eCommerceNews New Zealand - Technology news for digital commerce decision-makers
Story image
Four major business risks you should watch out for
Wed, 14th Nov 2018
FYI, this story is more than a year old

As businesses digitise their operations it's good news for efficiency and accuracy, but they do come with internal and external risks.

Fraud is one of those risks, according to SAP Concur. The company says it's important that businesses take steps to be aware of key risks and mitigate threats.

Commenting on PWC research on global economic fraud and crime, SAP Concur managing director for ANZ, Matthew Goss says:

"In terms of scammers, the biggest threat to businesses comes from their own employees, who are responsible for 52 per cent of economic crimes versus external actors.”

“While security technology can prevent many cyber attacks, financial fraud is different. It's essential for businesses to monitor human behaviour, and apply and enforce policies consistently. The alternative is to lose large amounts of unrecoverable money as a result of people's actions."

SAP Concur shares four major financial fraud risks:

1.    Double invoice processing

Whether by design or by accident, companies often pay the same invoice twice. This is usually due to a lack of comprehensive accounts payable systems that would pick up the duplicate invoice.

"When businesses have reliable, modern accounts payable systems in place, duplicate invoices are identified before the business pays, preventing losses," Goss says.

"These systems can match up invoices to purchase orders to ensure that all invoices are legitimate and the expenses have been incurred before the business pays. An automated approach means this double-checking can happen without any additional work required. The cost savings can be enormous."

2.     Fraudulent expense claims

Whether by accident or because people feel they're entitled to a little bit extra, fraudulent expense claims can quickly add up. Often, perpetrators start small and, if their actions remain undetected, they escalate their activity until they're stealing significant sums from the business through fraudulent claims.

“Managers want to trust employees and the vast majority of employees are indeed trustworthy," Goss explains.

"It's essential to create a culture in which people feel valued because they'll be less likely to deliberately steal from the organisation. And it's important to put strong policies and procedures in place to catch fraudulent claims before they're approved."

3.    False billing

False billing occurs when a cybercriminal sends an invoice to a company for an expense the company never incurred. When accounts payable processes are manual and burdensome, false bills are often paid without question, leading to significant losses. Or, they may try a phishing approach where they email the company to advise of a change in payment details.

"It's crucial for organisations to educate employees about these scams and have a response procedure in place if the company is targeted," Goss says.

"This can be as simple as advising all employees that they should never comply with an emailed request without confirming it directly with a manager or the supplier."

4. Phishing scams

While phishing, or social engineering, can form a component of various scams, the one thing all phishing scams have in common is a reliance on human error. For example, the man-in-the-middle approach involves gaining access to the corporate email server, intercepting emails, and building a picture of the legitimate activity that happens in the organisation.

The cybercriminal uses this information to create a convincing cover story that lets them trick unsuspecting staff members into making payments or transfers, or exposing sensitive information such as passwords and account details.

"Because most people are inherently honest, they tend to assume that others are too. Instead, businesses must train their employees to be somewhat cynical and take the time to confirm if requests are legitimate before responding," Goss concludes.