The reality is that invoice fraud is a big business and this multimillion-dollar industry will continue to target anyone that has access to an email account and processes bills online.
While defence mechanisms deployed by IT departments and accounting departments are becoming more sophisticated, so too are the mechanisms used by cyber criminals.
Coming from the professional services industry myself, I have seen first-hand innumerable attempts at invoice fraud and can vouch that these attacks are becoming increasingly sophisticated.
Ultimately, invoice fraud risk minimisation is reliant upon the adoption of a good process and the optimisation of your company’s various technologies and accounting systems. Based on my experience within the industry, I have identified five key steps to give businesses the best possible chance to avoid becoming the victim of invoice fraud.
Step 1: Implementation of security and fraud detection software
The purchase and deployment of premium security software (and hardware) should be considered the building block, or foundation, of your invoice fraud risk minimisation strategy.
These software solutions can include mechanisms such as anti-virus, email filtering, firewalls and regular server/end-user device patching.
Step 2: Implementation of cyber security awareness and training programs
Cyber security awareness and training programs, for both business owners and staff, help your business recognise the signs of fraud by making sure that your staff are educated in recognising malicious emails or identifying suspicious websites.
Importantly, cyber security awareness is not just a reminder to look out for phishing emails; it is a cultural and behavioural change to ensure cyber security is front of mind by regularly reminding staff of the threats that exist and teaching them how to recognise and respond to those threats.
Step 3: Implementation of automated accounts payable solutions
Automating your accounts payable processes is a fast and easy way to minimise both manual error and susceptibility to fraud.
There are many available systems that use character recognition technology to read the invoice and automatically input the invoice data into your accounting system, thus eliminating the need for manual entry.
These systems typically include features that also flag changes to customer bank account details, in addition to highlighting duplicate invoices from the same supplier.
Although there are several off-the-shelf systems available, it is important to implement a system that best fits with your business needs.
Step 4: Implement internal controls and best practice processes
A correctly designed, implemented and monitored internal control framework will help safeguard your company’s assets, enhance the integrity of accounting records and eliminate opportunities for fraud.
Internal controls include:
- Separation of duties
- Access controls and restrictions
- Physical audit of assets
- Standardised financial documentation
- Periodic reconciliations of accounting systems
- Approval authority requirements
Best practice processes will ensure staff are taking necessary measures to detect fraud including checking directly with suppliers when bank details are changed and getting a second approval for changes of bank details and upload of payments to the bank.
Step 5: Cyber security insurance to cover losses incurred by fraud
Although it is not a prevention mechanism, cyber insurance can protect your organisation from financial loss should the worst occur.
Even with all the prevention mechanisms listed above, it’s important to understand that there is no silver bullet to preventing invoice fraud and it is impossible to eliminate 100 per cent of attacks.
For that reason, cyber insurance can be a good safety net for companies that want to make sure that they are covered in the event of a breach.
Amy Riddell, director, Beanz