"There's a sucker born every minute. " Even if legendary showman P.T. Barnum never uttered the famous saying, it still rings true. Financial mischief and tricks are all around us, and the Accounts Payable (AP) department is a tempting target since it handles invoices and payments on a daily basis, often struggling to keep up with the flow of documents that need to be captured, reviewed, and approved.
In fact, accounts payable fraud is a widespread problem that plagues businesses of any size in practically all industries. Cases go far beyond just submitting a false or duplicate invoice and hoping for it to slip through.
The reality is that AP fraud covers a broad range of attempts, often bypassing the frontline company cybersecurity efforts designed to keep an organization’s data and systems safe from internal malfeasance and external attacks. Accounts Payable fraud schemes are going for a bigger prize beyond billing tricks, including attempts to get proprietary data for customers and employees as well as unauthorized access to company systems to siphon off sensitive documents such as contracts, terms, and conditions for essential supply chain arrangements and even intellectual property.
What makes fraud so hard to catch and stop is that it can originate from both the inside and the outside. Sometimes, a single bad actor on the company’s staff may access and misuse data sets, exploiting lax permissions rules and gaps in the audit trail with something as simple as false expense submissions. At other times, lenient network management combined with a lack of state-of-the-art accounts payable fraud detection and prevention software can open the gates for phishing attempts and other fraud. Even new employees who aren't familiar with their coworkers may unintentionally assist attempts by responding to emails or opening files, especially as a remote working environment becomes more common.
Add in the fact that too many companies are still relying on a manual process to handle invoices, for instance manually keying in invoice data and keeping track of their status in a loosely protected spreadsheet, and the risk factor to operations and the bottom line can increase exponentially.
When market researcher Ardent Partners surveyed enterprises for it's regular report “AP Pulse on the Mid-Market in 2022,” it found that almost 1 in 4 businesses had experienced a payment fraud attack. The researchers arrive at a sobering assessment that should give all organizations pause:
“Cyber-criminals have become more brazen (and more technologically advanced) since the pandemic began, resulting in billions of dollars of fraudulent payments and activity over the past two years… Fraudsters aren’t going away and the attacks will continue, however, automated AP teams are better able to identify and mitigate fraud risks from occurring.”
That finding might only be the tip of the iceberg. If one looks at the most recent “Payments Fraud and Control Survey” by the US-based Association for Financial Professionals (AFP), a whopping 71 percent of organizations said they became victims of payments fraud attacks or attempts in 2021.
The good news is that the survey shows that the overall number of fraud attacks has decreased over the years and organizations do not necessarily blame work-from-home arrangements for attacks. However, the AFP survey data also shows what types of fraud attacks the bad guys are trying to pull off... And that they are focusing their efforts on the AP department:
So, what’s a modern organization to do to prevent and detect fraud attempts before they become costly? We’re talking not just about dollars and cents, but reputational hits. If your company were to let false payments slip through and then get them back or had to deal with a compromised network or database, your both suppliers and vendors will also be affected.
This means that vendor, supplier, and partner information needs to be safeguarded just as closely as your internal data. Failing to do so is an unnecessary lapse of effort that squanders goodwill, a precious commodity in times of insecure supply chains and rising costs for all kinds of materials and services your operations rely on.
Accounts Payable automation is one proven way to nip many of those problems in the bud. It accomplishes this thanks to a smart combination of optical character recognition, robotic process automation and the latest advances in machine learning, resulting in as little human intervention as possible. It’s that secret sauce that makes risk mitigation in the AP department secure and fast as well as affordable and scalable.
Let’s take a quick look at how Accounts Payable automation can ward off fraud attempts from purchase to payment. The more paperless invoices an organization processes, the better the odds are to detect fraud and error by way of using an automated system to identify mistakes and anomalies in a sea of invoice data.
And the trend is clearly going in that direction. When Yooz polled more than 1,200 finance leaders from the U.S. and seven other countries for its second “State of Automation in Finance Report” in the spring of 2022, 61% said they are ready or almost ready for e-invoicing. One-third admitted they had made mistakes in manually processing invoices in the past, and roughly 1 in 7 businesses said they consider combating fraud a top priority.
The cycle of risk reduction starts with capture. A cloud-based platform such as Yooz will ingest invoices and other documents such as purchase orders in any format and digitize them quickly, regardless of format.
