woman sitting at desk working on computer

Four Essential Steps to Prevent Vendor Fraud

Cybercriminals never rest. Since so much of business moved online, cybercrime has steadily increased, and your procure-to-pay process is a prime target for criminals to steal cash. Fraud perpetrators’ methods of attack continue to evolve. Phishing became spear-phishing, then whale-phishing and then vendor compromise. Vendor compromise presents a new challenge for accounts payable staff because everything in the vendor’s emails appears as it should.

How do you guard against fraud now? Here are four steps to take in concert to protect your cash and ensure that you pay your authentic vendors.

Step One: No Substitute for Internal Controls

Good internal controls have always been an essential defense against fraud. The focus here is the crucial preventive controls designed to avert mistakes and fraud from occurring. They include practices like segregation of duties, authorization, documentation and, critically, out-of-chain (independent) confirmation. They also include access controls such as passwords and multi-factor authentication.

Audits are an essential part of controls. Companies should keep abreast of AI-boosted automated tools that can quickly identify unusual activities or patterns.

Step Two: Develop a Culture of Awareness

Humans are the often-cited weakest link in cyber fraud. But fore-warned is fore-armed: regular, thorough employee training and awareness are vital to a strong defense. Employees must understand the signs of phishing and the psychology of “social engineering” that fraudsters employ. They must understand vendor email compromise and the consequent criticality of following controls. (Staff who understand the reason for internal controls are more likely to follow them.)

Stories of falling for or narrowly avoiding fraud are powerful. Find and include these in your training. Ideally, have a person who experienced an attack share. Such story-telling is more effective than IT “set up” tests where internal phishing tests fool employees.

Step Three: Understand and Avoid the VEC Threat

Sophisticated fraudsters now compromise your vendors to get to your money. Vendor email compromise is step one in a supply chain attack. VEC begins with a successful phishing expedition to compromise one of your vendors. Once the criminals access your vendor’s email system, they study the vendor’s relationship with customers, including you.

The criminals see how the vendor communicates, including rhythms and tone. Then, they slickly mimic your vendor with their emails, making it much more difficult for you to recognize a problem. Such attacks mean you can no longer rely on email communication, including the links and phone numbers in emails.

Tools and processes designed explicitly for vendor onboarding, communication, information workflow and management offer a superior alternative to manual onboarding and updating. An independent automated vendor onboarding system provides secure information transfer, verifications, and validations. It removes reliance on email with its vulnerabilities. It also offers control-based workflows and securely integrates with your system, providing excellent efficiency and security.

Step Four: Conduct Vendor Bank Account Verification

Vendor bank account verification is more critical than ever in protecting payments. You must ensure the legitimacy of the vendor account before sending payment. Many organizations, however, struggle with unwieldy, inefficient manual bank account verification processes. Fraud perpetrators have effectively exploited the susceptibility of email through vendor email compromise to request bank account changes, redirecting payments to their accounts. A robust out-of-stream bank account verification solution that brings consistency and efficiency to your BAV process has become necessary.

Conclusion

Protecting the organization’s cash requires a proactive approach incorporating time-tested controls, organizational alertness through training, a recognition of the hazards inherent in manual processes and reliance on email, and the criticality of vendor bank account verification.

Payments at the speed of electronic transmission raise the stakes for accounts payable departments. Disjointed manual and email-reliant methods for gathering, validating, and managing vendor information are woefully inadequate in the face of cyber threats, never mind the cost of time, frustration, and error.

Companies benefit significantly by moving to a centralized, automated vendor information management system that incorporates controls, centralizes and speeds vendor onboarding and approvals, avoids email and vendor compromise threats, and automates bank account verification.

To find out how VendorInfo can put you in control of vendor onboarding, validation and bank account verification, contact us.

Lets Talk!

Please enable JavaScript in your browser to complete this form.