e-Invoicing and how it helps to prevent payment fraud
Article08.02.2013 Comments (0)
Crime. Even the word on the page can make the hairs prick up on the back of your neck. At night, when you cross a darkened park in a bustling city, you may find yourself instinctively looking out for signs of crime. Or the threat of it.
But have you noticed that our sense of the possible threat of crime shifts when we are in familiar environments? Our defences drop the moment we walk through the foyer of our office building. We know this place, and therefore, we tell ourselves, we 'know' the rhythm and patterns of the components within it. As we climb the stairs and head to our respective desks, our awareness softens, our senses relax. We tell ourselves that this space is a safe, crime-free zone. This could be a misapprehension.
It is a fact that instances of payment fraud in business are on the rise. And alarmingly, many businesses are clueless that some employees and suppliers may be 'helping themselves.'
In this article, we will examine purchase invoice fraud and see how receiving invoices from suppliers electronically can actually prevent it. We will start off with the various sub-types of purchase invoice fraud that companies may be inadvertently overlooking, and then show how electronic invoicing can address this problem.
Firstly, there is the obvious one: duplicate payments. Two invoices with the same invoice number are received from a supplier.
Most of the time, the duplicate invoices are sent without fraudulent intent, either by accident or because a 'copy' invoice has been requested. But sometimes a supplier may notice that a customer paid twice for an invoice on one occasion, by accident, and then may decide to exploit this opportunity the next time by sending two invoices intentionally, hoping for double payment. As more duplicate payments are made, confidence grows. And so does the invoice value.
Those companies that have set up controls at key 'check points' in the purchase-to-pay process have almost no duplicate payments. These companies also typically do have high human checks in place (mainly habitual and baked in as part of the process), and they have automated their invoice receipt, and thus receive their invoices electronically.
What this means is that the invoice data that has left the supplier's billing platform is then systematically checked by the electronic invoicing network connecting the supplier to the customer. One of the many anomalies that the network's technology will scour the data file for is a repeated invoice number from the same supplier.
When the network finds a repeated invoice number the data bounces and lands back in the lap of the supplier. Fraud avoidance occurs, before the invoice even hits the customer's post room.
Under the threshold
Most multi-nationals have a set dollar amount under which they will pay any invoice without question, even if they don't immediately recognise the supplier or are unsure if it is even a legitimate invoice. This seems reckless, but the logic here, of course, is that it costs a company more to investigate a $49 invoice than it does to just pay it.
The higher the threshold, the lower the number of 'exceptions:' invoices that require more investigative treatment. Keeping 'exceptions' low is a chief aim of anyone managing payables. But, of course, the higher the threshold, the greater the exposure to more penetrative fraud.
It is not at all uncommon for criminals to send low dollar amount invoices, with bank details, to large companies, and the amount is credited to their bank accounts without question. Repeating this with a plausible frequency that keeps them just below the radar, and repeating it across a variety of companies, can keep a criminal in business for a long time.
Although the land of the low dollar invoice has been troubled ground for e-invoicing networks in the past, this is rapidly changing. Reason number one is that einvoicing services are free for low volume suppliers now, where there used to be charges. Reason number two is that e-invoicing networks have greatly expanded their functionality such that suppliers now have access to feature-rich supplier portals when they submit an invoice. This means suppliers can check invoices and payment statuses. So now more low-volume suppliers want to invoice customers electronically.
When low dollar invoices flow through an e-invoice network, you know that if they have been invited to register for the network, these suppliers - and these invoices - are legitimate. Electronic invoicing prevents a random criminal from sending an invoice which creeps in under the threshold.
And what about if a known and approved supplier sends fake invoices under the threshold.
Well, chances are if the supplier is invoicing the customer electronically, it is because they wish to enhance the relationship they have with the customer. The thought of trying to furtively usher through low value invoices to incrementally feed further cash flow would be a million miles away from their thinking - a convoluted and unlikely scenario.
Criminals changing legitimate suppliers' bank details
This activity is occurring with great frequency. It goes like this: an accounts payable clerk receives a request from a supplier that looks familiar. The request arrives on paper bearing a seemingly legitimate letterhead, and asks that their bank details be changed in the system to a new set. The clerk obliges, and the next time a legitimate invoice arrives, the payment is routed to the new bank account. Sixty days later the legitimate supplier calls the clerk wondering why the invoice hasn't been paid, and the clerk slowly realises he's unwittingly credited a thief's account.
One of the valuable qualities provided by supplier portals is that of self-service. Suppliers can update addresses and information, which automatically updates the customer's vendor master file. One air-tight way of ensuring that corporate criminals don't contact you to redirect the flow of monies from legitimate suppliers' bank accounts is simply to mandate that all bank information is updated via the portal.
Furthermore, companies using einvoicing networks to receive invoices can set up rules in the system, such as ensuring that every invoice file that the network sends them contains the supplier's banking information. If this fails to match with the banking information on the vendor master file, an alert would trigger to the customer and the supplier. This would prevent any payment error.
Invoice fraud costs corporations billions USD every year. The larger your invoice volume and the larger your supplier base, the greater your exposure. So keeping a keen eye on the payables and the payment process de-risks you. There are effective human controls well worth exercising, of course, but the tightest environment is one where these human behaviours are augmented by systematic controls, of which electronic invoicing is an impressive and robust contender.