As business operations become more digital, businesses stand to gain significantly in terms of efficiency and accuracy. However, this also creates an opportunity for businesses to fall victim to fraudulent activities that are facilitated by digital technologies. It’s important for businesses to be aware of the key financial risks and act to mitigate the threat.
In terms of scammers, the biggest threat to businesses comes from their own employees, who are responsible for 52 percent of economic crimes. And while security technology can prevent many cyber attacks, financial fraud is different. It’s essential for businesses to monitor human behaviour, and apply and enforce policies consistently. The alternative is to lose large amounts of unrecoverable money as a result of people’s actions.
There are four main financial fraud risks to look out for:
- Fraudulent Expense Claims
Whether by accident or because people feel they’re entitled to a little bit extra, fraudulent expense claims can quickly add up. Often, perpetrators start small and, if their actions remain undetected, they escalate their activity until they’re stealing significant sums from the business through fraudulent claims.
Managers want to trust employees and the vast majority of employees are indeed trustworthy, however, it is essential to create a culture in which people feel valued because they’ll be less likely to deliberately steal from the organisation. And, it’s important to put strong policies and procedures in place to catch fraudulent claims before they’re approved.
- False Billing
False billing occurs when a cyber-criminal sends an invoice to a company for an expense the company never incurred. When accounts payable processes are manual and burdensome, false bills are often paid without question, leading to significant losses. Or, they may try a phishing approach where they email the company to advise of a change in payment details.
It’s crucial for organisations to educate employees about these scams and have a response procedure in place if the company is targeted. This can be as simple as advising all employees that they should never comply with an emailed request without confirming it directly with a manager or the supplier.
- Phishing Scams
While phishing, or social engineering, can form a component of various scams, the one thing all phishing scams have in common is a reliance on human error. For example, the man-in-the-middle approach involves gaining access to the corporate email server, intercepting emails, and building a picture of the legitimate activity that happens in the organisation. The cybercriminal uses this information to create a convincing cover story that lets them trick unsuspecting staff members into making payments or transfers, or exposing sensitive information such as passwords and account details.
Because most people are inherently honest, they tend to assume that others are too. Instead, businesses must train their employees to be somewhat cynical and take the time to confirm if requests are legitimate before responding.
- Double Invoice Processing
Whether by design or by accident, companies often pay the same invoice twice. This is usually due to a lack of comprehensive accounts payable systems that would pick up the duplicate invoice.
When businesses have reliable, modern accounts payable systems in place, duplicate invoices are identified before the business pays, preventing losses. These systems can match up invoices to purchase orders to ensure that all invoices are legitimate and the expenses have been incurred before the business pays. An automated approach means this double-checking can happen without any additional work required. The cost savings can be enormous.