“The scammers got the needed data from the state procurement register, where the current status and results of international procurements are recorded. This is how information was obtained, for example, about the procurement of Ida-Tallinna Keskhaigla, which was won by a Lithuanian company. The scammers contacted the hospital and presented themselves as the company that won the procurement,” Geenius portal describes the scheme, with which one of the largest hospitals in Estonia suffered a loss of 10,000 euros. The fraudsters presented the hospital with a fake bill that looked very real, and the hospital paid it.
Last year’s largest invoice fraud in Estonia was valued at 35,000 euros, says Centre of Registers and Information Systems that monitors cyber security. Frauds are attempted every year in the amount of millions of euros.
Even the agency’s own employees would have fallen victim to invoice fraud. The story was as follows: Agency registered one trademark internationally, and in connection with this, an employee received an invoice of nearly 2,000 euros with the registration fee. All the information on the invoice matched and it was also drawn up on the correct form of the International Intellectual Property Organization. There was even a reference to a database that looked very real. Fortunately, the agency’s officials decided to check the authenticity of the invoice at the last moment and the fraud did not go through.
The fraudsters use a personal approach
Scammers prepare thoroughly for invoice fraud. Very often, they find a way to sneak into the company’s email server and monitor seller-buyer correspondence, so they don’t even notice that a third party is involved. However, once the communication has reached a point suitable for settlement, the crooks take over the communication and issue an invoice with false bank details.
In addition to financial loss, invoice fraud can cause significant reputational damage. Centre of Registers and Information System cites a situation where false invoices were sent to partners in the same field by falsifying the company’s name and details. As a result, the company’s name was severely damaged and payment receipts to them began to take longer, because the company’s partners no longer dared to make transfers to them.
Smart billing solutions can help to avoid invoice fraud
Of course, there are tricks to avoid fraud. If there is an unexpected letter in the mailbox with a request to change the bank details, it should be checked with the previous communication partner, as well as ensured that the email addresses and domain names match. However, as the above examples show, scammers are often so detailed and well-prepared that such measures may not provide complete protection.
However, there are also technical systems that greatly minimize the risk of invoice fraud. The key words here are smart invoice solutions and the use of machine-readable e-invoices. Finbite offers the most common platform for this purpose in Estonia.
Smart e-invoices move automatically between companies’ accounting systems, they are not sent by email in PDF format. In addition, the entire invoice movement path is encrypted and can only be accessed by logging in as a user. Only companies entered in the Business Register can send invoices to each other, and Finbite customers can exchange e-invoices with international partners through the international Peppol network. Security is added to the process by establishing a purchase invoice approval ring and other in-house invoice approval processes and rules. So, for example, you can require the contract number to be added to the invoice and set the confirmation limit amount for certain employees.
All these solutions help to avoid the risks of sending PDF invoices through email servers. In addition to preventing fraud, e-invoicing solutions also simplify the work of accountants.