Why businesses need a fraud mitigation plan


Businesses are making more of their payments to suppliers electronically. As that happens, the risk of payment fraud is increasingly daunting. Fraud cases are on the rise, and stopping fraudulent behavior has become a top priority for senior management. Criminals are infiltrating supplier e-mail accounts and creating web domains to send “spoof” emails from legitimate suppliers. Scammers are stealing credentials through phishing and other schemes to take over AP systems, bank accounts, vendor management systems, and emails. Crook are even impersonating suppliers in the process of being onboarded to intercept their first payment.

These types of fraud are insidious.


The rising risk of payment fraud

Research conducted by the Institute of Finance and Management (IOFM) suggests that companies are under siege by fraudsters. Forty percent of companies surveyed by IOFM experienced multiple attempts of payment fraud in 2020. Another 30 percent of companies reported one case of attempted payment fraud. Organizations large and small are at risk, and traditional fraud prevention strategies such as staff training, check positive pay, and reconciling accounts daily are proving insufficient.

Complicating matters further for AP leaders, the shift to remote work has disrupted established processes and procedures for approving invoices and paying suppliers. Some businesses have been forced to choose between hardened checks and balances and getting suppliers paid. Many businesses are relying on insecure and high-risk emails to route invoices for approval. Emails don’t ensure chain of custody, can’t enforce segregation of duties, can’t provide visibility into the status of an invoice, don’t log actions taken on an invoice, and can’t prevent invoices from being deleted ahead of schedule. Not surprisingly, 65 percent of finance leaders surveyed by the Association for Financial Professionals (AFP) believe that the disruption caused by the pandemic has contributed to an increase in payment fraud. AP leaders rank fraud as their biggest challenge in a remote work environment, IOFM finds.

Equally worrisome, the move to electronic payments is introducing new risks. Sixty-three percent of finance leaders report that Business Email Compromise (BEC) is the primary source of fraud attacks at their company, according to AFP. Seventy-six percent of companies experienced BEC fraud in 2020 and one-third of companies reported a financial loss because of email scams such as BEC.


Reducing the impact of payment fraud

Data from the Association of Certified Fraud Examiners (ACFE) finds that the total cost of occupational fraud, cybersecurity breaches, and other fraudulent activity on a company is high:


    • Fraud losses: stolen funds, goods and services, and chargeback costs.
    • Tools and headcount: costs of detecting and mitigating fraud and taking corrective action.
    • Partner impact: loss of trusted partners.


The staggering cost of risk has made fraud risk management a top priority for businesses.

While there is broad agreement among finance leaders that concerted efforts are needed to reduce the rising threat of payment fraud, there is considerable disagreement about how that should take shape.

Background checks and anti-fraud policies are the table stakes in eliminating vulnerabilities.

Many approaches to fraud mitigation remain parochial and don’t incorporate the requirements of different teams or broader goals. Fraud mitigation must become a ‘way of life’ or part of the corporate culture for businesses.

That starts with developing a fraud mitigation plan that strengthens prevention controls.

Businesses must develop a forward-thinking fraud mitigation strategy that incorporates shared business goals, a framework for establishing a common reference model, and a holistic view of the customer journey. It all starts by involving enterprise stakeholders and balancing their sometimes-competing requirements to define a fraud detection strategy rooted in reducing the total cost of fraud and aligned with broader business objectives. Businesses may want to perform a fraud risk assessment to understand their fraud controls and identify potential openings for fraudulent activity.

While it’s tempting to think that stopping fraudulent behavior is the responsibility of internal audit or an audit committee or other function, in most organizations, AP and procurement are best equipped to lead these fraud mitigation efforts because of their role within the organization.

The fraud mitigation strategy must define a clear pathway from disparate thinking toward achieving a shared philosophy for fraud detection. It should detail staff due diligence and training, ongoing education, internal controls, consistent procedures for verification, and strategies for ensuring end-to-end validation. The fraud mitigation plan should also lay out a strategy for regulator evaluation and improvement.

A fraud mitigation plan can give businesses the upper hand against the most determined criminals. Risk mitigation reduces operational costs, reinforces a company’s reputation, and helps a business avoid potential regulatory issues — all of which are good for financial statements.

Want to learn more about mitigating your company’s risk of payment fraud? Join Corcentric for our upcoming webinar, How to develop a plan to mitigate the risk of fraud.