For all the talk of cybercrime and fraud, actual instances and attacks seem relatively few and far between. In fact, you may be wondering what all the fuss is about. The truth is, financial fraud is much more common than many believe – and very easy to pull off. Businesses in the UK are falling victim to hack-attacks, data theft and invoice fraud every day.
However, not enough is being done to make business decision-makers aware of the real risk of cyber-crime and business fraud in general. There is very little knowledge sharing - which perpetuates ignorance and a false sense of security. This situation only serves to aid the fraudsters: if you’re not expecting them, chances are you won’t spot them until it’s too late.
Don’t drop your guard
The media recently revealed that Uber suffered a massive data breach in 2016 – and concealed it. The hack affected 57 million customers and drivers, and yet the company said nothing. The reason for this is simple: when a security breach happens, a business doesn’t want to make the information public in case it damages its reputation and customer or supplier relationships.
It’s an understandable reaction. In 2015, TalkTalk lost 95,000 customers and watched its profits halve as a direct result of a cyber attack. No business wants customer confidence to drop but should such an event occur, a lack of communication is incredibly short-sighted. When individual companies fail to share information related to security breaches, the wider business eco-system remains shockingly unaware and unprepared.
Financial institutions and governments frequently publish information on the risks of fraud. ActionFraud, for example, is a government-led centre for reporting instances of national fraud and cybercrime in the UK. It’s a good initiative, but much more could be done to promote it to businesses.
Look out for invoice fraud
Perpetrating fraud is particularly easy when it comes to purchase order (PO) and invoice approval processes. We’re aware of quite a few companies who have fallen victim in this area. A supplier, for example, simply sends in two invoices for the same PO a couple of weeks apart – but with different invoice numbers. Rarely, will the person approving payments remember processing the first invoice, so both get paid. If the double payment is noticed, the supplier can just apologise for the ‘error’.
Another common example is when a fraudster sends an email to a company pretending to be one of its suppliers. The email notifies the accounts payable team of a change to the supplier’s bank details. If not caught immediately, the perpetrator will receive all payments due to that supplier until credit control discovers the fraud.
In addition to a lack of general awareness, companies often choose to ignore these potential threats. Many don’t have the budget to overhaul their security infrastructures and are reluctant to put pressure on their cashflow. Unfortunately, this mindset only shifts once their security has been breached and they’ve lost money.
How to protect your business
Implementing more rigorous security measures can be effective, but typically increases a company’s administrative workload. Round the clock vigilance is crucial and when managed manually, this is also vulnerable to human error. Manual processes are also only successful at deterring risk if they are proactive and block threats before they happen.
One solution involves the use of purchase automation applications. These are specifically designed to automate manual administration and in doing so, stop the most common instances of supplier fraud. This naturally takes some resources to set-up and run, but it does remove the opportunity for human error – and reduce the administrative burden. What’s more, the overall expense will be far less in the long-run than the cost of paying false invoices for months.
It also pays to implement an authorisation process that verifies any supplier request to update payment information or the like. Whether manual or automated, it’s absolutely critical that all new suppliers are validated before signing on.
Sharing is caring
To reduce the real risk of supplier fraud, and business fraud in general, the responsibility needs to be shared. Finance teams must advise their company leaders, as well as their clients, on best practices and financial institutions and public bodies need to invest more in business owner education.
Most importantly, businesses that are victims of fraud and hack attacks must speak up and share their experiences. By sharing real-world stories and relevant information, other companies are more likely to appreciate the risk, learn, and improve their security measures.
About Neil Robertson
Neil has spent the last 30 years building UK and international businesses that deliver innovative software solutions to the finance sector.
From the humble beginnings of computerised accountancy automation with British Olivetti in 1979, through the boom of the 1980’s as a founder of Team Systems Group and the recession of the early 1990’s as an operationing board director of Misys Plc, Neil has seen both the good and bad times within the IT sector.
In 1995 Neil opened the first offshore subsidiary of Great Plains Software in the UK and went on to build much of their operations outside the USA before leaving just prior to the Microsoft acquisition in 2001.
Neil then spent the next 5 years building the venture capital backed Neverfail Group predominately within the USA before leaving to join Compleat Software.
Compleat Software is unquestionably the most exciting opportunity so far. The ability to fully automate the purchase to pay cycle at a price point that makes it affordable to all opens the entire global market – almost all of whom still run totally manual systems.
Every finance director want control over cash, to maximise the effectiveness of spend and automate a labour intensive and ineffective process. It is simply a matter of making the solution affordable and that is exactly what Compleat does.