Cyber Crime & Supplier Master Files

Published: 14 September 2021
Updated: 14 September 2021
2 minute read

Cybercrime is increasing and one of the techniques being used by fraudsters is intercepting invoices or emails which include fraudulent banking details.

Payments are made to these fraudulent accounts and it is highly likely that you won’t see these funds ever again.

Some key tips that we recommend to combat this include:

   •   Supplier details and bank details should be maintained in your accounting system. Clubs should be producing a payment file               (ABA File) from the general ledger system and then uploading this to the bank for payment of suppliers. Many clubs keep                       supplier banking details in the banking system only.

   •   Whenever the club receives an email or letter from a supplier showing a change in banking details, we strongly recommended             that a phone call is made to the supplier to confirm the change and then document when and whom you have spoken to. Do               not  confirm the change in banking details via reply email as you may be just communicating with the fraudster.

   •   When phoning the client to confirm any changes, also use their phone number listed on the official website (use a search engine         such as google) as the email or letter received could have a fraudulent phone number on it as well. Don’t click on any links in the         email as it may also lead to a fraudulent site.

   •   Another critically important point is to never trust incoming calls. If you receive a call from a supplier asking you to update their           bank account details, you should advise the caller that you will return their call. Once again, go to the organisation’s official                     website, and use the telephone number listed on the website.

   •   Fraudsters can also intercept internal emails and incidents have occurred where fraudsters have sent emails acting like                           management requesting payments to be made. Again, communication is paramount and if it looks unusual, either call                           management or talk to them to confirm before making the payment.

Common sense is the key in most situations and where a payment or change in supplier details looks unusual, a quick phone call or physically speaking with the person can reduce the risk of a fraudulent payment being made.

Purchasing and payment policies should be updated to include the process undertaken by Club employees where Supplier details are changed and especially regarding banking details.

New employees also need to be made aware of the clubs policy and process regarding supplier details changes.

Utilising our data analytics software and skills within our Club & Hospitality team at Cutcher & Neale, our audit processes include the review of supplier master file data.

We tend to find that the Club staff does not review this master file on a regular basis and there are instances of duplicate suppliers or missing ABN details for example.

We recommend that the Club reviews this master file data on an annual basis and updates accordingly.

Old suppliers that won’t be used in the future should be either deleted or marked as inactive to reduce the risk of payments being made incorrectly.

If you would like help from our team or further information please contact our Clubs Team.

Get in touch

 

The information in this publication contains general advice only. It has been prepared without taking your personal objectives, financial situation or needs into account. You should consider whether the information contained within this publication is appropriate for you. Where we refer to a financial product you should obtain the relevant Product Disclosure Statement or offer document and consider it before making any decision about whether to acquire the product.