With organizations of all sizes around the country continuing to be top targets of fraudsters, everyone talks a lot about ‘being careful’ with vendor onboarding. But how does 'being careful' avoiding scams actually manifest in the day-to-day duties carried out by those folks tasked with onboarding new vendors and managing vendor changes?
To find out, we went straight to the source and asked the people who work on the frontlines of vendor management. Here is their advice for keeping your organization off a fraudster’s target list and out of the headlines!
The great news? Many of these pearls of wisdom could be put into play by your vendor desk person as quickly as today. (75% of you deal with an attempted or actual fraud every year!*)
#1 - Be Wary of Emailed Information
“Don’t take anything at face value; if in doubt, check it out! Google is my best friend!”
Zero trust in emailed information tops the list when it comes to sound advice on ‘being careful’. In fact, in 2020 the FBI reported that nearly $2 billion was stolen by business email compromise scams. Ms. Foster at UCI double checks any submitted information that doesn’t seem to add up, perhaps a new address or phone number. A quick Google search might turn up something that could explain it. But with one big caveat to all of you Google searchers: not everything you see online is what it seems. Searching is a great first step, but it shouldn’t be your only step!
#2 - Automate Vendor Verification
“I would have to say that doing whatever it takes to ensure the information you are gathering is coming from the actual vendor. That used to mean only accepting hand signed documents when we accepted VDRs, or now, relying on a 3rd party platform to facilitate it.”
Contracts and Procurement Analyst
California State University, Monterey Bay
The team at CSUMB used to go to painstaking effort to verify all incoming vendor information, sometimes using Ms. Foster’s approach, but last year turned to a third party vendor to validate the vendor information on their behalf (that would be us!). Finding a trusted partner to verify vendor information such as phone numbers, addresses, tax ID or banking information can go a long way towards bringing peace of mind to the vendor desk, not to mention creating meaningful efficiencies.
#3 - Slow Down!
“Never take anybody's information and react to it quickly. If somebody contacts you and needs to change their banking information or anything related to their vendor status, I would recommend taking that information down, collect as much data from that person as you can, a phone number, a valid email address, and then set it aside. Because a lot of times if you react to it, and you're right in the middle of your normal everyday duties, you can seriously miss something. But if you can set it aside and say, "I'll be glad to check into that later." It gives you a chance to pause on it and when you get done with whatever it is you're doing, you can give it your full undivided attention. In other words: slow down."
Cabarrus County, NC
Speed often leads to mistakes. Mr. Nunn’s advice to not act on any changes when you are distracted is a salient piece of wisdom. Fraudsters almost always use a sense of urgency to get the vendor desk person to miss a detail or to not follow protocol. We cannot stress enough the importance of being wary of urgency; urgency should almost always be a red flag for you. If someone has created the sense that something related to a payment needs to happen right now, you can almost guarantee it’s a fraud attempt. Take Mr, Nunn’s advice and slow down.
#4 - Don’t Take Shortcuts
“You need to hold your ground when folks want to take short cuts. We do things for a reason, and we need to protect the university. Some of the decisions that we make are not popular. It's not supposed to be what's popular. It's supposed to be what's right.”
On a related note, sometimes that pressure and urgency can come from within your own organization. Someone in a hurry, or someone who forgot to get the PO moving, will push to have rules ignored "just this one time". In 2020, the insurance broker Willis, Towers, Watson published statistics that 66% of financial losses from social engineering were the result of a process not existing or not being followed. While fraudster’s often target AP, Finance and Procurement departments, they are not the only targets out there. Any person at your organization who is dealing directly with a vendor could be a target for social engineering. As Ms. Grayauskie says, you have a procedure for a reason, stick with it. (And if you don’t have a procedure, start now!)
#5 - Channel Your Inner Sherlock Holmes
“Use every available source you have to validate submitted info. While BGSU uses a 3rd party for validating submitted info, I do sometimes need to validate items myself. When I do, I use past invoices and PO’s, internal sources who have worked with the vendor before, and, when necessary, I pick up the phone and call the vendor directly - using a phone number that is confirmed to be associated with the business. Sometimes you need to be a detective!”
Procure to Pay Analyst
Bowling Green State University
Calling vendors to validate information is a time-consuming but great method to have in place. However, it’s worth it to note that with so many people working from home (hello Covid world), you are likely not reaching the vendor with your outbound phone call. If the vendor calls you back from a different number than you used to call them, you are right back to the “identity gap” problem. If you cannot authenticate that number as belonging to the vendor, then you cannot really be sure who just called you to verify that bank account change.
The Best Advice is Automation.
Unfortunately, even when following all the best advice, it is impossible to ensure that employees will never be accidentally deceived by fraudsters who know how to fool even the best-intentioned employee into believing they are dealing with their actual vendor.
Leaders are beginning to understand that asking their people to “be more careful” - and not taking other, more meaningful steps to secure their process- is an invitation for a potentially costly mistake, not to mention a recipe for chronic sleep loss for the people who are given that responsibility.
Want to learn how vendor payments automation can take the burden of vendor verification and the worry of payments fraud off your plate - for good? Let’s talk!
*Association of Financial Professionals Payments Fraud and Control Survey 2021