The Hidden Risk of Payment Fraud

ARTICLE - Accounts payable departments are under siege from fraudsters.

The sudden shift to remote working disrupted established policies and procedures for how businesses pay their suppliers.

Businesses have been forced to choose between circumventing hardened checks and balances to mitigate potential fraud risks and get their suppliers paid. Many businesses physically transport around town for review and approval. Other businesses are leaning hard on e-mail to route invoices and payment requests for approval. Some businesses provide trusted employees with check stock and check printers to make supplier payments from their homes.

These types of workarounds don't provide a chain of custody assurance. They don't enforce segregation of duties. They don't provide visibility into the status of payments. They don't log the actions taken on a payment. And they don't stop checks from becoming lost or misplaced.

Accounts payable leaders recognize the risks.

The rising risk of payment fraud

Accounts payable leaders say the increased risk of fraud and compliance issues is the biggest operational challenge created by the shift to remote working, according to an online survey conducted last year by the Institute of Finance and Management (IOFM). Nineteen percent (19%) of accounts payable leaders say they are "concerned" about how their department is doing things these days.

Seven percent (7%) of accounts payable leaders admit that they are "overwhelmed" by it all.

For their part, eighty percent (80%) of finance executives surveyed by Forrester Consulting describe themselves as being "concerned" or "very concerned" about the risk of payment fraud.

Law enforcement agencies share the concerns of accounts payable leaders and their bosses.

Interpol, the Federal Bureau of Investigation (FBI), the Internal Revenue Service (IRS), and State Attorney Generals from across the United States are warning that attempted payment fraud is rising.

Seventy percent (70%) of accounts payable departments were the victim of attempted payment fraud last year, IOFM reports. Forty percent (40%) of accounts payable departments experienced multiple attempts.

How to mitigate the risks of payment fraud

Building governance controls into your processes, training staff on detecting suspicious transactions, and paying suppliers electronically significantly reduces the risk of fraud losses.

But these measures aren't enough, especially in today's increasingly digital commerce environment.

Businesses must also prevent sensitive information from falling into the wrong hands as it travels to and from their NetSuite ERP.

Without the proper controls, transmitting a payments file to your bank, a payroll system, or a third-party payments solution, or downloading bank statements to your NetSuite ERP creates an opportunity for bad actors to intercept data for fraudulent activities.

Businesses can safeguard their sensitive information by deploying a solution that provides secure bi-directional connectivity between their NetSuite ERP and third-party servers. These solutions establish a Secure File Transfer Protocol (SFTP) connection between a company's NetSuite ERP and specified endpoints, such as a bank, a supplier, a customer, or a Supply Chain Financing company.

Accounts payable no longer must send or receive payment files via e-mail, which is unsecure. With the secure connection in place, files such as invoices ready to be paid and bank statements can be digitally transmitted using industry-standard 2048-bit RSA encryption. All passwords and URLs used by the connector also are encrypted. The secure connection can be used for one-time uploads and downloads, as needed, or scheduled recurring inbound and outbound transmissions.

As an additional level of security, best-in-class connectors are built for NetSuite and run inside NetSuite, which eliminates the need for risky third-party hosting or data routing.

"Built for NetSuite" connectors store all configurations and backup files within the highly secure NetSuite infrastructure, which tightly controls user privileges and keeps all data within NetSuite.

In some cases, middleware is necessary, such as in securely transmitting payment files to some banks. The solution can use 2048-bit RSA encryption to route files to AWS with a static IP address and PGP packet-level encryption from AWS to the bank or other endpoint.

Stop payment fraud in its tracks

Today's reality has increased the risk of payment fraud in accounts payable departments.

The steps that businesses have taken to mitigate their risks are a good start. But unless businesses establish secure connections between their ERP and third-party servers, their data will remain at risk.

Connectors that are built for NetSuite inside the NetSuite ERP address this vulnerability.

Looking for a way to send and receive payment files and data securely? iCloudAuthority offers eConnector SFTP, a solution Built for NetSuite that runs inside NetSuite.

For more information on how secure connections between your ERP and third-party server to make supplier payments, contact iCloudAuthority for a free consultation.