Chapter 1
Does it feel like you’re hearing about fraud a lot lately? Not just here on the Creditsafe blog – though we’ve definitely been talking about it – but everywhere else, too. Fraud is on the rise: JPMorgan’s 2023 AFP Payments Fraud and Control Survey Report found that 84% of businesses with revenues of over $1 billion faced attempted or actual fraud in the last year. That’s why we decided to dig deeper into what’s driving this increase in B2B fraud.
Our recent study, Battling Vendor Fraud, surveyed 200 finance and accounting professionals in the US. We were on a mission to see how finance teams are responding to new, more sophisticated types of fraud and the impact it has on their bottom line. The results were illuminating, to say the least.
So today, I sat down with Bill James, Enterprise Strategy Director for Creditsafe, to dive into what we learned and what it tells us about the future of anti-fraud training. Here are some snippets from our conversation.
Bill James: There are a few reasons vendor fraud is on the rise. Outdated internal processes and controls, for example, makes it a lot easier for fraudsters to slip through the cracks. This is something our study shows to be true, with only 5% of finance teams saying they would be alerted to potential fraud if the invoice payment deviated from the company’s standard internal payment process and controls. This indicates that many businesses may not have established vendor payment processes and controls for their team. If these don’t exist, it’s likely going to be harder for your finance team to spot if things don’t follow internal processes.
Processes and controls might seem like an extra, arbitrary step for finance teams – essentially, more work to do. But it really is going to help them spot vendor fraud faster and more effectively. At the end of the day, it’s worth spending a little more time on creating internal vendor payment processes and controls if it means a company could prevent fraud and save millions of dollars.
Easily vet vendors and suppliers
Enter a company name to view a free business verification report
Thanks to the growing popularity of AI, it’s become a lot easier for fraudsters to launch attacks, carry out scams and illegally access a company’s financial systems. Unfortunately, AI has also made it a lot harder for finance teams to spot phishing attempts and other more sophisticated fraud schemes. This comes back to what we were talking about in our report about how anti-fraud training is futile if the content and efficacy are lacking. As our study revealed, 29% of finance teams reported being trained monthly on vendor, while 21% said they’re trained quarterly. At first glance, this seems like a strong sign of how serious companies are taking vendor fraud. But our study found that only 34% of companies have had a 100% success rate of detecting and preventing fraud.
Another key reason vendor fraud is on the rise is quite simple: companies are more reliant on third-party vendors and suppliers. We get it; vendors and suppliers can bring both cost savings and growth opportunities for companies. And it can be tough for companies to balance being trusting and empathetic with being cautious and diligent about checking information in vendor invoices before making payments.
Our study’s findings show this to be the case – with only 6% of finance teams saying they’d check that a vendor invoice was for goods and/or services delivered by the vendor and just 1% saying they’d check that the payment amount was correct. Even if a company has been working with a vendor for three years, it’s still important for the finance team to check these two things for every invoice that trusted vendor submits. If you think we’re exaggerating, think again. If Evaldas Rimasauskas could pose as a Quanta employee (a trusted vendor of Facebook and Google) and scam such big companies out of $120 million, then it can happen to any company.
Chapter 1
While 67% of respondents believe their current fraud detection and prevention measures are effective, 34% have only been able to prevent fraud 100% of the time in the past year. What are the key challenges businesses face in improving the effectiveness of their anti-fraud measures?
Bill James: There are so many things finance teams need to look out for. For instance, it could be something as small as inconsistent invoices where the invoice number sequence doesn’t match with previous invoices. It could also be that a company is sent an invoice by a longtime vendor, but something doesn’t match what was agreed to in the master vendor contract. But the finance team wouldn’t know this unless they checked every invoice against the master vendor contract.
Another thing to watch out for is if the contact person on a vendor’s team suddenly changes. Listen, people change jobs. It happens. But this goes back to what I’ve been saying – finance teams need to verify this because this could be a sign that someone is trying to scam you.
The sad truth is that after working with a vendor for several years, it can be easy for finance teams to not be as diligent about checking every single detail in vendor invoices because they trust certain vendors who have proven to be reliable and honest. But a fraudster is counting on that trust and as the Facebook and Google fraud example shows, companies need to be cautious and diligent before making vendor payments, regardless of how good a relationship they have with vendors. So, companies should take a closer look at their anti-fraud training. Just because it’s being conducted regularly doesn't mean your business is safe from fraud. It’s about looking at the content of the training.
Chapter 1
It was noted that only 34% of respondents have successfully detected and prevented fraud 100% of the time. What specific areas in fraud detection training need improvement and how can companies ensure that their teams are better equipped to spot red flags?
