The fraud fighter’s guide: effective approaches to tackle AP fraud

No organisation is risk-free when it comes to payment fraud. Thankfully, you can protect your account payable (AP) team from increased risk by examining common fraud methods, implementing security measures to strengthen your internal controls and improving your payment visibility with AP automation tools. Here, I’ll explain these steps to help your team effectively tackle the growing risk of AP fraud.

Common fraud methods 

To help your AP team prepare for potential fraud risk, it’s important to first familiarise yourself with four of the most common fraud methods:

Cheque fraud 

Cheques are the most vulnerable payment method, with 63 per cent of companies reporting fraud activity via checks in 2023. Paper cheques can easily be intercepted and stolen from unattended mailboxes, particularly in the United States, creating increased opportunities for physical fraud, especially cheque alteration and counterfeiting. Mailing sensitive information such as account holder names, account numbers and routing numbers also makes paper cheques vulnerable to account takeover.

Business email compromise 

Business email compromise (BEC) is the fastest-growing fraud method used today. The losses from BEC schemes are 80 times greater than ransomware and total more than $2.7 billion, according to an FBI internet crime report. In most BEC scams, the attacker poses as someone you should trust, typically a colleague, boss or vendor. The attacker sends an email to the payer and asks them to make a wire transfer, divert a payroll payment to a new account, or change the routing/account number for an automated clearing house (ACH) payment. When successful, the attacker tricks the payer into sending a payment to an account that the attacker can access but which has no connection to your intended payee.

ACH fraud 

This fraud method involves funds being electronically transferred, using the ACH network, from your company’s bank account to what appears to be an authorised account. ACH fraud can happen through successful phishing attempts, BEC, data breaches, or by the installation of malicious software. 

Cyber-fraud 

Cyber-criminals find a weak point and hack into your company’s computer systems to steal protected financial information. Some of the best ways to protect your business from cyber-fraud risk are to strengthen your internal AP controls, and to consider using a payment provider with a secure, compliant payment platform for your AP processing.

Strengthening your internal controls 

As fraudsters grow and adapt, it’s difficult for your AP team to remain trained on all the emerging fraud methods. However, fraud prevention is possible, and being aware of what internal strategies and policies you have in place for AP processing can help you prepare your team to recognise and mitigate fraud attempts in the future.

Start with these best practices:  

Digitise your cheque payments to keep them out of the mail whenever possible 

By digitising your paper cheque payments, you remove them from mailboxes and eliminate the risk of physical fraud, such as counterfeiting and alteration. You’ll know that your digital payment is only being seen and received by the payee. 

Setting clear expectations with your AP team 

Without an outside vendor, it’s entirely your AP team’s responsibility to ensure everyone gets paid the way they want. This opens the door to BEC by putting the employee in a vulnerable position. Your AP team aims to get your vendors paid quickly, and BEC attackers use this to their advantage. Set clear expectations with your AP team that it’s their job to question every payment request and that they will never be in trouble for taking time to confirm that a payment request is legitimate.

Educate and train your AP staff on fraud awareness and prevention 

Provide regular training sessions for your staff on the methods and indicators of potential fraud. Encourage your staff to ask questions, be aware of your company’s security policies and make sure employees know where to report any suspected fraud. 

Outsource your risk 

Instead of relying solely on your AP team, you can outsource your risk to a trusted payments provider. When using your payment provider’s account, the funds are pulled from yours into a sub-account and then sent from that sub-account using the preferred payee method. This also simplifies your reconciliation process and reduces the hassle on your AP team.

The benefits of using your payment provider’s transaction account include improved payment visibility and traceability. Even with a paper cheque, the payment information is your payment provider’s and not your own, giving you an added security layer. 

Payment providers have sophisticated tools to prevent fraud and ensure your payment is sent to your vendor, not some BEC attacker. Your company doesn’t need to invest in these fraud-blocking tools or spend valuable time proving a payment is legitimate. By leveraging your payment partner’s expertise and security features, you’re removing added stress from your AP team to stay up to date on current fraud methods and reducing your overall risk.

To find out more, please visit www.deluxe.com/dpxplus.

By Steve Gaida, Payments Leader in Product Management & Consulting, Deluxe Corporation