Mitigating Commercial Credit Fraud
Is Your Company an Easy Target for Fraudsters?
When we first think about credit risk, our minds focus on the financial status of the company in question. To manage the risk that a customer might default, companies implement credit and collection policies and procedures. Those policies and procedures, however, also need to include practices designed to mitigate the risk of fraudulent transactions.
The pace of B2B fraud is accelerating, which only reinforces the need for vigilance. In 2022, 55% of companies suffered at least one payment fraud attack, while 12% were targeted upwards of 10 times according to a report published August 2, 2024 by Trustpair. LSEG Risk Intelligence, which also offers anti-fraud solutions, shared in a webinar presented September 19, 2024, that:
Business Email Compromise (55%) is the most common fraud type followed by Changes to Supplier Information (45%) and Account Take Over (22%) attacks
Checks (65%) have the highest vulnerability to fraud, with ACH transactions (57%), Wire Transfers (37%) and Credit Card payments (25%) also being susceptible
Fraud occurs most often when there are changes associated with a customer (49%) —such as account updates, new locations, or new contacts—as well as during the act of getting paid (33%), and during customer onboarding (12%).
As you can see, fraud can occur at any point in the customer lifecycle. Moreover, the impact can be substantial. According to the Trustpair report, 24% of companies that were victims of fraud in 2022 lost over $100,000, while 5% lost in excess of $1 million. Too often, lost funds are never recovered. And, besides the financial loss, a fraud can impact your customer relationships in the form of mistrust and damaged communications. When a fraud isn’t quickly detected, legal action to recover past due invoices can impact unaware customers.
Tools Used to Commit Fraud
In our electronic age, and as mentioned above the tool most often used to commit commercial fraud is email. In fact, email more often that not is also used in conjunction with the other tools for committing fraud such as fake documents, stolen identities and various forms of deception. Emails are commonly used to divert payments by deception and to steal identities through phishing. For example, beware emails received from someone pretending to be a customer or a criminal sending “ghosted” emails to your customers that provide them with a false “remit to” address.
Falsifying documents is another way criminals perpetrate frauds. For example, a fake purchase order (PO) can have you sending goods to an address not associated with your customer. Criminals like to use unsolicited POs that look like they are coming from a university, hospital, or government agency figuring they might avoid anything more than a cursory credit check. Recommendation: beware of any unsolicited PO from other than an existing customer.
At the root of every fraud is some sort of deception. That’s why it is important to know with whom you are dealing. Is the person on the phone or sending the email requesting a shipment be re-routed really an authorized individual for your customer. Fraud can be internal as well. In the movie “9 to 5” the general manager is having product shipped to a warehouse he controls in order to sell the goods on the side—an all to common scenario.
To continue reading and learn more about the types of credit fraud and how to protect your organization, you must be a paid subscriber.
To learn more about implementing a strategic collections process, join David Schmidt on October 16, 2024, at 1:30 PM EDT for a webinar on the subject
Do you need help assessing your customers’ credit risks? The experts at Your Virtual Credit Manager have default risk probabilities and other financial benchmarks for analyzing your AR portfolio and revealing actionable credit & collection insights.
Readers of Your Virtual Credit Manager can access sharply discounted business credit reports from D&B, Experian, or Equifax through our partner accredit.
Please share this newsletter with your small business customers . . . it just might help them collect faster and pay you sooner.
Common Types of Fraud in AR Organizations
Fraud targeting the order-to-cash process is widespread and requires vigilance. To classify and describe every type of fraud targeting the order-to-cash process, however, is beyond the scope of this article. Nevertheless, there are several fraud scenarios that are pervasive and so require the familiarity of those tasked with credit and collection duties:
1. Email Compromise
This is a common form of identity theft where criminals hack or phish email accounts, either from your company or your customers. Once compromised, they may instruct customers to send payments to fraudulent accounts. For example, a criminal may send a payment redirection email from your compromised email address to a customer. A typical countermeasure is adding a warning to emails, advising customers to confirm any changes to payment details by phone. If a customer’s email is compromised, fraudsters might divert shipments, file false refund claims, or submit fake purchase orders. Always verify shipping addresses and orders through external sources when necessary.
2. Bust-Out Schemes
This fraud targets businesses selling high-demand products (those that are "CRAVED"—Concealable, Removable, Available, Valuable, Enjoyable, Disposable). To perpetrate a bust-out, Fraudsters establish a new business and submit a seemingly legitimate credit application, often using fake trade references and a new checking account showing moderate balances. The supplier trade references often come back on the small side but with excellent payment records. If the references are legitimate, they are probably other vendors about to be scammed. Fraudulent references are also used, the phone numbers given on the credit application belonging to associates of the criminals. Initial small orders are paid promptly, building trust, followed by large orders. Once the big order is delivered, the inventory is quickly diverted elsewhere, the operation shut down, turning your receivable into a bad debt overnight. A key prevention strategy is thoroughly vetting new customers, especially those promising rapid growth. Investigating the backgrounds of principal owners can help identify risks. As a rule of thumb: if a deal seems too good to be true, extra diligence is necessary.
3. Changes in Ownership
When smaller-sized businesses are sold, new owners often refuse to pay the old debts, claiming they only purchased the assets. If true, pursuing the old owner quickly—before the funds disappear—is vital to prevent loss. If the new owner is liable, they should not be extended credit until the previous debts are settled and the restructured company passes a credit review—this is a best practice for any organization, no matter how big the company that was sold. With the sale of a larger company, creditors may receive a Notice of Bulk Transfer. The laws governing Bulk Transfers vary by state and sometime even municipality, but the common purpose is to protect creditors; in our case suppliers that are owed receivables. However, because the time and expense can be considerable, buyers and sellers often waive compliance with Bulk Transfer regulations. This is where things can get murky, especially if one of the parties to the sale is trying to hide their obligation to pay pre-sale debts. Having a legal expert or collection agency partner that is ready to intervene will help your chances of recovering the receivables.
Fraud Prevention Best Practices
While the total elimination of fraud related risk is not possible, there is much that can be done to reduce your firm’s susceptibility to payment and credit fraud. Here are three proven best practices:
1. Engender Transparency
Regularly inform your staff and management of any fraud attempts or incidents to ensure they recognize and avoid similar schemes. This promotes collective vigilance against fraud.
2. Provide Fraud Prevention Training
Educate all employees and management about fraud risks and prevention strategies. Cataloging fraud cases, besides helping identify patterns and vulnerabilities, provides valuable training material for strengthening your defenses.
3. Maintain Up-to-Date Policies and Controls
Implement and regularly update fraud prevention measures. The more comprehensive your policies and controls the better, but there are also a number of simple, common sense things that will improve your security. For example, verify customer details through direct communication and confirm that their bank account is in good standing. Always require verbal confirmation for changes to addresses, emails, and payment details. Customer-facing systems should employ multi-factor authentication, while internal controls should include segregation of duties, bank account oversight, maintaining clean customer records, and tracking changes. Background checks on new employees, mandatory vacations, and cross-training staff on key finance functions further reduce the risk of internal fraud by making it more difficult for employees to work in isolation and thereby perpetuate a fraud.
Closing Thoughts . . .
Always keep in mind that money is the thing that most criminals CRAVE. That is why electronic payment and other financial frauds are becoming more prevalent. After all, most B2B transactions are now settled electronically rather than by paper check.
As with the order-to-cash process, paper-based activities are not as efficient as those that are automated. One of the reasons check fraud is not growing, despite the fact roughly two-thirds of companies have experienced it, is because e-payment fraud, in comparison, provides criminals a much greater opportunity for illicit gain. It is also worth noting that the good guys have made it more difficult to commit check fraud, and given time we will also learn how to better combat e-payment fraud as well.
One corollary to Murphy’s law observes that “nothing is foolproof because fools are so ingenious.” The same can be said of fraud and fraudsters. Fraud doesn’t go away, it instead evolves. The good news is that good policies and controls, updated periodically, can greatly limit the amount of money that criminals might otherwise acquire.