The fraud fighter's guide: Effective approaches to tackle AP fraud

No organization is safe from potential risk when it comes to payment fraud. You can protect your AP team from increased risk by examining common fraud methods, implementing security measures to strengthen your internal controls, and improving your payment visibility with AP automation tools. The following steps in this article will help your team effectively tackle the growing risk of AP fraud.

Common fraud methods

To help your AP team prepare for potential fraud risk, it’s important to first familiarize yourself with four of the most common fraud methods:

1. Check fraud

Checks are the most vulnerable payment method, with 53 percent of companies reporting fraud activity via checks in 2023.¹ Paper checks can easily be intercepted and stolen from unattended mailboxes, creating increased opportunities for physical fraud, especially check alteration and counterfeiting. Mailing sensitive information like account holder name, account number, and routing number also makes paper checks vulnerable to account takeover.

2. Business email compromise

Business Email Compromise (BEC) is the fastest-growing fraud method used today. The losses from BEC schemes are 80 times greater than ransomware and total more than $2.7 billion, according to an FBI Internet Crime Report.² In most BEC scams, the attacker poses as someone you should trust, typically a colleague, boss or vendor. The attacker sends an email to the payer and asks them to make a wire transfer, divert a payroll payment to a new account, or change the routing/account number for an ACH payment. When successful, the attacker tricks the payer into sending a payment to an account that the attacker can access but has no connection to your intended payee.

3. ACH fraud

This fraud method happens when funds are electronically transferred, using the ACH network, from your company’s bank account to an authorized account. ACH fraud can happen through successful phishing attempts, BEC, data breaches, or by installing malicious software.

4. Cyber fraud

Cybercriminals find a weak point and hack into your company’s computer systems to steal protected financial information. Some of the best ways to protect your business from cyber fraud risk are to strengthen your internal AP controls and consider using a payment provider with a secure, compliant payment platform for your AP processing.

Strengthening your internal controls

As fraudsters grow and adapt, it’s difficult for your AP team to remain trained on all the emerging fraud methods. However, fraud prevention is possible, and being aware of what internal strategies and policies you have in place for AP processing can help you prepare your team to recognize and mitigate fraud attempts in the future.

Start with these best practices:

1. Digitize your check payments to keep them out of the mail whenever possible.

By digitizing your paper check payments, you remove them from mailboxes and eliminate the risk of physical fraud, such as counterfeiting and alteration. You’ll know that your digital payment is only being seen and received by the payee.

2. Set clear expectations with your AP team.

Without an outside vendor, it’s entirely your AP team’s responsibility to ensure everyone gets paid the way they want. This opens the door to BEC by putting the employee in a vulnerable position. Your AP team aims to get your vendors paid quickly, and BEC attackers use this to their advantage. Set clear expectations with your AP team that it’s their job to question every payment request and that they will never be in trouble for taking time to confirm that a payment request is legitimate.

3. Educate and train your AP staff on fraud awareness and prevention.

Provide regular training sessions for your staff on the methods and indicators of potential fraud. Encourage your staff to ask questions, be aware of your company’s security policies and make sure employees know where to report any suspected fraud.

4. Outsource your risk.

Instead of relying solely on your AP team, you can outsource your risk to a trusted payments provider. When using your payment provider’s account, the funds are pulled from yours into a subaccount and then sent from that subaccount using the preferred payee method. This also simplifies your reconciliation process and reduces the hassle on your AP team.

The benefits of using your payment provider’s transaction account include improved payment visibility and traceability. Even with a paper check, the payment information is your payment provider’s and not your own, giving you an added security layer.

Payment providers have sophisticated tools to prevent fraud and ensure your payment is sent to your vendor, not some BEC attacker. Your company doesn’t need to invest in these fraud-blocking tools or spend valuable time proving a payment is legitimate. By leveraging your payment partner’s expertise and security features, you’re removing added stress from your AP team to stay up to date on current fraud methods and reducing your overall risk.

Sources:

1. 2024 AFP Payments Fraud and Control Survey

2. https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf