Fraud continues to be a growing problem for suppliers and vendors. Recently we polled 271 credit professionals in the LinkedIn Credit and Professionals Group, and more than half -- 58% -- indicated their firms had been victims of fraud.
While there is no single comprehensive set of data that outlines the types and frequency of commercial trade credit and payments fraud, a number of agencies have noted increases in these crimes. For example, the FBI’s Internet Crime Complaint Center reported a 65% increase in global exposed losses due to business and email account compromise between July 2019 and December 2021.
Those statistics may seem abstract until they hit your company’s bottom line. Credit managers can play a key role in helping reduce vendor fraud by implementing procedures to detect potentially fraudulent customer behavior.
We’ve compiled a list of some of the most common types of fraud in the trade credit space that credit managers need to watch out for, followed by ways to reduce risk.
Crooks steal the identities of other businesses to acquire goods they’ll never pay for. Krebs on Security reported that Dun & Bradstreet saw more than a 100 percent increase in business identity theft in 2019.
Often these scammers will steal the identities of small businesses, including businesses no longer in operation. In the US, for example, a common tactic is to change the mailing address for a business with the Secretary of State which manages the business registration, and then acquire personal identifying information of owners and officers on the dark web. Goods are purchased using the fake address and information.
Scammers may also try to impersonate large companies by using a variation of an email that belongs to a legitimate company. The fraudster will impersonate a large successful, even publicly traded company by just slightly changing the company's email address. They will upload real financials from the company's website, use real (or fake vendor references), and use a fake phone number. At the last minute they'll change the ship-to address. Then they disappear.
It can also be easy to impersonate universities and hospitals, for example, because copies of their purchase orders are relatively easy to find and then replicate, warns David Schmidt, managing director of consulting firm A2 Resources.
Here, a scammer will use falsified credit references to obtain credit. They may create fake purchase orders or invoices and submit them to credit managers as “proof” of their creditworthiness. They may also use falsified contact information for the credit department of a legitimate vendor and then respond positively to a credit reference check.
At Nectarine Credit, we’ve even seen credit applicants try to be their own vendor references. Our fraud protection measures can help flag these to our clients.
Purchases made with a stolen credit or debit card are known as account takeover fraud. Purchases made with a credit card, obtained fraudulently are known as application fraud. Payment card fraud losses worldwide exceeded $32 billion in 2021, of which nearly $12 billion was in the US, according to The Nilson Report.
Cardholders whose cards are compromised are generally protected against fraudulent purchases. In the US, for example, federal law protects cardholders against most unauthorized purchases, as well as by zero liability policies offered by Visa and MasterCard.
If you’ve shipped merchandise paid for with a fraudulent or stolen card, you may face hurdles when it comes to reimbursement. Even if your business isn’t ultimately held responsible for the purchase, you may pay chargeback fees and face higher merchant processing rates if your business is flagged as high risk.
Often referred to as “friendly fraud,” here someone purchases items using a credit card then disputes the legitimate charge. In the US, federal law gives cardholders the right to dispute credit card charges for a variety of reasons, including when the goods or services are not delivered as agreed. But some cardholders take advantage of this right and dispute purchases simply to get goods or services for free.
Gordon Miller, now retired, was a former director of credit, collections, and accounts payable, for a business based in Somerset, New Jersey. The business experienced this first hand when a customer purchased material using a credit card, and then disputed the purchase with his credit card issuer saying he never ordered it.
“We presented documentation regarding delivery of goods, but for a reason I have never understood and never received an explanation for, his dispute was upheld, and we were never paid,” Miller says. “Our processor suggested we contact the customer to resolve the dispute, but to no one's surprise, they never returned our calls,” he adds.
Miller notes that the customer service team did not get a signed purchase order, even though that was standard policy for the firm. They believed that the upfront credit card payment offered enough protection. Would it have made a difference? Miller isn’t sure, but it may have helped.
“Define your process, and stick to it,” he says. “Always require signed purchase orders, regardless of terms.”
There are several forms this type of scam can take, but the basic approach is the same. The fraudsters will look and feel like a legitimate business and may start out by making a few smaller purchases that are paid quickly and often with cash, before making large purchases without intending to cover them.
