Detect & Prevent Invoice Fraud in Companies
Bank Data Fraud in Companies—a Serious Threat
As digitalization progresses, it is not only intelligent automation and global networking that are experiencing a rapid upturn. Even corporate criminals have long since discovered the increase of digitally-mapped business processes of companies as a gateway for manipulation. In particular, the diversion of payments to vendors by means of counterfeit invoices (also called mandate fraud, payment redirection or payment diversion) is on the rise worldwide—and it is extremely lucrative for the perpetrators. Fraudsters try to redirect a business partner's bank account to their own account—for example by using forged paper invoices or emails with alleged changes to the business bank. The fraudsters often determine the internal processes and understand internal procedures and approval levels through social engineering. In the past, forged documents were easily detectable by their language choice or design, whereas today's replicas usually look deceptively similar to the originals. This increases the risk even more.
High Number of Unreported Frauds with Forged Invoices
The constantly growing damage by invoice fraudsters is difficult to quantify, as many companies do not publish such fraud cases—also for fear of possibly damaging their image. For the employees involved, such a fraud case is extremely stressful and not always without consequences.
Prominent fraud cases with forged bank data from recent years
- U.S. Manager Transfers a Sum in the Millions to Fraudsters
- German Automotive Vendor Falls Victim to CEO Fraud
- Company Loses £17,000 to Fraudsters
Community Approach to Fight Invoice Fraud
So far, companies have little to oppose fraud attempts with manipulated bank accounts—except the labor-intensive, manual review of changed business partner accounts. The Corporate Data League (CDL) Fraud Detection & Prevention Community opposes this circumstance: Its members focus on the often neglected topic of banking data fraud. In accordance with the "shareconomy principle", community members of multinational companies regularly exchange experiences and develop new approaches to effectively prevent fraud with vendor account data—such as the joint evaluation of bank accounts.
Members of the community regularly exchange banking fraud information and work together to develop effective fraud prevention solutions.
The trust score quickly and easily identifies trustful bank accounts of vendors and other business partners.
Our system automatically warns all members of the community when a fraud case is detected. The blacklist is maintained by all members.
Shareconomy: Effective Approach against Invoice Fraud in Companies
In particular, medium and larger companies are becoming increasingly targeted by white-collar criminals, who want to tap into payment transactions with vendors by using forged invoices. While the potential for fraud of individuals or small businesses is rather low and the risk of getting caught equally high, manipulation of corporations promises significantly higher revenues for the fraudsters. Furthermore, there is a lower chance of such an attack being detected; especially because of the distribution of responsibilities to several employees or even departments.
In some cases, the resulting damage can amount to several million Euros, as several examples have shown in the past. In addition to the financial losses, the affected companies often suffer damage to the corporate image, which is why many fraud cases are often not even reported to the authorities.
But how can the risk of becoming a victim of invoicing fraud be reduced? And how can the effort be minimized to manually check every change or creation of a payment connection? Here, CDL's Fraud Detection & Prevention Community principle provides an effective solution by spreading the validation of payment data across many people; where you simultaneously become part of a community with many vigilant eyes.
The Fraud Detection & Prevention Community
What are the best practices to avoid invoicing fraud? How can you better protect yourself as a company against counterfeit bank data? These and other questions are discussed in regular workshops and phone calls by members of the Fraud Detection & Prevention Community. Many technical topics are discussed together in the group as well as how to further improve the Fraud Protection module. In addition, the cross-sector network also gives you the opportunity to talk directly to other companies about company-specific problem areas.
Our members about the Fraud Detection & Prevention Community
"Sharing proven bank account data saves significant time, compared to contacting the customers/vendors directly to verify new bank accounts. "Data Shareconomy" like the CDL is an effective approach to unlock this source of trusted information."
Philippe Baumlin, Manager of Global Master Data Strategy, BASF
Shared-Maintained Trust Score for Trusted Bank Accounts
When can you trust a bank account? When the account has already been used by several members of a community for payment and has been verified through regular use in everyday transactions. This is precisely the principle used by the Fraud Detection & Prevention Community. For this purpose, the bank accounts of the participants are evaluated by a sophisticated point system—the CDL trust score.
The basis for the trust score is the anonymous sharing of the bank details from the various member companies. The higher the score, the higher the confidence in the respective bank account. A trust score of "1" is obtained when one of the member companies has already transferred funds to the account number that is to be evaluated and the transfer took place at least three months, but no more than two years, in the past. The trust score increases by one point if one of the following conditions is also met:
- More than 10 transactions in the specified period
- A total of more than CHF 100,000 was transferred during this period
Finally, the trust score is calculated according to the total score of all members of the community and is made available to all participants in a whitelist. With a sufficiently high trust score for a bank account, the risk of becoming a victim of invoicing fraud significantly decreases.
Integrated Warning System for Suspicion of Invoice Fraud
If a suspicious case of bank data fraud occurs regarding a member company of the CDL community, it can be reported within the fraud protection module. This automatically alerts all participants with a corresponding message and they can then react accordingly. Past cases of attempted bank data fraud are collected in a central list and are available in a blacklist to all community members.
