Avoiding Fake Invoice Scams

Fake invoices and billing scams are an increasingly common problem for the modern business to contend with.  While in NZ there are plenty of organisations warning about the dangers of these scams (e.g.: CertNZ, NetSafe, MBIE), statistics on the scope of the problem are harder to come by because the data relies on people both knowing that they fell victim to a scam, and then also choosing to report it.

Across the ditch in Australia the ACCC (Australian Competition & Consumer Commission) reports that in February 2019 alone, Australian businesses have paid out more than half a million dollars against fake invoices.  Though if we consider that this number is based on self-reported data and that not every fraudulent invoice is detected let alone reported, we can safely conclude that the real number is likely to be far larger.

When you compare February 2016 to February 2019, the number of reported cases has doubled in just 3 years.  While you could argue that this could be chalked up to an increase in reporting and awareness rather than indications of a growing trend, the total dollar value of those reported cases has increased by a staggering 3200%.  The problem is getting bigger and the perpetrators are getting bolder.

How the scam works is that a fraudster will send your company an invoice for non-existent goods or services in the hope that you pay it blindly.  Often the fake invoices are mocked up in a format to match known vendors so it first glance it looks legitimate with only payment account number that’s been changed.  They may have even copied an actual invoice so that the reference details, like customer numbers, dates, invoice number and purchase order number are in fact all correct.  Often these invoices are deliberately valued so that they fall just under the common authority thresholds for Accounts Payable (AP) Staff and mid-tier managers to sign off.  This means that a busy approver will see an invoice from a trusted vendor, check that value within range of normal expectations and within their authority to authorise, and then they will simply approve it and move on.

If you are involved in the AP Process for your organisation, whether as part of the AP team or as an approver / budget holder, pause here for a moment to reflect on your processes.  Statistically speaking, the higher the number of invoices you receive and the larger the pool of regular suppliers you have, the more likely you are to miss a fake invoice.  Do you know for certain that all the invoices you’ve approved/paid are genuine…?

The good news is that while scammers are getting more creative in their methods to fool unwary businesses, AP Automation solutions are getting smarter in their methods of detecting them.

UpSol can deploy AP Automation solutions that use a variety of methods for the identification of this kind of fraud which can include:

• Email Validation
  Ensure that the incoming senders email address matches the known address of the vendor.

• Duplicate Checking
  Automatic checking the invoice header information against already received invoices.

• Payment Account Number
  Checking that the payment account number on the invoice matches the account number you have on record. You can also validate that the account is for a NZ bank code and matches the format of a NZ bank account number.

• Purchase Orders
  Encourage your vendors cite your purchase order number and cross check it against open PO’s in the finance system.

If any of these kinds of checks fail, or if the content extracted from the invoice doesn’t match known values, the invoices can automatically be flagged as suspect and routed to the appropriate person/team to check.

If you would like to have a chat about how we can help add some of these checks and balances to your AP process, please don’t hesitate to contact us.

Follow UpSol on LinkedIn for more helpful blogs and videos
www.linkedin.com/company/upsol/

Where to get additional help
If you suspect that you have encountered an fraudulent activity you can report scams to Netsafe and cyber security incidents to CertNZ.  These organisations can also offer advice and support on what your next steps could be.