Best Practices for Implementing Payment Controls that Protect Accounts Payable

Scott Siegler, Content Marketing Manager, MineralTree

February 25, 2019

Fraud attempts are only getting more elaborate, especially in the world of B2B payments. Whether you are a large corporation, small business, nonprofit organization or even a political campaign, payments fraud is on the rise. The AFP’s annual survey(opens in new tab) reveals an increase in the prevalence of fraud for the fifth consecutive year, with 78 percent of businesses impacted by fraud last year.

Photo: Association for Finance Professionals

B2B payments fraud is also getting attention from IT teams as it becomes more common. In fact, 85 percent of security professionals(opens in new tab) are not confident their companies have deployed sufficient technology to protect against payments fraud.

If you’re wondering why B2B payments specifically are facing escalating levels of fraud, look no further than the way businesses handle accounts payable today. Not only are accounts payable (AP) teams leaving room for error by entering invoice data manually and trying to juggle dozens of invoice approvals over email, but they also continue to rely(opens in new tab) on the riskiest payment method available — paper checks — in spite of very accessible alternatives.

Why Common Attempts to Mitigate Fraud Risk Fail

Most businesses have taken some measures to establish controls against payments fraud, but as we have learned, fraud risk is a tough lion to tame. This task requires more than an AP manager’s divided attention.

Common tactics companies deploy to attempt to protect against fraud include:

Checking the validity of invoice amounts by forwarding invoices through email to department heads who are working with the corresponding vendor.

Manually comparing invoices to their corresponding purchase orders.

Writing checks throughout the week and having the CFO sign them all en masse.

In theory, these practices are all good ideas to keep the accounts payable process secure, but they are challenging to maintain, especially as invoice volumes go up. If your AP approvals live in Outlook, it’s really easy for invoices to fall through the cracks and never get paid. It’s also easy to forge invoice approvals and very difficult to organize documentation of all approvals for quick access during audits. And when the final approval for a payment depends on the signature of a CFO, every batch of payments hinges entirely on the availability of the CFO (i.e., a lot of potential for bottlenecks).

Simple ways to effectively mitigate fraud risk

In spite of the complex approaches to mitigating fraud risk that people have employed so far, there are a few simple options companies can start taking advantage of today.

1. Transition to electronic payment methods

Unlike paper checks, electronic payments make a lot of sense for accounts payable teams to utilize because they mitigate fraud and increase efficiency.

First, electronic payments like ACH transfers add layers of security by encrypting payment data that is in transit. Virtual card technology goes a step further by employing tokenization, restricting each payment to a one-time use credit card number for a fixed transaction amount. In addition to improved security, electronic payment methods expedite the payment process across the board. More efficient payments open up the potential for you to take a more strategic approach to your payments, seeking opportunities to gain extended working capital benefits.

2. Segregate duties in the payment process

The same principle of checks and balances that keeps the United States government under control is a must-have in your accounts payable process. Segregation of duties is as simple as setting up a process where one person is responsible for queuing up business payments and another person is responsible for approving those payments before releasing the funds.

Has it ever made sense to give one person total autonomy over money coming in and out of a company’s bank account?

3. Automate accounts payable

While automated accounts payable has been an unfamiliar concept to businesses up to this point, many are realizing the opportunities it provides for greater security and efficiency and reaping the benefits(opens in new tab).

An automated accounts payable process(opens in new tab) embeds payment controls — like the aforementioned segregation of duties — into the AP process and establishes them as simple and repeatable processes:

Segregation of duties: AP automation solutions designate separate roles in the accounts payable process by creating separate login credentials and separate dashboards. Not only does this make it incredibly challenging to forge approvals, but it also preserves receipt of all approvals in one central location for easy access at any time.

Dual-factor authentication: AP automation solutions require dual-factor authentication to decrease the probability of account takeovers. Every time someone logs in, they are required to not only enter their password, but a verification code delivered via email or text message, as well.

Auto purchase order match: For those businesses that leverage purchase orders, AP automation can take the pain out of matching them to corresponding invoices by doing it automatically and flagging any that are mismatched.

With these controls in place, it’s much easier to protect and sustain your AP process, even as you continue adding vendors on a monthly basis.

NetSuite has packaged the experience gained from tens of thousands of worldwide deployments over two decades into a set of leading practices that pave a clear path to success and are proven to deliver rapid business value. With NetSuite, you go live in a predictable timeframe — smart, stepped implementations begin with sales and span the entire customer lifecycle, so there's continuity from sales to services to support.