The Top Six Ways to Carry out P2P Fraud
By Pete Loughlin, Purchasing Insight
Purchase to pay process, compliance controls, segregation of responsibilities – all things which to a business can, and are, seen as obstacles to just getting things done. But, they’re a necessary evil without which fraud would run rife.
So what are the most common purchase to pay frauds? We can’t necessarily know which are employed most often, but based on common knowledge and a bit of personal experience we think these are good candidates for the top six.
- Hack the finance system
If someone can get administrator access to the finance system, it’s like having the keys to the safe. There’s lots of ways of persuading the IT team to give you admin access especially if you’re involved in system design and testing. Needing to set up new user accounts out of hours for testing has been known to do the trick. In an organisation that hasn’t buttoned down its IT security procedures, there is always a way. Once granted, new fictitious users, suppliers – even bank details are simple to add.
No PO – No Problem
This requires collusion with a supplier. A surprising number of companies will retrospectively create a purchase order to match an invoice in order to get it paid. If invoices are paid on the nod below a certain level, this loophole can easily be exploited. Let’s say for example that any invoice below £1,000 gets paid – even if there’s no purchase order – all that’s then required is to have a chat with a friendly supplier, get a few invoices submitted and split the proceeds.
- Make friends and undermine Control
Segregation of responsibilities is all about preventing collusion and these controls are the enemy of the fraudster who will work hard to undermine them. The fraudster will make friends, do people favours and offer t o take workload off colleagues. When they need to call in a favour that involves compromising controls – it becomes easy.
- Receipt goods that have never been delivered
This is so easy, and in the right circumstances, almost impossible to detect . Take for example a building site. If t he concrete is being supplied by “friendly” supplier, the deliveries could be signed for, but never actually dropped off. The truck leaves the site without dropping off the concrete. The “friendly” supplier gets paid twice for a single delivery. Perhaps the architects will wonder why it’s taken twice as much concrete to build the office block than they estimated but by the time they figure it out, the trail has gone cold.
- Kick backs
There are often unwritten clauses in supplier contracts. Whether it’s cash or a few freebies, many suppliers will collu de to build i n some costs to cover “commission”.
- Diverting supplier payments
Finally, this simple scam has been known to fool even the most com petent AP team. A supplier is selected th at invoices for large amounts on a regular basis. A bank account is then opened in their name – or rather, an approximation of their name. Once the a ccount is opened, it’s a simple step to inform AP of the new bank account details. It’s unlikely that they’ll spot the minor name change and once set up, the fraudster can enjoy weeks, months and in some cases years of someone else's money.