All invoices must be valid before being approved for later payment. That suggests conventional wisdom. Additionally, large organizations are believed to be less susceptible to invoice scam than smaller ones. However, this is not always the case.
There is a belief that larger organizations with more sophisticated invoice approval processes are less susceptible to invoice scam than smaller teams that rely more on manual processes. However, it doesn’t always work that way. In fact, larger organizations can sometimes be an easier target, given the high volume of invoices received, which can reduce the level of scrutiny on each invoice.
Two years ago it emerged that a man in Lithuania defrauded Facebook and Google out of a total of $ 122 million over a three-year period. Of course, it wasn’t just about sending speculative invoices and waiting for a check to arrive in the mail. It was a complex electronic scam that involved a combination of technical investigative skills and social engineering capabilities.
While this is clearly a very sophisticated operation that required a great deal of preparation and gall on the part of the perpetrator, there are still ways that organizations can protect themselves from this type of incident.
First: organizations need to establish clear processes and workflows for invoice approval as well as educating members of the accounts payable team on how they can be targeted by scams. Employees should receive security training to ensure they detect potential spear phishing , spoofing , social engineering , spam filter bypassing, and other email-based scams. This in itself can be critical to preventing attempted bill scams.
However, this approach is still based on human intuition, which is never infallible. By eliminating reliance on a court decision to determine whether an invoice is valid, organizations can greatly reduce their potential exposure to scam .
This is where an invoice automation solution becomes a key tool in the fight against crime . Regardless of how authentic an invoice, contract, or letter may seem, they can be fake, as can emails that are supposedly from reliable sources. However, an invoice management system is a guarantee of veracity, since documents can only be uploaded to the system by authorized users.
This is where the automation solution pays off. A fake invoice can be sent to the accounts payable department and even uploaded to the system. However, where is the purchase order that shows that it is a valid invoice? A purchase order is issued from a third-party solution or from a purchase order module within the invoice automation solution, and is then automatically compared to the corresponding invoice using sophisticated optical character recognition and data mapping technology. .
Any invoice that does not contain a valid purchase order number or a relevant purchase order created within the system will generate immediate red flags for possible scam. This will lead to increased scrutiny by the accounts payable team, including for example a phone call to the internal requester listed on the invoice to find out where they are (or not).
For physical goods, like the computer hardware described in the previous story, there is another layer of protection. Using the three-way correspondence, the billing tool will not only match the invoice with the purchase order, but also with the receipt document that was delivered with the products and uploaded into the system by the receiving department of the organization.
As a result, any invoice that does not have a purchase order or receipt document that it may match will be returned to the ‘seller’, who will likely realize that it has been discovered and will be passed on to its next victim.