By Priya Giuliani, Director, KPMG Forensic
Think of a financial fraud and the vast majority of people will assume the con-artist scrupulously plans a highly sophisticated attack. They may be right – but not all the time. Some frauds are so simple they are impossible to detect until it is too late.
One, for example, that is increasingly becoming known as ‘Payment Diversion’ or ‘Mandate’ fraud, revolves around fraudsters posing as employees of an organisation’s supplier. They provide false instructions asking for bank account details to be changed. According to KPMG’s analysis, the majority of scams are directed towards organisations where the relationship between buyer and supplier is in the public domain. In all but 4 of the 24 cases uncovered over recent months by KPMG, fraudsters appear to be making use of openly declared business relationships – an unintended consequence of public sector organisations’ determination to demonstrate transparency in their business dealings and private sector businesses informing stakeholders of core relationships.
Of the various instances identified, some have been in the retail industry, but telecoms suppliers, manufacturers, providers of leisure services and public sector organisations are amongst the victims, too. A number of well known organisations have been tricked in this way, with the amounts involved being significant – cases seen by KPMG’s Forensic Team range in value from just over £30,000 lost by one business in a single transaction to a total of £5 million extracted from another.
It seems from KPMG’s analysis that many fraudsters assume a lack of knowledge or a willingness to appear professional and helpful, amongst employees, makes it easy to obtain information. But why share anything – you wouldn’t give away information about private bank account details to a casual acquaintance, so why risk it for your business?
The problem arises, for many organisations, because employees understandably want to appear helpful. But, to adapt a well known phrase, too much talk may not cost lives, but it can certainly cost money. There are a number of ways to spot the profile of a fraudster but even if you know what to look out for, organisations must remain vigilant. It’s about knowing what the ‘red flags’ are, knowing how to deal with them when they are waved and knowing how to redress the problem, if it’s spotted too late.
None of this is an easy task. But being aware of the danger is half the battle. The next step is putting in place a process to make sure that employees know how to prevent payment diversion fraud and from there, ensuring fraudsters know that this emerging trend has been consigned to history.