Accounts payable fraud is one of the top five risks identified by The Association of Certified Fraud Examiners (ACFE) facing businesses now and the threat it presents will only increase in the coming years. One of the most important and proactive ways to reduce this risk is for accounting professionals and their clients to remain alert to and aware of current and emerging trends in accounts payable fraud, so they can take steps to avoid being negatively impacted by them.
To help accountants and business owners understand key emerging trends in accounts payable fraud, Matana Soreff, Vice President of Risk & Compliance at Melio answered the following frequently asked questions:
What are the most prevalent concerns and considerations that you and your team monitor when it comes to accounts payable fraud?
One of the most prevalent threats is an account takeover attack also known as an ATO. This is a type of online identity theft involving unauthorized access to an account through which the perpetrator accesses funds or products, services, or other data. It is particularly risky for banks, but really applies to all businesses with any kind of client account log in used to deliver services.
How does fraud occur in this situation?
It occurs when cybercriminals steal personally identifying information (PII) or cryptocurrency in order to sell it or they hold an account “hostage” through ransomware. Of course, once a cybercriminal has access to information like this, they can use it to open fraudulent accounts or access other systems within a business to steal more data or money.
This type of attack can really cause a domino effect because personal information may also be used in phishing and spam campaigns targeting the contacts of a business or organization on a much wider scale. Phishing campaigns may be executed via links in an email, text message, or social media posts.
How can businesses protect themselves from an ATO?
The most effective strategy is to put in place proactive mechanisms to stop the attacks from happening in the first place. For example, automating payment workflows using a secure, cloud-based payment solution that integrates with your accounting software provides security in multiple ways.
What other types of attacks should accounting professionals be aware of for their own protection and for their clients’ businesses?
Brute-force attacks are commonplace these days. In these, criminals guess common passwords for a given account or engage in credential stuffing (also known as a breach replay attack because it involves using data harvested during a data breach). They generate login information for usernames and passwords using an automated script and try using hacking accounts until they are successful.
Phishing is still very prevalent. Although the term has become pretty commonplace and you’d think more people would be aware of it, it’s still happening on a regular basis and costing businesses millions of dollars.
The same is true for malware attacks, keyloggers where criminals monitor keystrokes by infiltrating computer cameras to steal passwords, and data stolen or downloaded from the dark web. If a company’s accounts payable system passwords are part of these breaches and fraud occurs because of it, the results could be disastrous financially and from a reputation standpoint.
Internal sources of fraud are another area presenting significant accounts payable risks related to employee behavior. This can include crimes actually perpetrated by staff or threats that are unintentionally triggered, such as unrecognized phishing emails sent from employee to employee creating damage that is widespread. This may involve criminals spoofing vendors or taking control over payment accounts when an employee unknowingly clicks on a link in an email. This is why employee education is so important.
Emerging accounts payable fraud risks are an issue that every business needs to address as part of its strategic planning and accounting workflow. Utilizing an automated accounts payable platform is an essential first step in creating a payments process that reduces these risks while also creating significant improvements in the efficiency and transparency of payments which has comprehensive benefits for both accounting firms and the businesses they serve. Learn more about the proactive steps you can take by downloading the ebook An Action Plan to Protect Your Firm and Clients from Rising Accounts Payable Fraud Risks published by Melio.