18 Apr Whom Are You Paying?
The Criticality of Vendor Bank Account Verification
In accounts payable, guarding against fraud is like visiting a big city. Scammers are looking for you. New York City is one of the greatest and safest cities in the world. But take a tip from the natives, the guidebooks and even the Metropolitan Museum of Art (see George de La Tour’s painting “The Fortune Teller”)—there are people on the streets trying to separate you from your money.
There are ticket scams, unofficial cabs, “cheap” subway MetroCards, the CD or monk scams and the sidewalk three-card monte, in which not only is it impossible for you to win the bet, but someone is probably picking your pocket as you focus on the action.
Accounts payable faces a similar array of schemes. Perpetrators can include employees or vendors or phony vendors, and their methods include billing fraud, check fraud, reimbursement fraud, kickbacks and — ACH fraud. Reportedly 82 percent of organizations report attempted or successful payment fraud. Hence the criticality of internal controls and audits.
BEC and Vendor Bank Accounts
Hustlers never rest, and with new technologies come new schemes. New schemes demand new controls. For example, criminals now target electronic payments using new and convincing approaches via cyberspace. Specifically, business email compromise or BEC has proven lucrative for the savvy and patient perp. And like three-car monte, it’s a confidence trick.
AP staff are becoming more careful about unusual emails from CFOs or CEOs ordering urgent wire payments to an entity. But there’s another approach that can be harder to spot: regular vendor email communications. These are difficult because cybercriminals are both sophisticated and patient. For example, a scammer can infiltrate one of your vendors through BEC. Once in, the crook will patiently observe business communications and gather intelligence.
Once the criminal knows the pattern and tone of communications and invoice timing, he can spoof an email from the vendor or even intercept and alter an email from the vendor to your organization. The email might deliver a typical-looking invoice, conveniently including bank account information for electronic payment. Or it might be a convincing request to update banking information, which, when complied with, will lead to you paying the perpetrator instead of the vendor when you make the next payment.
How to prevent paying the wrong party
What can accounts payable do? Many AP departments have control policies for verifying vendor bank account information, especially change requests. But those controls may be manual, such as making a phone call, and may not always be followed. Or sheer volume might prevent running down every vendor account. But AP needs to follow the controls every time, verifying the routing and account numbers and the actual account owner.
Third-party services can help organizations stay ahead of fraudsters. They automate bank account verification and provide 100 percent coverage (all vendors) in real-time, verifying the account owner, account number and routing number. So, AP can pay confidently.
Verifying vendors’ ownership and initial and subsequent bank routing and account numbers is critical to avoid fraud and even simple errors. Through automation, AP can verify all vendors, not just the large ones or whichever they manage to squeeze in time to review. Such systems automatically access bank databases, providing AP the necessary validation, and warning of any fallacious accounts.
Automated bank account ownership verification has become an essential best practice to avoid fraud.
To learn how VendorInfo automates your vendor bank account verification, contact us.