Supply Chain Fraud: What You Can Do
By Brian J. Pfeil
The potential for fraud has always existed in the construction, lending and real estate world. However, as electronic communications continue to reach new heights in innovation so has the permeation of complex and sophisticated fraud schemes affecting these and other industries. These trending schemes make it imperative for in-house counsel, business owners, and finance departments to continually review and update your billing practice policies and procedures to protect yourself against this new wave of fraud.
In its simplest form, Supply chain fraud occurs when you make a payment to someone you believe to be a legitimate vendor or supplier within that chain, but the payment is instead diverted to an unintended recipient who walks away with your money leaving your vendor or supplier without payment for the product or services it provided to you. This fraud scheme can arise in any industry in which goods or services are exchanged for something of value, including construction, lending and real estate, making everyone susceptible to this risk.
The various examples of how supply chain fraud is perpetrated are too numerous to state, but the common thread between them is a request for payment that appears to come from a legitimate source that you know and/or trust. People find comfort in routine, so it is not unusual for slight changes or deviations in our day-to-day routine to be ignored or go unnoticed. Fraudsters prey on this tendency in hopes that sufficient attention is not given to those slight changes or deviations, which allows the fraudsters to divert your money from your intended recipients.
Several common fraud methods involve a version of one or more of the following scenarios:
- An employee of your company or one of your vendor/servicer companies will copy or scan a legitimate invoice and create a counterfeit invoice directing the payment to their own account. The fraudster will often use the same payment due in the counterfeit invoice making the diversion difficult to detect from an accounting standpoint. Your billing records show that the invoice was paid, as do the accounting records, when, in fact, the money was diverted and never received by the rightful recipient. This practice is then repeated until you or your company recognizes the diversionary practice.
- In a similar version of this fraud scheme, a hacker (instead of an employee) will breach your vendor’s or supplier’s accounts receivable system and generate a fraudulent invoice or a phony payment request to the hacker’s account. Other times, the hacker will purport to be your vendor or servicer and request that payment be sent to a different bank routing number or account. The request could come by phone, email or letter and will appear to be legitimate.
- A more sophisticated variation of supply chain fraud occurs when a hacker breaches your email system and studies the pattern of payment requests received by your accounts payable department. The hacker, knowing that you are expecting an invoice for a service or product, submits a fraudulent invoice that looks legitimate except for subtle changes to payment instructions (i.e. diverting the money to the hacker’s bank account). The result is that you think you are paying for the services or product you purchased, but the money never reaches the intended recipient.
Supply chain fraud schemes are not limited to transactions for goods and services, and are easily adapted to real estate transactions. For example, a hacker will intercept an email from a lender, broker, seller, or buyer to a closing agent containing wire instructions and will change the content of the email and the wire instructions in the email attachment. Again, the hacker has studied the exchange of emails for this transaction and knows both the proper time to send the fraudulent wire instruction and the format of the email so the instruction appears legitimate.
Some perpetrators will be so brash as to directly contact the closer for a real estate transaction. In this instance, the perpetrator will begin by emailing the closer purporting to be the lender, broker, seller or buyer and ask the closer to wire the proceeds to a particular account. Then, to enhance the credibility of the fraudulent request and discourage you from following up on it, the perpetrator will immediately begin a pattern of persistent and relentless emails or phone calls inquiring about the wire in an effort to coerce the closer into wiring the money to avoid further stress and aggravation created by the perpetrator, without first verifying the legitimacy of the request.
Protecting yourself from these fraud schemes is a challenge given the volume of transactions you or your company may be engaged in on a daily or weekly basis. However, these schemes can be defeated if you stay diligent in your procedures. In order to protect yourself, and your customers, consider implementing the following precautions:
- Encrypt your communications when you send payment instructions to parties to the transaction. Use only encrypted email or facsimile transmissions. Unsecured emails are too easily hacked and can expose you to being victimized.
- Obtain insurance coverage for fraud and cybercrime. Discuss with your insurance agent whether your existing policy covers this type of fraud and, if it does not, request to add a fraud and/or cybercrime endorsement to your policy. Your insurance policy may not cover these losses without an additional endorsement.
- Confirm changes to payment requests before sending the funds. Instruct anyone within your company who makes payments to vendors, suppliers or others to confirm any changes to the routine payment instructions before sending the next payment. Employees should never use the contact information in the communication requesting the change to the payment process to verify the change in procedure. 4. Take swift action. Despite the best of intentions, you may still become a victim to fraud. If this happens, do not delay in taking action. When you detect something unusual, check right away with the related clients, customers or parties on the transaction to confirm whether the unusual activity is legitimate. If it is not, contact the necessary parties immediately . The quicker you act, the better your chances are for recovery.
Regularly reviewing, revising and discussing your supply chain fraud avoidance policies and procedures with your staff, as well as your clients and customers, will help prevent your company or someone else involved in one of your transactions from becoming victimized.
If you have any questions on this article, please contact your Davis & Kuelthau attorney, or the author, Brian Pfeil at 414.225.1414 / firstname.lastname@example.org.