Organizations lose an estimated five percent of revenue each year as a result of fraud. This equates to $4.5 trillion in losses globally. Accounts payable scams are those that take advantage of finances flowing out of a business to steal money from operators or vendors. In 2019, a staggering 81 percent of organizations were targeted with payment fraud.
While many of these scams are difficult to spot, you can put controls in place to help detect or prevent them. Advanced accounting software can help, but there are also plenty of detection methods that are simple to implement, even for businesses on a budget.
What is an accounts payable scam?
An accounts payable scam refers to criminal activity that involves outgoing payments from a company. Examples include billing schemes, check fraud, and kickback scams.
Some instances of accounts payable fraud are crimes of opportunity whereas others involve complex schemes with multiple players. Crimes might be committed internally or externally.
- Internal: Internal accounts payable fraud involves an employee or group of employees and is considered a type of occupational fraud (also known as workplace fraud). Most of these cases, such as check fraud and duplicate payments, fall under the label of “misappropriation of assets,” which essentially means the employee is stealing from the organization.
- Internal/external: Other schemes center around some sort of collaboration between an employee and an external party. These fall under the category of corruption, though some forms of corruption may also be considered misappropriation of assets and vice versa.
- External: Finally, some types of accounts payable fraud don’t involve employees directly and are committed by external parties such as vendors or fraudsters posing as vendors. These schemes typically rely on accounts payable personnel falling for the scam, for example, a phishing attack.
According to the 2020 ACFE Report to the Nations, accounts payable departments are involved in 14 percent of all occupational fraud. A typical fraud case will last 14 months, causing an average loss of $8,300 per month. And many go years without detection. For example, schemes involving payroll, check and payment tampering, expense reimbursements, and billing lasted an average of 24 months.
Also of note in the report, billing and payroll fraud are twice as likely to occur in small organizations versus larger companies. Check and payment tampering is four times as likely.
What are the main types of accounts payable scams?
Accounts payable fraud can take many and varied forms. Here are some of the main ones to be aware of.
Billing schemes involve some type of invoice scam. In more elaborate schemes, you might see a combination of multiple billing scams, often with a little corruption thrown in for good measure.
The 2020 ACFE report found that billing schemes can be costly, causing a median loss of $100,000.
Below are some of the most common types of billing fraud to watch out for:
- Overbilling: A vendor inflates the amount owing and it goes unnoticed by the accounts payable department.
- Overpayment: An employee could overpay a vendor and keep the returned balance for themselves.
- False billing: An employee creates an invoice for goods or services (from a legitimate or fake vendor) that weren’t delivered and takes the payment for themselves. A former Honda employee in Ohio used this tactic to defraud the company out of $750,000.
- Duplicate invoice payments: An invoice is paid twice. Then either there is a credit with the vendor (so the employee can keep the next payment) or the vendor returns the second payment and the employee takes it for themselves.
- Pass-through schemes: A vendor and employee work together in an overbilling, overpayment, false billing, or duplicate invoice scheme. The employee receives a portion of the funds.
- Disguised personal purchases: An employee uses company money to pay for personal expenses.
- Fake vendor: An employee creates a fake vendor account and sends money to themselves. An Oregon woman used this technique to embezzle over $4.5 million from a real estate investment company, Weyerhaeuser.
Kickback schemes are possible when an employee has some influence over vendor selection or product purchases. The employee persuades the company to go with a given vendor or purchase a specific product or service and gets some type of kickback from the vendor. This could be monetary or in some other form, for example, a credit or gift.
In similar schemes, there may be no actual kickback involved but there is some conflict of interest. For example, the vendor company might employ or be run by a family or friend of the offending employee. While a conflict of interest isn’t a crime in itself, it may violate company policy and could open the door to various types of fraud, including billing and kickback schemes.
As the name suggests, check fraud involves tampering with checks. The perpetrators can use a couple of different tactics. One is to take a legitimate check and change the name of the payee or the amount. Another is to simply use a new check for a personal expense and pass it off as a business expense.
The ACFE found that cases involving check and payment tampering result in a median loss of $110,000.
The Automated Clearing House (ACH) is a central network that processes the electronic transfer of funds. If an employee or hacker has access to these files, they can change the payment information such that funds are deposited into their account instead of that of the vendor. They might also set up a new payee with their own details.
The 2019 AFP Payments Fraud and Control Survey found that ACH fraud is rapidly on the rise. In 2018, 20 percent of organizations experienced fraud via ACH credit, compared to 13 percent in 2017. In the same period, fraud via ACH debits increased from 28 percent to 33 percent.