The initial positive payment history sets the stage for the bigger fraud. The scammers purchase items that can easily be resold for cash, then disappear without paying for them.
Former employees often have detailed information that makes it easier to commit fraud. The employee may have worked for your company, the vendor, or for one of your customers. They can use their knowledge of your company, and your policies and procedures to obtain goods on credit. Their intimate knowledge of your company and the industry allows them to slip through unnoticed.
One member who responded to the poll in the Credit and Collections LinkedIn group described an experience where former employees of a company submitted an application, pretending to still work for that employer. Since the applicant knew the correct information to provide on the application, it didn’t send up any red flags. An account was opened, and they picked up their order.
Neither company realized there was potential fraud until the vendor tried to collect.
Forged documents can be in the form of doctored or fabricated bank statements, credit references, invoices, etc. It’s fairly easy and inexpensive to create authentic-looking forged documents these days. Those documents make it easier for the crook to open an account that otherwise probably would not be approved.
“Forging documents has never been easier,” warns Adam Levin, author of Swiped: How to Protect Yourself in a World of Scammers, Phishers and Identity Thieves, and co-host of the podcast What the Hack with Adam Levin.
“The do-it-yourself, open-air banking system often practiced between tradesmen and suppliers can be exploited by criminals. Reference calls are not always made to check if documents match up, and criminals are counting on that,” Levin observes. “They know what their supporting documents need to look like in the ‘good guy’ economy, and scam their targets with a good story that matches the way people do business. It’s a con like any other, just specialized to home in on the kinds of off-the-books credit arrangements small to medium businesses extend to their customers.”
Understanding the types of fraudulent activities your business may encounter is only the first step. You and your organization also need to understand warning signs so you can act upon them. Here are important red flags to watch out for when reviewing credit applications:
Researching shipping addresses can be key to uncovering fraud. A last-minute change to the ship-to-address, an out-of-pattern ship-to address, or an address that does not appear to be the type of business placing the order is crucial.
Nick Hayes was a former manager for Shell UK, and is now the founder of a consulting firm, ImprovedProcesses.com. He recalls a case in his career where a bus company was ordering fuel cards, and requested a credit limit of £150,000. There were a few tip-offs that something wasn’t quite right, and the address on the order was one of them.
Hayes explains: “When doing due diligence checks, the trading address given didn’t sound quite right. I would expect a bus company to have their depot close to their area of operations, so I completed a Google Earth search and the address given looked like a small factory unit and yard, quite some way out of the town. Not the expected bus depot.”
He questioned the applicant and they submitted proof of address again, this time on letterhead that listed another address on the footer. A search of the new address turned up a housing estate in a different city and, when questioned, the applicant shared yet another address. “Red flags for sure!” he says.
Like Hayes, you can quickly use Google Maps or Google Earth to look up an address and get a street view.
“Check all addresses thoroughly,” Hayes recommends. “If a head office or registered address is different from the trading address, that doesn’t mean it’s fraud, but it should be checked out. Google Street View is quick and easy. Often, we’ll see the same company name on both buildings to ease our concerns – but when it’s a house or a nondescript building, questions need to be asked,” he recommends.
Just because a credit application has landed in your inbox from what appears to be a Fortune 500 company, that doesn't mean you shouldn't look for fraud and go through proper due diligence.
As mentioned earlier, scammers may use information about large, well-known companies to try to make the order appear legitimate. Information about large companies is more easily available through public sources which may make impersonating them easier.
One member of the LinkedIn group shared that the firm she was working for received a large order that appeared to be from a large business. The order was for thousands of dollars of product that would be shipped to a storage unit. Fortunately, they caught it before the goods were shipped.
Pay attention to how the customer communicates with you, and whether it makes sense for the type of business. Are there multiple methods of communication or is it just email, or just a cell phone, for example? Is there a business phone number or customer support phone number available for verification? Do they provide an email address and is it a dedicated email address or a generic one, like hotmail or gmail?
While none of these issues by themselves necessarily indicate fraud, they can signal that you need to dig deeper.
