How to Combat Payment Fraud with Accounts Payable Automation
September 6, 2017
This past August, accounts payable staff at MacEwan University in Edmonton made a simple change to vendor banking information that ended up costing the university $11.8 million. In June, an email was sent to MacEwan staff from what appeared to be a known vendor, Clark Builders, which had been working with MacEwan on various construction projects since 2003. In this correspondence, which went back and forth for several weeks, the email sender made a request that the University change Clark Builders’ banking information. The banking information was changed without further verification, and three separate payments were made to a fraudulent account. Already, $11.4 million has been traced back to accounts in Montreal and Hong Kong, but the investigation into the remaining amount continues.
While the case has been covered by dozens of news outlets as an example of massive fraud carried out through a phishing attack, much commentary has focused on the shocking lack of financial controls in place at MacEwan.
Phishing attacks are nothing new for most businesses, but the methods used have been getting more sophisticated as cybercriminals hone their skills to create increasingly convincing email campaigns and new tools become available to them. However, in many cases, phishing schemes rely on basic social engineering techniques that hope to trick the targets into revealing personal information. MacEwan was the victim of what’s known as a spear phishing attack, which targets a specific organization or individual by impersonating a known associate or client.
In a survey of more than 500 cybersecurity professionals released earlier this year, a majority of respondents (76%) stated that their organization had been the victim of a phishing attack in 2016. While this actually represents a 10% decrease over the previous year’s results, risky behaviours among employees are still rampant. Employee security awareness training is an important measure that organizations can take to reduce they’re susceptible to phishing attacks, but business protocols also need to be in place as a firm barrier against employee error.
Post-secondary institutions will soon find themselves subject to new regulations that require mandatory reporting of cybercrimes. Beyond that, institutions should audit their current accounting processes and evaluate the efficacy of their current internal controls. While security technologies like filters, threat intelligence tools, and other anti-phishing software, can reduce the risk, real protection must be built into an organization’s internal processes.
For accounts payable teams that deal with high invoice volumes or significant payment amounts, an AP automation solution can be an invaluable tool as a way to enforce internal controls. With AP automation, each invoice and payment request is instantly routed through pre-established channels for approval. Employee user access is also strictly controlled in most AP automation solutions, by allowing administrators to customize user credentials based on job role or other factors. Beanworks is a cloud-based AP automation tool that includes all these features, plus on-demand reports as well as invoice and payment audit trails that give administrators the power to know exactly which actions have been taken on any invoice at any time. Within the Beanworks payments module, BeanPay, we also have additional notification measures to enhance security. When vendor information is changed, an instant email notification is sent to the payment administrators.
With Beanworks, organizations get real-time control of their cash flow and complete visibility into the entire AP process. Learn more about how our solution provides a secure way to streamline accounts payable workflows.
Photo source: MacEwan University
Data Entry is Finished. Here’s What’s Replacing it
About 86% of accounting teams enter data manually – and for 40% of them that task takes up a quarter of their workweek. Learn how AP automation can help accountants become more progressive by freeing them from the chore of keying invoices.
Completing An Audit Remotely Can Be Stressful – But There is A Solution
In a normal year, an auditor would meet staff in the office, or rely on physical records and verifications to make assessments. But with COVID-19 limiting travel, they’re now bound to phone and video calls.
If You Think Manual Work is the Biggest Challenge for AP Teams, You’re Wrong
Companies are typically taking up to four weeks or more to pay vendors – unnecessarily incurring late payment fees and breaking down supplier relations. Here are some ways that companies can use AP solutions to improve their purchase to pay (P2P) process.
Straight To Your Inbox
Stay up-to-date on top accounting and finance trends
Sign up for our newsletter and receive our latest resources, news and insights.
Learn More About Beanworks
Discover how AP automation can free your accounting team from manual data entry, delays, and paper-based processes.