Cybercrime is increasing and one of the techniques being used by fraudsters is intercepting invoices or emails which include fraudulent banking details.
Payments are made to these fraudulent accounts and it is highly likely that you won’t see these funds ever again.
Some key tips that we recommend to combat this include:
• Supplier details and bank details should be maintained in your accounting system. Clubs should be producing a payment file (ABA File) from the general ledger system and then uploading this to the bank for payment of suppliers. Many clubs keep supplier banking details in the banking system only.
• Whenever the club receives an email or letter from a supplier showing a change in banking details, we strongly recommended that a phone call is made to the supplier to confirm the change and then document when and whom you have spoken to. Do not confirm the change in banking details via reply email as you may be just communicating with the fraudster.
• When phoning the client to confirm any changes, also use their phone number listed on the official website (use a search engine such as google) as the email or letter received could have a fraudulent phone number on it as well. Don’t click on any links in the email as it may also lead to a fraudulent site.
• Another critically important point is to never trust incoming calls. If you receive a call from a supplier asking you to update their bank account details, you should advise the caller that you will return their call. Once again, go to the organisation’s official website, and use the telephone number listed on the website.
• Fraudsters can also intercept internal emails and incidents have occurred where fraudsters have sent emails acting like management requesting payments to be made. Again, communication is paramount and if it looks unusual, either call management or talk to them to confirm before making the payment.
Common sense is the key in most situations and where a payment or change in supplier details looks unusual, a quick phone call or physically speaking with the person can reduce the risk of a fraudulent payment being made.
Purchasing and payment policies should be updated to include the process undertaken by Club employees where Supplier details are changed and especially regarding banking details.
New employees also need to be made aware of the clubs policy and process regarding supplier details changes.
Utilising our data analytics software and skills within our Club & Hospitality team at Cutcher & Neale, our audit processes include the review of supplier master file data.
We tend to find that the Club staff does not review this master file on a regular basis and there are instances of duplicate suppliers or missing ABN details for example.
We recommend that the Club reviews this master file data on an annual basis and updates accordingly.
Old suppliers that won’t be used in the future should be either deleted or marked as inactive to reduce the risk of payments being made incorrectly.
If you would like help from our team or further information please contact our Clubs Team.