Take a careful look at the email addresses provided for the order, credit applicant and the vendors. Scammers commonly manipulate email addresses to appear legit. Note the extra letters and wrong company names in the email examples below:
A couple of additional tips you can use to spot fake emails:
Email headers may contain detailed information about the email, including the sender's IP address, which can help you identify if the email is fake. While email services vary somewhat, you can usually click on a link or button by the email address that says something like "Show Original" or "View Headers."
Or you can use Nectarine Credit’s platform where we offer our clients more than two dozen fraud protection features.
Make sure all orders are legitimate by doing proper due diligence. A sudden large order may be part of a bust-out scheme for items the buyer never intends to pay for.
Revisit your fraud prevention procedures and take caution before you ship that unusually big order. Be especially cautious if any of the details (ship-to-address, contact, payment method etc) deviate from the original credit application.
And be especially vigilant when large or unexpected orders come in during the last few days of the month or year. “The end of the month is a great time (for crooks) to push things through because people are rushed,” warns Schmidt of A2 Resources.
Name variations that are slightly different from the true company stakeholder names may be a red flag. And similarly new contacts must be verified carefully.
The bus company clients mentioned in Nick Haye’s story above had new directors, which in and of itself wasn’t alarming. “Companies are bought and sold all the time,” he says. But combined with the suspicious address, he decided to dig further.
Working with the company’s anti-money laundering compliance officer, they conducted a search that revealed the affiliations the directors had with other businesses and people.
“From here it became very evident that one of the directors had direct links with international organized crime families, with close family members currently in prison for serious crimes,” he says. The application was denied, and the information from the application was turned over to a UK Scenes of Crime (SOCO) investigator.
Companies should know which of their products are more likely to be stolen and have a high resale value on the black market.
There are six stolen goods markets, according to the Arizona State University Center for Problem Oriented Policing. The term "fence" is used to describe a middleman, or a mover of stolen goods.
The type of goods your business sells will determine the markets in which they may be sold. Bulky items may be sold through marketplaces that rely on in-person sales, for example, while smaller items may be sold online.
You may want to monitor online marketplaces like Craigslist, eBay for Facebook Marketplace for your products, or consider tracking devices like RFID tags to monitor higher-value goods. You can then create a company policy that flags orders of easily sellable products for additional due diligence.
One of the most important steps you can take to avoid fraud is to keep your master customer file up to date, says Schmidt. Credit Today’s 2020 Credit and AR Department Fraud Survey found that only 39% of credit professionals surveyed confirm customer requested changes, while just 29% require a second person's authorization before changes can be made and 42% of firms don’t keep an audit trail of changes to the customer master list.
Schmidt also encourages firms to place limits on who can change that file, and even limit the fields that can be changed by certain employees. Otherwise you risk employees making a change, such as a shipping address or payment method, that either inadvertently or directly enables fraud. “Segregation of duties is essential,” he adds.
While your business may not encounter international organized crime rings, it’s not unusual for scammers to target businesses, and you’ll want to make sure you’re taking steps to help your organization avoid becoming the next victim.
“The best way to avoid being scammed is to act a little more like a bank, even if that means being more adversarial than you would be with the handshake-and-a-prayer approach,” Levin advises. “If you accept documents from other business relationships, be prepared to call the businesses on the documentation, and use phone numbers found on that company’s website, not the contact information from the docs, since that can all be faked. Go slow, and do your homework.”
Develop a fraud screening and prevention policy and keep employees involved. “Employee policies and education are vital to helping prevent fraud," Schmidt says. “Train your people on the types of fraud you’re seeing,” he advises.
Nectarine Credit has more than two dozen fraud protection measures in place to help you spot potential fraud. Other tools that we wrap our fraud protection measures in with, include automated vendor reference checks, digital credit applications to centralize information, and instant bank verifications. Continuous customer and vendor monitoring can help protect your business on an ongoing basis.
Using these tools can help streamline your credit processes and help alert your team to take a closer look when needed. With less time spent on busywork, you can spend more time on the activities that really matter. Fraud is a real concern, let us know how Nectarine Credit can help.