There are lots of ways for companies to get vendor payments wrong — and they all come down to poor internal controls and a lack of visibility into company-wide spend. At the most extreme is payment fraud. Even the most prominent companies are vulnerable to this. In one infamous case, a cybercriminal managed to get $100 million out of Facebook and Google through fraudulent invoices before the scheme was uncovered. Amazon also lost a whopping $19 million through invoice fraud.
An important point regarding vendor fraud is that even if your own systems are secure, your vendors could experience a breach. When that happens, someone not associated with the company could gain control of their email and send an invoice that looks completely legitimate. Even if their systems are not breached, it is easy for bad actors to “spoof” the email address and make it look like a message came from a legitimate source.
Airbase’s Risk team recommends employing out-of-band authentication (OOBA) as an additional security measure. The principle behind OOBA is that authentication must happen via two different channels — email and an SMS text message, for example. That way, fraudsters who have only gained access to email can’t authenticate attempted transactions. Make sure that you use a known phone number or call the main number for a company from their website.
Of course, there is also simple human error, where amounts owed aren’t accurately communicated or payments for the same thing are made more than once. But, whether AP teams pay a fraudulent bill or overpay for goods or services due to bad or incomplete information, the cause is the same. Poor visibility and control make businesses vulnerable to fraudsters and to accidentally making inaccurate or duplicate bill payments.
How do these pricey payments happen, even with extremely competent AP teams, and how can you know if you really should pay a bill? Here are some of the risks and how to avoid them.
Lack of visibility.
Risk: Without clear policies in place, employees can submit bills for non-compliant goods and services. Often this happens without nefarious intent — the rules simply aren’t clear or the information isn’t available.
AP teams face similar challenges. When paying a bill, they may not know if it’s for a product or service the company already pays for, or if they could qualify for bulk discounts. If they don’t have the back story to a bill, including who approved it, they can easily miss vital information.
Control: An approval process that follows intuitive workflows for all spend activity, including card spend, bills, and purchase orders, ensures that every transaction has been vetted by the right people. Smart AP teams build in contingency plans, including automatic rerouting if an approver is absent, and make it easy to approve a bill via Slack or mobile so nothing is held up.
Siloed payment methods.
Risk: If bills are paid in multiple ways — sometimes by virtual card, sometimes by ACH through a siloed bill payment platform — it’s easier for duplicate payments to go unnoticed. This is particularly true if payments aren’t reconciled to the GL until month-end.
Control: A consolidated system for all non-payroll spend will surface all payments to vendors from each payment system before month-end.
Unorganized vendor records.
Risk: Duplicate vendors, missing historical records, and uncertain payment terms can all lead to accidental duplicate payments. Unorganized vendor records also make it possible for an illegitimate vendor to be paid.
Control: Full insight into a vendor’s history helps avoid duplicate payments. It should be possible to easily access:
- All previous transactions.
- Historical payment records.
- Open bills that still have to be paid.
A vendor should only be represented once, since duplicate invoices can be generated if an ERP has multiple records for a vendor.
Giving each vendor a portal to manage their payment information is also important. If a vendor can track the status of a payment, they’re less likely to repeatedly send invoices. If they can edit their own vendor profile, the risk of things slipping through the cracks because of incorrect information is greatly reduced.
An intelligent system can also check that a vendor has submitted a W-9 before payment, which provides another check against fraudulent invoices.
A disconnect with purchase orders.
Risk: An invoice arrives, but it’s impossible to verify if it reflects the correct amount, or even if the goods and services were ordered in the first place.
Control: A purchase order provides a clear record of exactly what was purchased and what the terms were. Matching an invoice with a PO ensures that everything is correct, and the bill created after the match can be paid. A bill pay platform without a PO module lacks this additional measure of control.
A purchase order process supported by accounting automation removes the risk of errors. John Mackin, Head of Finance and Growth at Curaytor, explains the difference an automated spend management platform makes:
“The way I would describe it is that every time I get an invoice, I forward it off to the inbox and it’s matched. In the past, when an invoice hit an individual’s inbox, it’s a single point of failure, but now, going directly to Airbase, it’s click-click-pay. We’ve eliminated that point of failure.”
Risk: Invoices often arrive without any context, so it’s difficult to know the history, or if more questions need to be asked before payment. Sometimes, it’s easier to just pay the bill than to track down the people associated with it to get more information.
Control: If all relevant documentation, including email correspondence, is attached to the transaction record, questions can be resolved right away.
Risk: Manual data entry opens the possibility of data entry errors and paying an incorrect amount.
Control: Accounting automation eliminates the risk of manual data entry errors.
Preventing bill pay errors with spend management.
The accounting automation and customizable approval workflows found in a spend management platform provide the visibility and control necessary to protect against invoice fraud or accidental payment. Little details, like a smart invoice inbox and vendor portal provide additional protection, while at the same time streamlining the bill paying process and reducing the amount of work for AP.
Find out how Airbase provides the clarity and control you need, and never wonder if you really should pay a bill again. Schedule a demo with us!