Tips on how to avoid invoice fraud in a company
The review of new or changed payment data should always be done by at least two people in order to reduce the risk of a social engineering attack and to increase overall attention.
If there is a suspicion of invoicing fraud, it should be communicated directly to the supervisor in order to take appropriate action. In order to reduce the fear of negative consequences, an appropriate reporting system should be anchored in the company, which enables the sanction-free identification of possible errors and sources of errors (for example, CIRS).
Today, scammers are increasingly using social engineering methods to learn the customs and habits of individual employees. Also, invoice forgeries are getting better and better thanks to increasingly powerful software and even experts find it difficult to identify them as fake.
Trusted services such as the Fraud Protection Module of the Fraud Detection & Prevention Community for the validation of bank data provide additional security and distribute the necessary work among several people.
Implement a company-wide or cross-company blacklisted fraud warning system to alert all involved parties (such as colleagues or other departments) in the event of a fraud case. One possibility is the jointly maintained "Fraud Alerts" of the Fraud Detection & Prevention Community.
FAQ: Frequently Asked Questions & Answers
As a member of the Fraud Detection & Prevention Community, you become part of an expert community that regularly exchanges and meets to work together to find solutions that will help protect your business from bank data fraud. The members meet as a work group at workshops and exchange ideas during web sessions. The focus of this meeting is the exchange of best practices and the advancement of current technical solutions for Fraud Protection.
All members can directly use the Corporate Data League (CDL) Fraud Protection module. The app helps member companies to protect themselves from invoicing fraud with a whitelist and an additional blacklist approach.
The fraud prevention module includes 3 functions:
- The Fraud Dashboard: an up-to-date overview of the trust scores of banking data within the community and current invoicing data fraud cases
- Fraud Cases: an anonymous, up-to-date list of recent invoicing fraud attempts reported by members
- Whitelist: A tool to check specific account numbers or to display the CDQ trust score and the maximum scores of this single bank account
Currently, the whitelist has more than 1 million account details used to calculate the CDL trust score. The app can either be used online with the trust score for individual account connections to be queried or it can be integrated into your ERP system via API. If you do not want to start immediately with an API solution, a batch solution is also temporarily possible.
With the help of the blacklist approach, the member companies share current invoicing fraud attempts. These are displayed in the app and sent by email. This means that you can immediately highlight these account details in your systems and ensure that no one in your company transfers funds to these accounts. As soon as a company detects and releases a new fraud case, all other community partners are informed by email. In addition, all released fraud cases are searchable, manually via the App and automatically via API.
The Trust Score expresses confidence in the account information of a particular vendor. It is a simple indicator, which is higher when more member companies have transferred money to this supplier. The higher the score, the less likely it is that it is not a scam account.
The Fraud Protection App provides members of the Fraud Detection & Prevention Community with the entire CDQ trust score and with the max. 5 highest individual ratings of individual members.
The basis for the trust score is built on the anonymous sharing of bank details by member companies.
The trust score displayed in the whitelist is the sum of the individual ratings of the members. This rating is automatically generated based on the available data of each company and can range from 0 to 3.
How many points are awarded for each bank account depends on various conditions, such as:
- Has money already been transferred to the account number being evaluated?
- Have several transactions already been made to this bank account?
- Have higher amounts already been transferred?
- Was the transfer made during a specific payment time frame?
The higher the assigned trust score, the more trustworthy the rated bank account.
You would like to know more about the calculation of the trust score or have questions about the evaluation of bank details? Feel free to contact us. We will be happy to help you!
Through our community members’ innovative data-sharing approach, we help become more secure regarding the companies involved. But just like any compliance manager, we recommend that you implement more than one measure against bank data fraud. However, it is exactly these topics that you can discuss in the community with experts who are in a similar situation.
Member prices depend on the type of community membership. We will gladly create an individual offer for you.
The Corporate Data League (Link) is a community that currently has three types of memberships:
| Membership Fraud Detection & Prevention Community | Full Membership Corporate Data League | Steering Committee Membership Corporate Data League | |
|---|---|---|---|
| Participation in 3 two-day workshops per year | X | X | |
| Participation in the control circuit meetings including the codetermination of app development | X | ||
| Participation in workshops and phone calls for the Fraud Detection & Prevention Community | X | X | X |
| Usage of the Fraud Prevention Module | X | X | X |
| Usage of the Data Validation Module | X | X | |
| Usage of the Address Curation Module | X | X | |
| Usage of the Matching Module | X | X |
You, as a company, should be generally interested in innovative solutions and be ready to actively shape the community. We will gladly discuss the exact procedure and further questions with you in person.
No, the focus of these apps is vendors who are paid via transfer.
Are you interested in our Fraud Detection & Prevention Community?
Are you interested in avoiding invoice fraud in companies and have questions about the Fraud Detection & Prevention Community? We will help you gladly and without any obligation!
9008 St. Gallen
Switzerland
78224 Singen
Germany
