The average organization loses at least 5% of its income yearly due to fraud. It is an inherent but necessary risk of simply conducting business, and there’s little you can do to stop your company from being targeted. By staying vigilant and aware of the signs of fraudulent behavior, however, you can prevent your company from becoming a victim.
Here are the primary forms of B2B fraud and the red flags to look out for:
Invoice Fraud
Although a myriad of invoicing schemes exist, the most common involve the creation of:
- False invoices: Invoices that do not have a corresponding product or service; in other words, a company is billed for something it either does not own or did not ask for
- Duplicate invoices: An additional invoice is produced for a previously-billed product or service
- Inflated invoices: Invoices that report expenses higher than the actual costs
- New invoice payment location - Pretending to be a supplier, a fraudster sends a scam email or phone call directing the company to deposit a legitimate invoice payment in a new bank account, belonging to the fraudster
What to look out for
False invoices will usually show inaccurate inventories, including prices or quantities, because the goods on the invoices do not match what the company possesses. Furthermore, there will be no receipts for “delivered goods.”
Look out for previously-billed products to show up listed in a different location or with a different due date. Double check that the prices match and that there are no disparities between the invoice totals and supporting documentation. These can be signs of duplicate or inflated invoices.
Confirm that any emails or phone calls are truly coming from a vendor. If you receive an email with a payment location change, call the supplier to confirm, and vice versa.
It happened to Google and Facebook
Both Google and Facebook were victims of an invoice fraud scheme from a man impersonating Quanta Computer, a Taiwanese electronics manufacturer. The man sent fraudulent invoices to the two companies, who both paid out over $100M. Although the funds were ultimately recovered, this event shows that even large technology companies are not immune from fraud schemes.
Expense Reimbursement Fraud
The median loss for expense reimbursement fraud in the US is over $30,000 and lasts an average of two years. Generally, it falls into one of four categories:
- Mischaracterized expenses: Personal expenses are submitted as business expenses
- Fictitious expenses: Receipts are falsified, generally through the use of computer programs or specialized chemicals
- Overstated expenses: Expenses are inflated, such as adding additional mileage traveled or putting multiple unauthorized meals on one check
- Duplicate expenses: Submitting the same expense more than once
What to look out for
One of the most obvious signs of reimbursements fraud is unbalanced spending. If two employees hold similar positions and one consistently outspends the other, you might want to investigate.
Looking at common expenses to reference whether a reasonable amount being spent can also help you spot expense fraud. For example, if an employee is spending $30 on lunch at a restaurant where an average meal is only $10, this may be a red flag. Fortunately, there are a few software solutions available today that can perform this scrutiny for you.
Collecting expense reports and issuing reimbursements is a large amount of work, so it can be easy for fraudulent claims to fall through the cracks. Remaining cognizant of this and reviewing every expense report is crucial.
It happened to Wells Fargo
More than a dozen Wells Fargo employees submitted expense reports with altered timestamps on meal receipts, claiming that they were purchased after hours and therefore eligible for reimbursement. In truth, the food was ordered during normal office hours, which the bank’s reimbursement policy does not cover. The employees were caught and fired, but not all companies are so lucky in catching this type of fraudulent behavior before suffering large losses.
Credit Fraud
By obtaining a company’s credit card or payment information, a nefarious third party can easily purchase goods from a vendor on the company’s dime. This can cause losses for both the company and the vendor. In some cases, the company will have to pay the bill for something it didn’t order. Alternatively, the company will get reimbursed for the fraudulent charge, but the vendor will have already delivered the product or service to the fraudster, leaving them without a way to reclaim their loss.
What to look out for
Business happens fast, but always confirm payments or credit transfers prior to providing goods and services. When dealing with credit specifically, fraudulent parties can take advantage of the window between the payment being agreed upon and the payment actually arriving.
Similar to expense reimbursement fraud, checking that credit card purchases make sense given an employee’s role is a good first step. Look at online purchases in particular, as it is more likely that a fraudster will steal a card number than a physical card. Confirm who exactly is placing every order. If an order looks out of place, contact the individual whose information is associated with the charge to confirm that they made the purchase.
If you see that a card transaction was denied, it might be worth looking into. This could be a sign that your company is being targeted. Similarly, fraudsters may try a small charge before executing on a big scheme. For example, they may purchase a meal with a stolen card to test if the transaction goes through. If it works, then they will spend the big bucks. Comb through orders and investigate any charge that seems out of place, even if it seems insignificant.
It happened to Target, Equifax, and Marriott
These days, it seems that corporate data breaches are occurring at alarming rates. Companies from Target to Equifax to Marriott have been hit by hackers who have gained access to customer information, including both personal and corporate credit card numbers, which were used to make a litany of illegitimate purchases.
Business Identity Theft
Business identity theft occurs when someone opens fake business accounts under the guise of a legitimate business. The individual (or group, if collusion is at play) could make purchases or open credit lines that are ultimately charged to the company, for instance. When used in conjunction with credit fraud, a business can have basically its entire financial identity stolen.
What to look out for
When doing business with a company, look into how long it has existed. Younger organizations naturally create a riskier working relationship. A smaller sample size of data should almost always raise questions.
Next, look out for ownership and management changes, as well as credit references. Without credible references and a history of stable ownership, it’s often too risky to deal with. An ownership structure that contains any connection to a current or former employee is a red flag. Employees who gain access to sensitive information, typically by engineering their way into certain departments containing the information, working odd hours, or simply by the nature and access of their position, are open to more scrutiny.
It happened to Universal PC Services
Universal PC Services, a 6-year-old computer services business, discovered it was being impersonated from a website nearly identical to its own. The scammers called clients across the country claiming to be from the real business, threatening people that without immediate payment, their computer would be confiscated by the FBI. The victimized business owner successfully had the impostor website taken down, only to have it re-appear twice at new hosting companies.
Check Fraud
According to leading document security specialists TROY Group, check fraud affects nearly three in four US businesses and is a leading form of fraudulent payments. Here are two common types:
- Duplicate deposits: The perpetrator deposits a mobile check, then repeats the action with the physical check at an ATM
- Check alteration: The fraudster physically alters the check itself, such as adjusting the total by adding an extra zero or changing the payee name
One of the most alarming aspects of check fraud is the fleeting assumption of liability. As long as the issuing or accepting financial institution exercises standard protocols, it is the business that is forced to absorb the cost of fraudulent activities.
What to look out for
Check fraud schemes can originate externally or internally, frequently from the accounting department. Employees with regular access to your company’s financials are naturally positioned to commit check fraud, as some of these individuals are responsible for paying vendors and other business partners.
Without strong internal controls or an automated system to manage the operational aspects of money movement, it becomes especially important to closely monitor incoming and outgoing payments.
It happened to three small businesses
Three small businesses were victimized in a check fraud scheme when scammers went through their mailboxes at night looking for checks that had been put in the mail to be picked up the next day. When they found checks, they took the account and routing numbers from them to produce new, fake checks with legitimate bank information. The scammers then went to stores in the region to recruit local residents to take the checks to banks, enticing accomplices by offering a cut of the money. The scheme cost banks and businesses hundreds of thousands of dollars.
Eliminate Fraud
Teampay can help prevent fraud by requiring upfront approvals on all purchases made on behalf of your company. If something looks fishy, managers can reject a purchase before any actual money is spent. Cards have set spend limits--decided by you--so employees can’t overspend. And because different virtual cards are issued for each purchase, you don’t have to worry about stolen card numbers. Automating your purchasing process means no checks or paper receipts; everything is recording and tracked digitally, so fraudulent behavior doesn’t go unnoticed.