How E-invoicing Can Lower your Risk of Fraud
e-invoicing Trends, Business Network, E-invoicing
Recently, nearly 35,000 CFO’s were subject to a targeted Phishing scam costing these organizations both time and money. Learn how e-invoicing can reduce your risk of fraud.
How does it really happen?
Misusing the corporate hierarchy
A Phishing scam or Business Email Compromise (BEC) attack happens when an attacker gains access to a corporate email account and poses as a company insider such as a CEO or CFO. Using this assumed identity, they then attempt to defraud the company, its employees, customers or partners of money.
A typical attack may be an email which is sent by the criminal using the CFO’s identity where he asks someone in the finance department to send an urgent payment to a supplier. The employee feels pressure to comply with the CFO’s request without properly following the typical payments process. The supplier name seems relevant so the payment is made, resulting in a loss to the company.
A slightly more complicated approach is for the criminal to observe and intercept ongoing email communication between the business partners. Once the criminal has found an ongoing business transaction, they will attempt to defraud the companies in several different ways.
One way is to intercept an email and change the bank details on the real invoice. Alternatively, if the invoice has already been sent, they may send a phishing email and ask the buyer to pay the invoice to a different account than normal.
In both of the cases, criminals use email spoofing to make the email address seem credible. As a result of this, the invoice is paid to the wrong company and wrong account because the recipient trusts that the invoice comes from a legitimate source.
Abusing invoice approval processes
Invoice handling can be an expensive process therefore many companies have an automatic approval process for invoices below a certain amount. In these cases the criminals are usually using e-mail addresses or supplier names that are extremely close to one of your current suppliers. For example, they may pose as an IT maintenance or server supplier. This makes it easy for people to automatically approve small invoices.
Lately I was under attack of email invoicing related crimes on my own - I happened to be in the address book of the person whose computer was infected with a virus and it was sending out payment reminders. Although this time the target was to steal my identity, still I would put it to the same package with other email invoicing related crimes
Misperception of email invoicing cost
Email invoicing is considered to be a very cost effective and simple way for invoicing which is affordable for everyone. Is it really so? Since there is an increasing number of cases where email scamming is used for invoicing related crimes, corporate IT departments are under pressure to create more secure email channels. It’s their job to provide security for these types of attacks. All these actions can result in some unintended consequences.
Your IT department may be increasing the cost of e-mail invoicing. This is done either directly, by increasing IT security costs or indirectly as their activities may also cause actual supplier invoices to be quarantined and sent to spam. When invoices aren’t delivered, they aren’t paid and this can prove costly for both sender and receiver. It causes late payment fees, affects cash flow for suppliers and takes time from customer service to solve the issue. So you should remember that e-mails aren’t a guaranteed delivery method for invoices.
Source: PwC’s Global Economic Crime and Fraud Survey 2018
There is a better way
The best way to ensure legitimate supplier invoices are paid on time is with E-invoicing. Structured invoice data can be exchanged directly between buyer and supplier and the information uploaded directly to the Accounts Payable invoicing system. A trusted service provider together with a trusted chain of traffic is a guarantee for the Network. This mitigates the risk of a BEC attack.
Of course the benefits don’t stop there.
E-Invoicing will not only mitigate the risk of your company losing money to attacks, but you’ll be saving money by automating what is typically a very manual process, as well as reducing the number of errors which can result in increased costs and processing lifecycles.
As the number of attacks increase, companies need to take a multi-pronged approach to ensuring security. So with true E-invoicing, where a service provider's network is used to send and receive your invoices, you significantly decrease the risk of becoming a victim of financial crime and also gain the benefits of process automation.
I do agree with people who tend to say that today’s solution are more in favour of big corporates and considering less the interest of SME’s. That still shouldn’t target us to select not-trusted solutions which seemed to be free of charge. We should target for affordable (financially and process wise) SME solution.
One may ask, why email is so popular tool in executing financial crimes then I believe that the answer is there are no transaction cost for the criminal. It is so cheap to try to commit the crime and therefor you can do it in wide scale. But it doesn’t mean it is cheap to maintain the service. At the end of the day there is no bad without good - isn’t the money you need to pay to your service provider small compared to the fact that you can sleep peacefully during the night time.
Ahti Allikas has been active in the e-invoicing industry since the year 2000. He currently works as Head of Partners and Networks at OpusCapita, and is responsible for the development of the e-invoicing ecosystem. Ahti is a member of the executive committee of the European E-invoicing Service Providers Association (EESPA), serves as the OpusCapita representative towards the OpenPEPPOL Association, and recently joined the European Multi-Stakeholder Forum on E-Invoicing (EMSFEI).
Read more blog posts about E-invoicing
Accounts Payable Automation - the value of a business network
31 - 12 - 2018
So you’ve decided to digitally transform your accounts payable function with the goal of improving control, visibility and efficiency.
The Business Case for Invoice Automation
27 - 12 - 2018
The business case for Accounts Payable automation is fairly straightforward but there is some nuance to consider as you begin planning your digital transformation project.
Get Ahead of the Game and Be Ready for e-Invoicing in 2019
04 - 12 - 2018
The year 2019 will see many of the much-talked-about initiatives around e-invoicing becoming a reality. Are you ready for the changes ahead? Read the blog to learn steps forward.
Other content you might be interested in:
5 Things You Need to Know About e-Invoicing
E-invoicing is on the rise globally. The time to transform your processes is now. This ebook covers everything you need to know to engage in e-invoicing successfully.
New EU Directive for e-Invoicing – Get up to Speed
on demandA new EU e-invoicing standard will be obligatory in the public sector in April 2019. In this webinar, we’ll take a look at what does it actually mean – and what it doesn’t mean.