Warning over bank details scam
Wednesday 26th October 2011
It all starts with a letter or email: "Dear Accounts Payable department, our bank details have changed to the following. Please can you update your records."
Companies that fall victim to this "change of supplier bank details" scam, currently staging a comeback, may end up paying out large sums to the wrong people, according to fraud experts in PwC’s forensic services.
Andrew Gordon, forensics partner, PwC said: "Although in 99% of the cases this type of scam fails, in the 1% where the fraudsters succeed, it is very lucrative, with six figure losses by no means unusual. The combination of the current difficult economic climate and continuing pressure in companies to reduce staff headcount, including finance control functions, is definitely encouraging fraudsters to try their luck with this type of scam again."
To avoid being the next victim, PwC forensic experts advise companies to take some simple precautions. The first of these is to check procedures for dealing with such change requests. Their tips include:
* Phoning the supplier using a number taken from their website, ideally speaking to someone you know and have known for some time, to confirm the details of the change;
* Making a note of the call;
* Checking if the resulting change to the supplier master file requires a senior level of dual authorisation, for example, the same as for authorising a salary payment run;
* Confirming the change back to the customer in writing, preferably before processing the next payments.
Gordon said: Companies should also watch out for the giveaways. For example, the letter will often include the invitation "in order to confirm this instruction, please call me on my direct dial number xxx" - this will be an unconnected rented line or a service office manned by the fraudsters.
"Similarly they should beware of supposedly confirmatory emails from almost identical email addresses, such as .com instead of .co.uk, or an address that differs from the genuine one by perhaps one letter that can be easily missed."
PwC also advises warning staff of the potential for such a scam because before sending the letters, the fraudsters will often make "pretext" calls to try and get information to increase their chances of success.
This includes asking for the names or direct telephone numbers of people in the accounts payable department, or the supplier reference number for a particular supplier or to confirm month end balances payable. Information is also gathered by fraudsters through Freedom of Information requests and via compulsory public sector disclosure requirements. Businesses should make sure they don’t disclose more than they need to.
Gordon said: "Don’t forget to consider also the inside job. Is there anyone in your organisation who could create such a letter him/herself, and then arrange for a supplier’s bank details to be changed? If so, that person probably has too much authority. Segregation of responsibilities between processing and approval remain key along with regular reconciliations and follow up of exceptions."
Have your say on this story using the comment section below
blog comments powered by Disqus
Editorial Contact Details - Conor Shilling