Bill James: Anti-fraud training plays a huge role in how strong a company’s risk management controls and processes are. But it’s not just about offering anti-fraud training every quarter, or even monthly. If the training is delivered in a 30+ slide presentation or sent as a video for employees to watch with no two-way dialogue and interaction, that probably won’t have as much of an impact as if the training is done either in-person or virtually in a two-way engaging format, where employees can ask questions right then and there and the trainers can do live mock scenarios. And the content of anti-fraud training will play a key role in how effective the training is. Imagine if employees are sent a super long PowerPoint presentation that hasn’t been updated in 10 years, there’s a significant chance that several types of fraud schemes will be left out. So, when a fraudster tries to scam the company out of millions of dollars, employees could miss out on spotting red flags and warning signs.
Here are some things we recommend companies do to improve the quality and efficacy of their anti-fraud training.
Include as many types of fraud as possible: New types of fraud schemes are coming out every year. So, it’s important to include as many types of fraud as possible into the training. If any potential fraud schemes are left out, then it’s more likely your team won’t be able to spot and prevent that type of fraud. We recommend including the following types of fraud schemes: fake identity/bad actors, fake invoices, duplicate invoice payments, account takeover, triangulation, overbilling and price-fixing, to start. Of course, there are more types and this list should be updated regularly.
Update the content regularly: We’ve seen this more times than we count where training was created 10+ years ago and was never updated. So, that same 10-year-old training content is being shared with new employees. You can imagine how outdated and ineffective that training would be. It wouldn’t matter if that training was provided every month, it wouldn’t do much good if it’s based on outdated information and research.
Use research to make the content highly useful: Training content shouldn’t just provide tips and recommendations. It should also incorporate useful research into the state of vendor fraud, specific red flags to look out for and how to prevent fraud. That research could be tremendously helpful in showing employees why they need to be so aware of potential fraud schemes. If employees don’t know why something matters, they won’t be as keen to put the training into use.
Make the training interactive: Unfortunately, some companies think delivering training simply means emailing lengthy Power Point presentations (30+ slides) or videos to all staff. The best training is interactive and involves in-person or virtual training sessions that include mock scenarios and live coaching. It allows employees to ask questions right then and there so they can learn as much as possible and be more prepared to fight vendor fraud in the future.
Chapter 1
With the increasing digitization of business processes, how has this shift influenced the prevalence and sophistication of vendor fraud? Are there particular technologies or practices that fraudsters are exploiting more frequently?
Bill James: You’d have to live under a rock to not have heard of Chat GPT. But while most people have been focused on its role and influence in creating content, it’s also being used by fraudsters to write more believable text that can be used in phishing scams.
Now consider this: Analysis by Juniper Research reveals that B2B payments are expected to reach $124 trillion globally by 2028. B2B payments are essential for any business to run these days, especially when working with vendors and suppliers. But this massive amount also makes B2B payments a prime target for fraudsters. Let me give you an example. Let’s say a company has been working with a vendor for the last five years. Everything has always been normal and there haven’t been any issues or risks of fraud. But then one day, the company’s finance team receives a phishing email (unbeknownst to them) pretending to be a legitimate financial institution asking the company to download a ‘live chat app’ urgently to resolve an issue. But that app is, in fact, remote access software that would give the fraudster access and complete control of the finance team member’s device once they share the access code.
The reason I’m sharing these examples is to illustrate just how easy and common it is for fraudsters to scam businesses out of money. That’s why anti-fraud training content needs to be updated regularly. Show real-life examples of what a phishing email written by Chat GPT could look like. That way, finance teams will have a better chance of spotting potential phishing emails early. Also, anti-fraud training should include information about the different types of technology fraudsters can use to scam their business. The more employees know, the easier it will be for them to spot red flags and prevent fraud.
Chapter 1
Given the current trends in vendor fraud, what are the long-term implications for businesses if the rate of fraud continues to rise? How can businesses future-proof their operations against these evolving threats?
Bill James: It’s not a question of if the rate of vendor fraud will continue to rise; it’s a matter of how fast it will spread. The answer to that will depend on several factors, including how companies allocate budgets, resources, tools and staffing to fight vendor fraud as well as the frequency and quality of anti-fraud training. Vendor fraud won’t disappear; that’s not realistic. But if businesses prioritize fighting B2B fraud through education, training and support, then they’ll have a better chance of stopping fraud early and reducing the amount of money lost to fraud each year.
Worried about fraud's impact on your business?
About the Author
Steve Carpenter, Country Director, North America, Creditsafe
Steve Carpenter oversees business operations, sales, P&L, product and data. With an impressive 16-year tenure at Creditsafe, Steve has played an integral role in the company's international expansion efforts, spearheading global data acquisition and fostering global partnerships.