x
By using this website, you agree to our use of cookies to enhance your experience.
We have 1 guests online 
Sign up

Warning over bank details scam

Wednesday 26th October 2011

It all starts with a letter or email: "Dear Accounts Payable department, our bank details have changed to the following. Please can you update your records."

Companies that fall victim to this "change of supplier bank details" scam, currently staging a comeback, may end up paying out large sums to the wrong people, according to fraud experts in PwC’s forensic services.

Andrew Gordon, forensics partner, PwC said: "Although in 99% of the cases this type of scam fails, in the 1% where the fraudsters succeed, it is very lucrative, with six figure losses by no means unusual. The combination of the current difficult economic climate and continuing pressure in companies to reduce staff headcount, including finance control functions, is definitely encouraging fraudsters to try their luck with this type of scam again."

To avoid being the next victim, PwC forensic experts advise companies to take some simple precautions. The first of these is to check procedures for dealing with such change requests. Their tips include:

* Phoning the supplier using a number taken from their website, ideally speaking to someone you know and have known for some time, to confirm the details of the change;
* Making a note of the call;
* Checking if the resulting change to the supplier master file requires a senior level of dual authorisation, for example, the same as for authorising a salary payment run;
* Confirming the change back to the customer in writing, preferably before processing the next payments.

Gordon said: Companies should also watch out for the giveaways. For example, the letter will often include the invitation "in order to confirm this instruction, please call me on my direct dial number xxx" - this will be an unconnected rented line or a service office manned by the fraudsters.

"Similarly they should beware of supposedly confirmatory emails from almost identical email addresses, such as .com instead of .co.uk, or an address that differs from the genuine one by perhaps one letter that can be easily missed."

PwC also advises warning staff of the potential for such a scam because before sending the letters, the fraudsters will often make "pretext" calls to try and get information to increase their chances of success.

This includes asking for the names or direct telephone numbers of people in the accounts payable department, or the supplier reference number for a particular supplier or to confirm month end balances payable. Information is also gathered by fraudsters through Freedom of Information requests and via compulsory public sector disclosure requirements. Businesses should make sure they don’t disclose more than they need to.

Gordon said: "Don’t forget to consider also the inside job. Is there anyone in your organisation who could create such a letter him/herself, and then arrange for a supplier’s bank details to be changed? If so, that person probably has too much authority. Segregation of responsibilities between processing and approval remain key along with regular reconciliations and follow up of exceptions."

Have your say on this story using the comment section below

Mike Jones





blog comments powered by Disqus
Feedback:
If you have any questions or suggestions about this article or our news section, please don't hesitate to contact us.

Editorial Contact Details - Conor Shilling
conor.shilling@angelsmedia.co.uk
0845 672 6000
Related News Stories
Most Read News Stories