How to reduce invoice fraud risk?
Invoice fraud is manifold, in all cases the fraudsters will change the banking details of the company which issued the invoice to their own, and as a result, receive the invoiced amounts.
- The criminals intercept the invoice between the time it is posted and its receipt, or by hacking the mail accounts used for sending invoices by e-mail.
- The fraudsters change the invoice to reflect their own banking details on it. They can do this in different ways: a new invoice is compiled with the new details, a sticker (often fluorescent) with the fraudsters' banking details and mentioning a change of bank is placed on the real banking details, etc. Then the invoice is sent again.
- The invoice is received and paid to the new bank account number. It is highly likely that the following invoices will also be paid to the wrong account until the real issuer of the invoice realises that their invoices have not been paid and contacts the debiting company.
Variants of such fraud
Invoicing fraud comes in several varieties. For instance, the debiting company receives an e-mail from what it thinks is its supplier, stating a change of bank and consequently of account number. This message will bear the supplier’s letterhead and seem legitimate. In such cases, no invoices are intercepted, but an ordinary message with the new banking details is sent. All pending invoices as well as subsequent invoices will be paid to the new account number. Whatever the scenario, the aim of the criminals is to make a change to what we call the supplier’s details (phone number, bank references, e-mail address) in order to steal funds.
What safeguards can you take?
- Validate the invoice: check whether you expected the invoice for this amount and check if the supplier details are unchanged compared to previous payments.
- Inform your customers that if they receive a request to change your details (address, phone number, email address, account number, etc.), they should call you on a previously verified phone number given by you to your customers to check if the requested change is valid. Your customers should not use any phone number indicated on the request itself.
- The same applies to you: if you receive a request to change your supplier’s details, you should make a phone call to a previously verified number to check the validity of the requested change. And also in this case you should not use to the number indicated on the request itself.
Download our 'Safeguard your business against invoice fraud' leaflet and distribute it within your company to raise awareness among employees.
The information on this page is provided to you solely for informational purposes in order to make you aware of the most frequent cases of fraud and provide you with recommendations to protect yourself against it. This information does not ensure that your company, acting upon these recommendations is or will be protected against any occurrence of fraud detailed on this website. No rights can be derived from the use of and reliance on the safeguards you take by following up these recommendations. ING does not accept any responsibility or liability with respect to your reliance on and the actions you take as a result of these recommendations. This disclaimer is governed by Dutch law.