The extensive nature of supply chain networks creates many points of risk. One of such risks, within the procure to pay space is supplier payment fraud. Some examples of procurement fraud are supplier spoofing, business email compromise and spoofing an officer of a company. Procurement fraud is not only becoming more prevalent but is also becoming more and more sophisticated. The fraud instances exploit weaknesses that are prevalent due to manual control processes that many organizations still leverage. The need of the hour is to employ smarter and automated solutions instead of manual controls. To discuss this critical topic, SAPinsider invited Akhilesh Agarwal, COO & EVP, Global Procure to Pay Solutions & Applied Technology at apexanalytix for a discussion. You can watch the full video of the discussion here.

Key Drivers of Payment Fraud Management

As mentioned previously, procurement fraud is not only becoming more prevalent but is also becoming more and more sophisticated. The fact is that majority of organizations have experienced some form of procure-to-pay fraud. Another interesting aspect is that many organizations discover such frauds a long time after they have happened. This was very much evident in an interesting quote from Akhilesh: “We conducted hundreds of vendor risk assessments for very large companies. And we found that fraud exists, or a case of fraud exists in every single one of those companies. Now, if I contrast this with the fraud perception that is out there in the market, according to our upcoming benchmark survey, 50% of procure-to-pay professionals said they did not have a case of fraud for several years.” This accentuates that supplier management professionals often may not be aware that fraud is already happening in their P2P transactions. With large organizations processing thousands of procure-to-pay of transactions, it becomes next to impossible to prevent instances of fraud manually. This is where technology must play an active role. While it may not be possible to prevent fraud manually considering the volume of transactions, and the wide gamut of ways fraud can happen, there are best-of-breed technologies now that can help address this gap. Real-time, automated bank account ownership validation along with controls and monitoring provide the defenses you need to stop payment fraud. As Akhilesh highlights: “The way I think about fraud, specifically payment fraud is that it is a symptom of not having automated controls and compliance technology. What that means is, when you have manual processes, it drags the companies into a reactive state, where you're addressing all of the tasks that are required right now. But then you're not paying attention to where fraud may be happening, or potential fraud may be happening”. The good news however is that technology exists to intelligently “keep an eye” for payment fraud and in many scenarios, Prevent the fraud proactively, vs detecting the fraud after the fact. Akhilesh emphasized this as well: “By inserting automation, it allows for global procure to pay teams to focus on critical concerns that may be coming from fraudsters.”

The Power of Intelligent Payment Fraud Prevention and Detection Tools

While payment fraud is a difficult and important challenge to tackle, fortunately, there is comprehensive software available that can help protect against overpayments, investigate, prevent fraud, analyze large data stores for new insights, and predict results. Many of these solutions use an innovative set of AI-enabled cognitive technologies, standard APIs, and secure open adapters. These solutions allow companies to consolidate and analyze previously incompatible information from all their procure-to-pay platforms, commercial or homegrown. If the solution is robust, no costly or time-consuming integration is required. Organizations get a clear, consolidated view into every aspect of their global operations, from supplier files, invoice, and disbursement data to purchase orders, P-card files, employee data, and more. There is flexibility in deployment options as well. Also, best-of-breed solutions can be hosted on the cloud or installed on-premise. Typically, a solution like the one described will be comprehensive. What this means is that it will have several components, to put sufficient controls and compliances in place for the procure-to-pay process. Fraud detection and prevention will be one such aspect. At a high level, the key components of such a solution are:

• Controls: Continuously detect and prevent payment errors your ERP platforms won’t catch and conduct your own internal audit.
• Fraud Detection: Prevent fraud, uncover employee collusion and determine whether you are doing business with risky suppliers.
• Analytics: Quickly transform large and unwieldy data stores into actionable information.

The fraud detection component of the software solution provides continuous, automated protection, leveraging AI algorithms, to identify and mitigate business risks across. A few examples of these risks can be fictitious companies submitting bills to employees colluding with vendors or employees running fraudulent schemes of their own. Leveraging solutions like these, organizations can get automated, yet intelligent and comprehensive protection from bad actors, both within and outside the business. Akhilesh emphasized this by highlighting some of the capabilities of the Fraud Detect module in apex’s firststrike solution. “firststrike Fraud Detect gives you both individual and composite risk scores to tackle fraud head-on, including the industry’s most comprehensive collection of protective tests, algorithms, and data sources. You can proactively monitor every vendor and every invoice every day. Fraud Detect scores suppliers and employees based on risk factors and generates the comprehensive data needed to conduct a thorough investigation. What’s more, Fraud Detect works seamlessly with any procurement or payment platform – commercial or homegrown – to give you effective protection companywide.”

Use cases of Procure to Pay Risk Management Solutions

While use cases of procure-to-pay fraud prevention and detection solutions are plenty, a significant aspect of these events are tied to the supplier’s network getting compromised. And there are many ways this can happen. Shared emails, compromised passwords due to ransomware or malware incidents are examples of such breaches. Leveraging this information, a fraudster may pretend that they are the actual suppliers, and they may be able to initiate a payment fraud. This was just one example, but the fact is that payment fraud can be initiated in so many ways. Another example of one of the several ways of initiating a payment fraud is a fraudster posing as a supplier and communicating that their bank account has changed, so now they need to be paid in a different bank account. The gist is, without automated and intelligent controls, it may not be possible to deal with the wide gamut of ways fraud can take place in procure to pay process. Akhilesh shared a real-world example and how technology was leveraged to prevent that fraud from happening: “A fraudster approached one of apex’s clients requesting a change to banking information. When this client asked for evidence from the fraudster posing as a supplier, they sent a bank account change request document. As the bank account change document was reviewed, several irregularities were noticed. The PDF had multiple layers within the document, which could not be seen with human eyes. But if you dug into the technical details of the PDF, there were several layers of information pertaining to bank account change requests. This meant that the imposter had used this document for multiple fraud attempts with other customers of that supplier. But fortunately, this client had our tool and they were able to prevent that fraud from happening.”

What Does This Mean For SAPinsiders?

While payment fraud is a difficult and important challenge to tackle, fortunately there are comprehensive software available that can help protect against overpayments, investigate, and prevent fraud, analyze large data stores for new insights, predict results. However, as SAPinsiders embark on building these capabilities, they need to be aware of certain aspects:

• Invest in change control and risk management technology. Automating and infusing intelligence in your payment controls is a critical first step. It is therefore imperative that you consider investing time and money to source and implement a suitable solution.
• Developed an integrated and comprehensive strategy. While solutions help, the fact is that a technology solution alone cannot guarantee protection against fraud. And hence, an integrated approach goes beyond technology and encompasses process controls aspects as well.
• Invest in employee training. We have covered the importance of technology and processes. The third key component is people. In order to leverage a best-of-breed solution optimally, end-users need to be trained.