Expense reimbursement fraud
Plenty of companies reimburse employees for expenses for any number of activities, including travel, events, and client entertainment. And many companies aren’t too strict about the expense approval process. This leaves opportunities for employees to claim duplicate, fake, or overstated costs, or sneak in some personal expenses.
In other cases, an employee might claim a purchase that was made on their personal card, but then return the item for a refund.
While many of the schemes we’ve covered so far involve employees and/or vendors, phishing schemes are usually perpetrated by a third party outside of the company-vendor agreement, typically posing as a vendor.
A phishing scheme is a type of Business Email Compromise (BEC) attack and often involves highly targeted emails that use social engineering to persuade the recipient to divulge information or transfer funds. But scams may be less direct, often involving multiple parties and emails. Some don’t use email at all and instead take place over the phone or via text message.
According to the 2019 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3), there were 23,775 BEC complaints in 2019. Collectively, these resulted in losses totaling over $1.7 billion. What’s more, the AFP found that in 2018, BEC impacted 80 percent of organizations. This was up from 64 percent in 2015.
In 2010, Advance Publications was conned out of almost $8 million through a fraud that consisted of a simple email.
And in another elaborate invoice fraud scheme, Evaldas Rimašauskas of Lithuania duped Google and Facebook out of $100 million. The scam involved impersonating a company (Taiwan-based Quanta Computer) that both Facebook and Google do business with and sending phishing emails requesting funds be sent to Rimašauskas’ bank account.
If companies of this size can fall victim to such large-scale schemes, it doesn’t bode well for smaller businesses that lack the expertise and controls to prevent attacks.
How to detect and prevent accounts payable fraud
Although many accounts payable schemes are difficult to detect, in general, businesses aren’t doing enough to prevent them. The ACFE reports that almost one-third of fraud can be attributed to a lack of controls.
Inefficient processes and manual data entry remain a top issue related to accounts payable. According to Beanworks, 71 percent of surveyed organizations cite this as a major area of concern.
If you want to stay ahead of the curve and ramp-up protection against accounts payable scams, below are some steps you can take.
Here’s how to avoid accounts payable fraud:
- Check invoice details
- Apply Benford’s Law
- Look out for invoices just below approval amounts
- Monitor for stolen checks
- Verify new vendors and information changes
- Look out for flush or struggling employees
- Conduct unscheduled audits
- Consider investing in technology
- Provide better training
- Have formal reporting mechanisms in place
Let’s look at these in more detail.
1. Check invoice details
This may seem like a very simple instruction but a 2018 UK study found that half of businesses are exposing themselves to unnecessary risk of invoice fraud. Only half of respondents said that they review the details of an email invoice requesting online payment.
In one of the biggest invoice fraud schemes to date, Amazon was duped out of $26 million. The scheme involved the manipulation of Amazon’s vendor systems but was eventually detected by the controls the company had in place.
Here are some simple checks that can be performed manually or via an automated system:
- Look out for unusually high invoice volume, large payments, or high or low prices
- Monitor for rounded dollar amounts
- Scan for duplicate payments
- Perform fuzzy-matching (look for close matches in invoice details)
- Investigate Invoices with key details missing
- Be wary of free email address such as a Gmail address (most larger vendors will have their own domain name)
- Look out for a vendor address that looks like a residential address
- Monitor for similar vendor names (one could be legitimate and one fake)
- Take a closer look at unprofessional-looking invoices or those that look like they have been photocopied
- Cross-check vendor and employee files for any matching information such as an address, phone number, tax ID number, or banking information.
2. Apply Benford’s Law
Benford’s Law has long been used by accountants as a tool to detect fraud. This law predicts the frequencies with which each digit will occur as a leading numeral in a dataset. While it is often applied to accounting datasets such as invoice amounts, Benford’s Law may apply to other sets of numbers, for example, stock prices and city populations.
The number “1” is expected to be the most common, appearing as the first digit more than 30 percent of the time. The numeral “9” is the least likely to appear as the first digit, leading just 4.6 percent of numbers.
If you start to see a pattern that goes against Benford’s Law, this might be a sign you should investigate further.
Bear in mind that this can only be applied to large datasets. 50 numbers would be the minimum, but more than 500 is preferable.
3. Look out for invoices just below approval amounts
Accounts payable controls often include caps on the amounts certain employees are allowed to authorize. Fraud can often be uncovered by looking for amounts just below those authorization caps.
For example, if an employee is allowed to authorize payments up to $10,000, you could look out for an unusually high number of payments just below that amount.
