How to Combat Payment Fraud with Accounts Payable Automation
September 6, 2017
This past August, accounts payable staff at MacEwan University in Edmonton made a simple change to vendor banking information that ended up costing the university $11.8 million. In June, an email was sent to MacEwan staff from what appeared to be a known vendor, Clark Builders, which had been working with MacEwan on various construction projects since 2003. In this correspondence, which went back and forth for several weeks, the email sender made a request that the University change Clark Builders’ banking information. The banking information was changed without further verification, and three separate payments were made to a fraudulent account. Already, $11.4 million has been traced back to accounts in Montreal and Hong Kong, but the investigation into the remaining amount continues.
While the case has been covered by dozens of news outlets as an example of massive fraud carried out through a phishing attack, much commentary has focused on the shocking lack of financial controls in place at MacEwan.
Phishing attacks are nothing new for most businesses, but the methods used have been getting more sophisticated as cybercriminals hone their skills to create increasingly convincing email campaigns and new tools become available to them. However, in many cases, phishing schemes rely on basic social engineering techniques that hope to trick the targets into revealing personal information. MacEwan was the victim of what’s known as a spear phishing attack, which targets a specific organization or individual by impersonating a known associate or client.
In a survey of more than 500 cybersecurity professionals released earlier this year, a majority of respondents (76%) stated that their organization had been the victim of a phishing attack in 2016. While this actually represents a 10% decrease over the previous year’s results, risky behaviors among employees are still rampant. Employee security awareness training is an important measure that organizations can take to reduce they’re susceptible to phishing attacks, but business protocols also need to be in place as a firm barrier against employee error.
Post-secondary institutions will soon find themselves subject to new regulations that require mandatory reporting of cybercrimes. Beyond that, institutions should audit their current accounting processes and evaluate the efficacy of their current internal controls. While security technologies like filters, threat intelligence tools, and other anti-phishing software, can reduce the risk, real protection must be built into an organization’s internal processes.
For accounts payable teams that deal with high invoice volumes or significant payment amounts, an AP automation solution can be an invaluable tool as a way to enforce internal controls. With AP automation, each invoice and payment request is instantly routed through pre-established channels for approval. Employee user access is also strictly controlled in most AP automation solutions, by allowing administrators to customize user credentials based on job role or other factors. Beanworks is a cloud-based AP automation tool that includes all these features, plus on-demand reports as well as invoice and payment audit trails that give administrators the power to know exactly which actions have been taken on any invoice at any time. Within the Beanworks payments automation module, BeanPay, we also have additional notification measures to enhance security. When vendor information is changed, an instant email notification is sent to the payment administrators.
With Beanworks, organizations get real-time control of their cash flow and complete visibility into the entire AP process. Learn more about how our solution provides a secure way to streamline accounts payable workflows.
Photo source: MacEwan University
With a Recession Looming, It’s More Important Than Ever to Control Cash Flow
While effective forecasting is always a tricky business, enough experts are raising concern that businesses are looking for ways to protect themselves.
How Long Should I Keep My Accounts Payable Records?
Knowing how to manage document storage may not sound exciting, but it is one of the most important things a company can do to protect itself legally and financially.
Looking to Automate? These Tips Will Help You Pick the Right Solution
Using these simple guidelines will take the guesswork out of selecting the right software, ensuring that what you adopt is the best possible match for your organization’s needs.
Straight To Your Inbox
Stay up-to-date on top accounting and finance trends
Sign up for our newsletter and receive our latest resources, news and insights.
Learn More About Beanworks
Discover how AP automation can free your accounting team from manual data entry, delays, and paper-based processes.