefront of every professional working in accounts payable and/or procurement today.
These hard-working individuals bear the enormous responsibility of authenticating and authorizing that payments–thousands of them, in some cases–are in fact going to the right vendor, day in and day out. And with staggering statistics to underscore the enormity of the problem–AFP’s annual Payments Fraud and Control Survey notes 74 percent of companies reported they were the target of an attempted or successful payment fraud scam last year–can you guess the primary targets for these bad actors? Sixty percent of the time, it’s Accounts Payable and Procurement departments.
While the impact of a fraud incident on a higher-ed institution is costly, not to mention detrimental to its reputation, the cost to a finance professional tasked with critical payment decisions daily–and now for many, from home–has potential to be even more damaging. The answer isn’t to be “more careful,” as so many industry pundits and big banks preach.
Here is practical advice and insight, from those in higher ed who are on the front lines of vendor management, to help others safeguard against increasingly savvy fraudsters. The encouraging news is that many of these best practices can be put into place as quickly as today.
#1 Zero Trust
Emma Foster, Accounting Department, KFS Vendor Onboarding at the University of California, Irvine advises, “Don’t take anything at face value; if in doubt, check it out! Google is my best friend!”
Zero trust in emailed information tops the list when it comes to sound advice on ‘being careful.’ Foster double-checks any submitted information that doesn’t seem to add up, perhaps a new address or phone number. A quick Google search might turn up something that could explain it. But with one big caveat to all of you Google searchers: not everything you see online is what it seems. Searching is a great first step, but it shouldn’t be your only step!
#2 Partner Up
Miguel Silva, Contracts and Procurement Analyst, California State University, Monterey Bay, notes: “Do whatever it takes to ensure the information you are gathering is coming from the actual vendor. That used to mean only accepting hand signed documents, or now, relying on a 3rd party platform to facilitate it.”
Historically, the team at CSUMB went through the painstaking effort to verify all incoming vendor information, sometimes using Foster’s approach, but last year turned to a third-party vendor to validate the vendor information on their behalf. Finding a trusted partner to verify vendor information such as phone numbers, addresses, tax ID, or banking information can go a long way towards bringing peace of mind to the vendor desk, not to mention creating meaningful efficiencies.
#3 Slow Down
Thomas Nunn, Procurement Officer, Cabarrus County, NC suggests, “Never take anyone’s information and react to it quickly. If someone contacts you and needs to change their banking information or anything related to their vendor status, collect as much data from that person as you can, and then set it aside. Many times, if you react to it while you’re in the middle of your normal everyday duties, you can seriously miss something. If you can set it aside, you give yourself a chance to give it your full undivided attention. In other words: slow down.”
Speed often leads to mistakes. Nunn’s advice to not act on any changes when you are distracted is a salient piece of wisdom. Fraudsters almost always use a sense of urgency to get the vendor desk person to miss a detail or not follow protocol. Urgency should almost always be a red flag.
#4 Avoid Short Cuts
Wendy Grayauskie, Assistant Director for Procurement, Villanova University advises, “You need to hold your ground when folks want to take short cuts. We do things for a reason, and we need to protect the university. Some of the decisions that we make are not popular. It’s not supposed to be what’s popular. It’s supposed to be what’s right.”
Sometimes that pressure and urgency can come from within your own organization. Someone in a hurry, or someone who forgot to get the PO moving, will push to have rules ignored ‘just this one time.’ In 2020, insurance broker Willis, Towers, Watson reported that 66 percent of financial losses from social engineering were the result of a process either not existing or not being followed. While fraudster’s often target AP, Finance and Procurement departments, they are not the only targets out there. Any person at your organization who is dealing directly with a vendor could be a target for social engineering. As Grayauskie says, you have a procedure for a reason, stick with it.
#5 Detective for Hire
Lorna Przeslawski, Procure to Pay Analyst, Bowling Green State University notes, “Use every available source you have to validate submitted info. While BGSU uses a 3rd party for validating submitted info, I do sometimes need to validate items myself. When I do, I use past invoices and PO’s, internal sources who have worked with the vendor before, and, when necessary, I pick up the phone and call the vendor directly- using a phone number that is confirmed to be associated with the business. Sometimes you need to be a detective!”
By relying on both technology and your detective skills to authorize and validate vendor information, you are putting yourself and your organization in a better position to safeguard against bad actors and mitigate the risk for business payments fraud. Combined, this layer of defense is a true best practice in ensuring an efficient and reliable vendor management process.
It’s safe to say, “be more careful” is a hollow and meaningless adage when it comes to protecting against increasingly savvy fraudsters. The answer must begin with an industry wide shift to modernizing this critical business function – from eliminating checks to digitally enabling the payee verification process to implementing repeatable and actionable processes to authenticate vendors. Only then will organizations confidently eliminate the risk of business payments fraud while ensuring hard working AP professionals can sleep at night!