Once an invoice has been captured, Machine Learning (ML) algorithms will go to work reading every document and extracting all the relevant information, ranging from the number and types of items ordered and delivered to prices, bank account details and tax IDs to due dates and early-pay discounts. Each invoice will automatically be correctly GL-coded, making it easy to manage even a complex Accounts Payable workflow with a high volume of invoices or invoices coming in for multiple projects that need to be properly split.
Three-way matching is one of the first lines of defense to weed out exceptions, or documents with missing or erroneous information, comparing data to ensure consistency. It might be an honest mistake that the same invoice exists twice with different invoice numbers, but it could also be an attempt to get paid twice. The same goes for bank account or address information that has suddenly and without explanation been changed on an invoice.
Artificial Intelligence (AI) that lives in the cloud provides the best protection against such outliers. A cloud-based platform like Yooz has seen more than a hundred million invoices from tens of thousands of vendors, enabling it to spot the red flags quickly and accurately in a sea of correct documents and then immediately escalate them for human review. Even better, the more invoices you process, the "smarter" the system becomes as it learns from each new document and action taken to correct errors.
Running invoices through an automated system also protects the entire organization from phishing emails where someone is trying to impersonate a supplier or vendor to wreak havoc on your network, not to mention viruses contained in attachments like Word documents or PDFs.
Sometimes it’s the little things that can trip up a trickster. Among other things, AI to foil accounts payable fraud schemes relies on Benford’s Law. Named after the 20th-century American physicist Frank Benford, and also known as the first-digit law, it is an observation that in many real-life sets of numerical data - in this can those such as invoices, pricing tables. and even addresses - the leading digit is likely to be small.
UC Berkeley professor (and currently Google chief economist) Hal Varian came up with the idea to use this insight for fraud detection. Since the bad actors usually distribute their fabricated numbers more evenly, machine learning can leverage this statistical behavior when reviewing invoice data in split-seconds. If the expected distribution pattern doesn’t match up with the Accounts Payable data, something is probably off and deserves to be checked in more detail by an experienced financial professional.
Once this review process has been completed, an AP automation platform moves to the next stage, routing invoices for approval to the right people. To increase the level of cybersecurity and fraud protection, an organization can customize (and fine tune) its own roles and permissions to make sure only those authorized to handle specific documents can view and manipulate them. Those rules can include special precautions for invoices that exceed certain amounts or are coming from first-time vendors.
Whatever team members do, it creates a detailed digital audit trail that will make later reviews easy. All documents are securely stored in the cloud and can be accessed with a quick keyword search.
This high level of security also applies to the final step to keep the purchase-to-payment workflow secure: initiating payments, even increasingly popular but risk-prone Real-Time Payments (RTP). The same intuitive interface allows the AP team to select invoices and amounts to be paid and pick an automated or manual schedule.
Vendors, for their part, are onboarded with a single email address and their preferred payment method. Before any payments go out, though, the system will automatically perform additional checks around velocity and volume.
While an intelligent automated system goes a long way toward thwarting accounts payable fraud schemes, your talented and dedicated Accounts Payable staff is indispensable. And will be so for the foreseeable future. When Ardent surveyed the mid-market segment in it's 2022 research, it called out the increased expectations for AP professionals that make acquiring the right talent a key task for organizations:
“More nuanced skills and strategic thinking are required for the next generation of Accounts Payable professionals. With cyber-crime on the rise, a majority of AP staff are getting involved in fraud prevention (74%) and payments (70%), as well as supplier management (57%). Increased requests for visibility into AP data have staffers spending more time on reporting and analytics (67%) and adopting a more customer service focused mentality (55%).”
That’s a lot of change to take in while business keeps running and invoices come due, but it’s worth it.
When the Accounts Payable department is transformed into a crucial hub for financial intelligence, driven by a powerful combination of machine learning and human experience, it’s not just cutting down on processing costs, errors, and fraud. It is also suddenly empowered to gather valuable insights that will benefit the rest of the organization. They come in handy when making strategic decisions such as selecting vendors, focusing on key relationships, identifying supply chain issues early on or negotiating more favorable terms.
It’s probably about time that Barnum got bested by Benford.