Invoice scams are rife in Australian businesses – and without proper payment controls in place, they can be all too easy to pull off. Automating accounts payable is the most effective way of combating invoice fraud and in doing so, protecting company profits.
Sometimes companies are stung hard and fast by cyber criminals in multi-million–dollar frauds that bring the business down. More often though, it’s small amounts that slip under the radar regularly and may never be discovered. Over time, this drains profits and impacts company growth.
Just recently, a National Australia Bank employee was jailed for defrauding the bank in an invoice scam that took place over four years. The staff member had approved inflated invoices from a supplier while receiving money and gifts in backhander payments.
Invoice fraud can take so many different forms, making it such a pervasive problem. The threat to businesses can literally come from all sides: it could be hackers, scammers, vendors, employees, or a combination working to defraud an organisation.
Weak points in accounts payable
Enterprises are particularly vulnerable to invoice fraud when they have not automated their procure-to-pay cycle, and still rely on people to manually process payments. This means checks may fail, or individuals may seek to exploit shortcomings in company processes for personal gain.
A key weakness in accounts payable is the fact that most invoices are emailed as attachments. As a channel, email is extremely insecure and easily compromised. An employee just needs to inadvertently click on a link to introduce malicious malware to company systems. From this point, cybercriminals can take control of the CEO or CFO’s email address and authorise illegitimate payments.
In the US alone, business email compromise schemes of this nature cost the nation approximately $1.7 billion in 2019 and accounted for almost half of all losses due to cybercrime. The disruption caused by COVID-19 with more staff working from home has only increased this type of attack.
Last year, a Sydney hedge fund was forced to shut its doors when an executive accidentally clicked on a fake Zoom invitation. This introduced malware to company systems, which ultimately led to the fund’s trustee and administrator approve $8.7 million in fraudulent invoices. The fund closed when its largest institutional client withdrew its money in response to the failings that had taken place.
System-to-system data exchange
Increased payment security is one of the reasons why the Australian and New Zealand governments have introduced PEPPOL, an international
This is a game changer for enterprises in the region, allowing invoice senders and receivers to exchange invoices directly between their PEPPOL-enabled finance systems. Trading partners can use the same or different systems with no compatibility issues, provided both are connected to the network.
Find out more: How does PEPPOL work?
As this form of data exchange becomes more prevalent, businesses will not need to send invoices as email attachments, and this type of attack will become less of a risk to firms.
AP automation safeguards
While the roll out of PEPPOL is expected to gain momentum this year, it may take several years for it to be in widespread use across the Australia New Zealand region. In the meantime, AP automation solutions enforce security checks and ensure that fake, duplicate, or inflated invoices do not slip through the net:
Worldwide there has been a huge surge in fake invoices over the last year.
Cybercriminals have capitalised on the weaker internal controls caused by COVID-19 with greater numbers of employees working from home, making compliance checks harder to perform. Further, with a dispersed workforce it can be harder to keep track of whether goods were in fact ordered and received.
With accounts payable staff under pressure to ensure business continuity in difficult circumstances, they may process payments without checking that they are dealing with an authorised supplier or that the payment information matches that held on company systems.
AP automation protects against fake supplier invoices by:
– Cross-checking the supplier’s ABN with the Australian Business Register.
– Verifying the payment details match those in the supplier master data file.
– Validating with the ATO the company is registered for GST if it’s on the invoice.
Duplicate invoices can be caused by administrative errors on either the buyer or the seller’s side. In rare cases, they could also be deliberately issued by a dishonest vendor, seeking to capitalise on a chaotic accounts payable function.
For some companies, the rate of duplicate invoices can be as high as 1.27%. For a company processing 1000 invoices a month, this would equate to almost 13 duplicate invoices mistakenly paid every month. For companies processing larger volumes of invoices, this would mean a higher number of duplicate payments and greater subsequent losses.
AP automation protects companies from paying duplicate invoices by:
– Ingesting invoice information from email attachments using Optical Character Recognition (OCR) technology
– Checking for duplicates in each connected system – OCR, Workflow, and Enterprise Resource Planning (ERP) system
– Identifying and not processing duplicate invoices or duplicate line items
Dishonest vendors might get away with charging more for a product or service than what was agreed to, failing to apply discount terms, or charging for items that were not received.
Without procure-to-pay automation, it can be difficult and time-consuming for accounts payable to have visibility of what was ordered. Further, it may be hard to track down the purchase order and verify the invoice against it.
Clearly, it’s even more challenging to authenticate non-purchase order invoices. In this case, clear controls and regular audits need to happen to ensure payment processes and safeguards work, and overpayment does not happen.
Procure-to-pay automation allows:
– Transparency and accountability around purchase requisitions
– Purchase orders to be sent to approved suppliers and saved to the system
– Automatic two-way or three-way matching of price and quantity – purchase order, invoice, goods receipt
– Savings through process efficiency and no overpayments made
– A clear audit trail of all purchasing and procurement activity
It’s worth remembering that invoice fraud can cost a business heavily – not just in the losses that slip under the radar, but also in reputational damage should poor processes and failed internal controls come to light.
An accounts payable automation solution can start to save an organisation money from go live by reducing invoice processing costs and ensuring fraudulent payments are not made. Ultimately, accounts payable automation may be an investment in your company’s future growth and profitability.