How E-invoicing Can Lower your Risk of Fraud
e-invoicing Trends, Business Network, E-invoicing
Recently, nearly 35,000 CFO’s were subject to a targeted Phishing scam costing these organizations both time and money. Learn how e-invoicing can reduce your risk of fraud.
How does it really happen?
Misusing the corporate hierarchy
A Phishing scam or Business Email Compromise (BEC) attack happens when an attacker gains access to a corporate email account and poses as a company insider such as a CEO or CFO. Using this assumed identity, they then attempt to defraud the company, its employees, customers or partners of money.
A typical attack may be an email which is sent by the criminal using the CFO’s identity where he asks someone in the finance department to send an urgent payment to a supplier. The employee feels pressure to comply with the CFO’s request without properly following the typical payments process. The supplier name seems relevant so the payment is made, resulting in a loss to the company.
A slightly more complicated approach is for the criminal to observe and intercept ongoing email communication between the business partners. Once the criminal has found an ongoing business transaction, they will attempt to defraud the companies in several different ways.
One way is to intercept an email and change the bank details on the real invoice. Alternatively, if the invoice has already been sent, they may send a phishing email and ask the buyer to pay the invoice to a different account than normal.
In both of the cases, criminals use email spoofing to make the email address seem credible. As a result of this, the invoice is paid to the wrong company and wrong account because the recipient trusts that the invoice comes from a legitimate source.
Abusing invoice approval processes
Invoice handling can be an expensive process therefore many companies have an automatic approval process for invoices below a certain amount. In these cases the criminals are usually using e-mail addresses or supplier names that are extremely close to one of your current suppliers. For example, they may pose as an IT maintenance or server supplier. This makes it easy for people to automatically approve small invoices.
Lately I was under attack of email invoicing related crimes on my own - I happened to be in the address book of the person whose computer was infected with a virus and it was sending out payment reminders. Although this time the target was to steal my identity, still I would put it to the same package with other email invoicing related crimes
Misperception of email invoicing cost
Email invoicing is considered to be a very cost effective and simple way for invoicing which is affordable for everyone. Is it really so? Since there is an increasing number of cases where email scamming is used for invoicing related crimes, corporate IT departments are under pressure to create more secure email channels. It’s their job to provide security for these types of attacks. All these actions can result in some unintended consequences.
Your IT department may be increasing the cost of e-mail invoicing. This is done either directly, by increasing IT security costs or indirectly as their activities may also cause actual supplier invoices to be quarantined and sent to spam. When invoices aren’t delivered, they aren’t paid and this can prove costly for both sender and receiver. It causes late payment fees, affects cash flow for suppliers and takes time from customer service to solve the issue. So you should remember that e-mails aren’t a guaranteed delivery method for invoices.
Source: PwC’s Global Economic Crime and Fraud Survey 2018
There is a better way
The best way to ensure legitimate supplier invoices are paid on time is with E-invoicing. Structured invoice data can be exchanged directly between buyer and supplier and the information uploaded directly to the Accounts Payable invoicing system. A trusted service provider together with a trusted chain of traffic is a guarantee for the Network. This mitigates the risk of a BEC attack.
Of course the benefits don’t stop there.
E-Invoicing will not only mitigate the risk of your company losing money to attacks, but you’ll be saving money by automating what is typically a very manual process, as well as reducing the number of errors which can result in increased costs and processing lifecycles.
As the number of attacks increase, companies need to take a multi-pronged approach to ensuring security. So with true E-invoicing, where a service provider's network is used to send and receive your invoices, you significantly decrease the risk of becoming a victim of financial crime and also gain the benefits of process automation.
I do agree with people who tend to say that today’s solution are more in favour of big corporates and considering less the interest of SME’s. That still shouldn’t target us to select not-trusted solutions which seemed to be free of charge. We should target for affordable (financially and process wise) SME solution.
One may ask, why email is so popular tool in executing financial crimes then I believe that the answer is there are no transaction cost for the criminal. It is so cheap to try to commit the crime and therefor you can do it in wide scale. But it doesn’t mean it is cheap to maintain the service. At the end of the day there is no bad without good - isn’t the money you need to pay to your service provider small compared to the fact that you can sleep peacefully during the night time.
Ahti Allikas has been active in the e-invoicing industry since the year 2000. He currently works as Head of Partners and Networks at OpusCapita, and is responsible for the development of the e-invoicing ecosystem. Ahti is a member of the executive committee of the European E-invoicing Service Providers Association (EESPA), member of management committee of the OpenPeppol Association (PEPPOL) and also member of E-Invoicing expert group in the European Multi-Stakeholder Forum on E-Invoicing (EMSFEI).
Read more blog posts about E-invoicing
A dream about global interoperability
01 - 10 - 2020
It has been a while since I last wrote to you. Summer, Covid, and everything else has left a trace into my activities as well.
OpusCapita Finalises EU funded Project for AS4 Protocol Integration
30 - 06 - 2020
OpusCapita is officially closing the project AS4EDI which was founded by European Commission and CEF Telecom program to cultivate Electronic Invoicing in Europe.
EESPA - A closer look at one of the oldest e-invoicing communities
20 - 04 - 2020
In today’s situation the topic of e-invoicing is more real than ever. The confidence of getting paid is more crucial in difficult economic situations compared to good times.
Other content you might be interested in:
5 Things You Need to Know About e-Invoicing
E-invoicing is on the rise globally. The time to transform your processes is now. This ebook covers everything you need to know to engage in e-invoicing successfully.