B2B fraud has grown exponentially since the Covid-19 pandemic. A major reason for this was the digital shift in many business operations. The move to working from home also increased a variety of risks relating to the vulnerability of data. It is worth noting though that B2B fraud can also occur offline.
B2B payments fraud can range from forged cheques and fake invoices, to phishing scams and unauthorised access to payments systems. Fraudsters target businesses in a variety of ways take advantage of outdated processes, weak oversight, or gaps in security to steal money or sensitive financial information.
To avoid being exploited and suffering substantial losses, businesses must ensure they are aware of the risks.
Common methods of B2B fraud
Fake invoices
This where fraudsters send an invoice that look real but is completely fake. They hope the business’s accounts payable team processes the payment without questioning its authenticity. Alternatively fresh-air invoicing is where a company issues an invoice for non-existent goods and then draws money from a finance company against that invoice before the actual invoice takes place.
Duplicate payment schemes
Fraudsters submit the same invoice twice, hoping that the accounts payable team does not pick this up and authorises a second payment.
Manipulation of financial records
Fraudsters fabricate financial data to trick parties into doing business with them or providing them with a line of credit.
Criminals impersonate a legitimate business to carry out fraudulent activities. This can involve creating fake websites, opening fraudulent accounts and making purchases on credit under the legitimate company’s name.
Account takeover
In this case unauthorised access is gained to a legitimate account – a bank account, email or social media – to conduct fraudulent activities or steal money and information.
Cyber crime and B2B fraud
B2B fraud can be facilitated by cyber crime and these risks are growing. For example account takeover is often achieved through phishing or social engineering. Businesses need to be aware of:
Phishing scams
These are probably the most common form of cybercrime. Fraudsters send messages that look like they are from trusted sources. Their aim is to extract sensitive information, like account details, and this information to steal money.
Business email compromise (BEC)
This is where hackers pretend to be vendors and send emails asking for urgent payments. The aim is to trick employees into transferring money into bogus bank accounts.
How to avoid being a fraud statistic?
Check the identity of the company you are going to deal with, and its officers.
When a company initiates a new business relationship, it is vital to carry out the necessary due diligence to check the business you are proposing to deal with, and its officers, are legitimate. You should vet any information supplied using multiple sources, for example Companies House, to ensure that the company genuinely exists. Of course, comprehensive money laundering checks can also assist.
Carry out an on-going risk analysis of operational risks
A constant review of transactions is required to ensure that there are no signs that you are about to be the victim of a bust-out scheme. This is where the fraudster opens many lines of credit and eventually abandons the accounts after maxing out credit lines. Unfortunately, the most cunning fraudster may stick to repayment terms, and persuade you to extend credit limits before committing the fraud.
Get a cyber health check
B2B fraud is amplified by cyber crime, which is developing at an alarming rate, so it is vital to get an expert to assess the weak points in your organisation’s defences. The health check is a practical assessment of your current security posture, reviewing existing policies, processes and controls, highlighting areas for improvement and helping you to prioritise next steps. They will also provide security awareness training for you and your team which is crucial to protect your business.
Protect your business from B2B fraud
As the methods used by fraudsters become more and more sophisticated, it is vital that businesses are aware of the signs of suspicious activity, whilst taking proactive steps to ensure their payment systems and processes are secure.
If you would like advice and support in this area, please get in touch. Call 0808 144 5575 or email help@armstrongwatson.co.uk.
