Do you have controls on managing vendor information and the vendor master file? Do you follow them? Experienced managers will say, “Duh.” However, others can use a reminder, so here it is.
“With commerce comes fraud,” says Nathan Blecharczyk, co-founder of Airbnb. The Association of Certified Fraud Examiners (ACFE), in its 2020 Report to the Nations, estimates that organizations lose five percent of revenue each year to fraud. Five percent! Billing and payment tampering schemes top the list of asset misappropriation.
As a recent example, in October, the Justice Department arraigned an Atlanta man in connection with an international cyber-fraud scheme that resulted in companies sending huge payments to fraudulent bank accounts. The companies thought they were paying their vendors.
How did it happen? The perpetrators sent phishing emails to victim organizations in the U.S. and Europe, stealing employee access credentials, which enabled them to harvest credentials on computer servers. Some of the emails reportedly contained links to a spoofed Microsoft web page where logging in turned over credentials to the criminals.
With stolen credentials, the perpetrators then sent emails to other employees of the targeted organizations with invoices that appeared to be from the organizations’ vendors. The invoices requested the company make invoice payments into bank accounts controlled by the perpetrators. For example, a company in Massachusetts paid two invoices of nearly $500,000 each to a bank in Hong Kong.
Cybercriminals are sophisticated and successfully employ behavioral psychology and excellent mimicry in their emails. The Massachusetts company lost nearly a million dollars before discovering the fraud!
So, following controls without shortcuts is critical to protecting your organization’s cash. Accounts payable is where the money goes out of the company, and the vendor master file is key to making payments. Therefore, it is crucial to follow controls on entering and changing vendor information in the master file.
Vendor bank account verification is a vital step in vendor information management. Changes to bank information of an existing vendor must also be verified with the company and bank—independently of the sender of the change.
Periodic review of controls and staff training, including phishing and cybercrime, is essential to protecting your organization’s assets. The median fraud loss per case is $125,000, and the average loss per case is $1.5 million. Therefore, awareness, alertness and diligently following controls are essential.
To find out how VendorInfo can help with vendor bank account verification, contact us.