Of course, a more savvy fraudster would vary the amounts to avoid detection in this manner, but it’s very feasible that greed takes over and they want to maximize their gains from each fraudulent transaction.
4. Monitor for stolen checks
If you keep track of check numbers, a simple way to detect missing checks is to look out for missing numbers.
One way to identify missing checks is to reconcile accounts payable against monthly bank statements. If there is a gap in check numbers, this should be investigated further.
You could also automate the system to compare your check register against your accounts payable and bank statements, creating a three-way control.
5. Verify new vendors and information changes
The UK study cited above found that 39 percent said they wouldn’t check details if an accountant asked them to pay fees into a different bank account than usual. This is in spite of the fact that £49.3 million was lost to invoice fraud in the UK in the first half of 2018.
It’s important to properly vet every new vendor added to your accounts payable. As part of the review, you should cross-check employee details with those of the vendor. In addition, any changes to vendor information should be verified, particularly changes to banking information.
A vendor request to add or change a bank account should always require a confirmation phone call or other human verification. Note that you should avoid using the contact details provided on the invoice. Fraudulent invoices could easily contain a fake phone number, so you might just end up calling the scammer for verification. Instead, find the vendor’s contact information from past records or an online search.
6. Look out for flush or struggling employees
This may seem obvious, but plenty of fraudsters have been caught for being too showy with their money. It’s not unusual for embezzlers to purchase new houses, vehicles, and luxury items such as high-end clothes or accessories. Regular vacations may also be a tell-tale sign that something’s amiss.
The ACFE found that 42 percent of employees involved in occupational fraud were found to be living beyond their means.
On the flip side, the study found that 26 percent were having financial difficulties, so that’s another sign to look out for. People who appear to be enduring financial hardship could be looking to defraud the company out of cash.
Of course, it may be tough to tell when higher-paid employees are flush with cash. And although owners and executives are less likely to commit occupational fraud, according to the ACFE, they are most likely to cause the largest losses (an average of $600,000 compared to regular employees at $60,000).
It’s also worth noting here that the majority of occupational fraud is carried out by men (72 percent). Men are also responsible for higher median losses ($150,000 compared to $82,000 in cases perpetrated by women).
7. Conduct unscheduled audits
The element of surprise can be a huge advantage when detecting and deterring fraud. By keeping everyone on their toes with unscheduled audits, you can hopefully give employees enough reason not to carry out fraud in the first place.
If they go ahead with it anyway, a surprise audit should leave them with no time to cover their tracks.
8. Consider investing in technology
Employing new technology to address accounts payable fraud concerns can save time and avoid the risk of human error.
The use of basic automated software such as Xero or Beanworks can help you spot issues in invoices and payments. For example, with this type of accounting software, it’s easy to match invoices to payments, and detect things like duplicate payments and multiple payees for a single vendor. You have virtually endless possibilities when it comes to customized reports, making it straightforward to look out for things like anomalous volumes or amounts.
Advances in Artificial Intelligence (AI) have paved the way for a number of new platforms. It has even been integrated into industry mainstays such as Quickbooks. AI technology can analyze large amounts of data extremely quickly so you can boost efficiency and minimize errors. It can even be used to automatically pay invoices that meet set criteria, so you reduce the risk of a late payment.
9. Provide better training
Uncovering fraud often relies on tips from employees, so it’s crucial that workers are trained in what to look out for. The ACFE found that 43 percent of schemes were discovered as a result of tips, half of which came from employees. It also reported that spend on fraud training for employees has increased by 11 percent (nine percent for managers and executives) in the past decade.
In particular, employees need to be trained to avoid BEC attempts (which mostly involve some type of phishing) and to spot internal fraud.
10. Have formal reporting mechanisms in place
Of course, employee fraud training is most effective when there are well-documented formal reporting mechanisms in place. Workers should be instructed exactly how to provide tips regarding ongoing or past fraud.
The ACFE noted that the preference is for whistleblowers to use telephone hotlines, email, and online forms, with all of these reporting methods being utilized equally in 2018.
When devising a reporting mechanism, it’s important to consider who should receive the information. In 2018, 28 percent of whistleblowers went to their direct supervisors to report fraud. Other popular channels included the fraud investigation team, an executive, a coworker, or a law enforcement officer or regulator.
Accounts payable fraud can be hugely damaging to the bottom line. And it doesn’t show signs of slowing down in terms of the threat it poses to organizations. That said, by implementing some of the steps outlined here, you can minimize the risk it poses to your business.