Large-scale, interconnected supply chains make the modern global economy possible. But while these extensive supplier networks improve efficiency, they also introduce major legal, financial and reputational risks.
One of the largest and most overlooked risks of them all: payment fraud.
Organizations handle hundreds and even thousands of supplier payments each month. The sheer volume of transactions and fragmentation of payment processes offer a would-be criminal numerous opportunities to spot weaknesses and exploit these processes.
The problem is not new, however it is growing both in terms of volume and sophistication. Take the case of Natalia Pouchinka, a manager at a payments company who between 2014-15 submitted 32 fraudulent purchase orders and invoices under the guise of a fictitious supplier. The clincher? The fictitious company’s name was only one letter off from her employer’s actual supplier, making it easy to pull the wool over less than watchful eyes. Lax company procedures and lack of continuous supplier verification allowed a well-positioned insider like Pouchinka to defraud her employer of $5.5 million.
A more recent case demonstrated a frightening leap in the sophistication of fraud techniques. In March of 2019, criminals used commercially available voice software to defraud a UK-based energy firm of $243,000. The daring social-engineering scheme involved impersonating the voice of the parent company’s boss over the phone with urgent demands that the UK firm’s CEO wire funds to a Hungarian supplier within the hour. Guarantees that the money would be reimbursed never materialized, but it was only once the scammers called requesting a second transaction that the UK CEO got suspicious and uncovered the plot.
The key takeaway from these cases? Each link in today’s expanding supply chains presents potential opportunities for payment fraud – even at the CEO level!
Recent data gathered by KPMG reveal that this risk is widespread, but large organizations are hit the hardest. 87 percent of companies with over $1 billion in revenue suffered supplier payment fraud. For all other companies, this figure was still an alarmingly high 67 percent.
What’s worse, the depth, complexity and global reach of supply chains often leaves these companies completely blind to fraud. Approximately 60 percent of the companies studied didn’t even know they’d been hit. The research also highlighted the fact that while companies invest in enhanced processes and employee training, ultimately, the volume of attacks and losses have increased over the last few years. This is driven by a combination of factors including low visibility, complex supplier management processes not always being followed properly, convoluted manual processes prone to error, insider threats or insecure payment processes.
Due to the complexities inherent in interdependent supplier relationships, a key means of combatting payment fraud is to streamline and control the supplier verification and payment process. Given that high-risk processes are traditionally manual, robust cybersecurity technology for due diligence and securing payments procedures can also help thwart fraudsters.
Positive validation must be the cornerstone of any supplier and payment verification solution. A streamlined practice to validate accounts and a centralized, crowdsourced repository of verified supplier accounts from around the world can make this possible. Whenever a payment request comes through, it can be cross-referenced against that trusted, secure database to ensure that the supplier’s name and bank account details match those on file.
To start implementing this approach, the first necessary step is to establish a policy and a formal technology-based vetting procedure for any new or existing third-parties not yet verified. The initial vetting process must be thorough. A similarly rigorous procedure should also be followed whenever a supplier wishes to update their payment details. Automated checks against this trusted database must then occur at each phase within a company’s own internal payment process.
The threat of supplier payments fraud is all too real and will only expand the further stretched supply chains become. To that end, nsKnox has developed a robust and authoritative account validation service rooted in advanced technology and a centralized database of trusted global suppliers, which continuously verifies supplier details at each stage of the payment process. The ultimate ambition of nsKnox’s leading Corporate Payment Security solution is to help make corporate payment fraud a thing of the past.