Understanding Small Business Fraud - Vendor Fraud

Over my years as a CPA working with businesses of all sizes, I have seen my fair share of fraud with a considerable amount occurring in the last couple of years. Smaller businesses are often targeted by fraudsters because they lack the established controls to prevent the misappropriation of assets by a savvy third party. Unfortunately, these smaller businesses are disproportionately impacted by fraud because they have less capital to work with. Today, we are going to discuss a common method that fraudsters use to take money from small businesses and how small businesses can protect themselves.

What Kind of Fraud are We Talking About?

In the financial world, there are many types of fraud. Today, we are going to talk about someone stealing from a company as an unrelated third party helping to redirect a payment intended for normal business purposes. This is commonly known as vendor fraud. 

How is it done?

A fraudster will contact the accounting department of a business claiming to be one of its vendors. In that communication, the fraudster will request that payments need to go to a new bank account. This new bank account is one that the fraudster controls and was set up exclusively funds meant for a legitimate vendor. If the account information is changed, payments that are meant to go to a vendor are actually going to someone else. If not prevented initially, the fraud is detected when the real vendor checks in on the invoices that are outstanding. While the victim company might have thought they paid them, they were really paying the fraudster all along. Depending on how fast this happens, victim may be able to contact the banks to maybe get some funds back. However, a smart fraudster will know when to cut and run by taking the money out of the fake bank account.

How Can I Prevent This?

In order to prevent this type of fraud from occurring, you should take the following actions: 

1. Educate everyone in the company about social engineering and information security. The reason why this type of fraud has been popular in recent years is because fraudsters know they can exploit a lack of knowledge at a smaller company. Larger companies will periodically engage in security awareness trainings that mimic these types of attacks with the goal of training employees to think before they click or make any other change to vendor records. 

2. Contact the vendor directly. Whenever a vendor requests a change in their bank account information, the first step should be to directly contact that vendor to verify the legitimacy of the request. This does not mean calling the number at the bottom of an email that requested a change because a fraudster can easily make a fake number to fool a victim. The best practice for this step is to contact the vendor based on contact information on a previous legitimate invoice or their website.

3. Establish a standard process for changing vendor information. Having a process set up where at least two sets of eyes are reviewing and approving any changes to vendor payment information is incredibly helpful in preventing this fraud. In addition to having another person review the change, having an established process will help standardize the precautions that need to be taken to verify information. Some companies will also require their vendors to fill out a form, sign it, and provide it by certified mail. While that might be overkill for some, every company needs to find the right balance between security and efficiency when it comes to their vendors.

If you are working for or with a small or growing business, be vigilant! Fraud schemes like this one can cost companies millions of dollars while simultaneously eroding the trust of their vendors. Sometimes, personnel in the payables department are also reprimanded when these frauds occur. So, for the sake of your business, your reputation, and maybe even your job, take the steps necessary to prevent this fraud!