KPMG warning on “Payment Diversion” fraud

Accountancy firm, KPMG, is drawing attention to fraud suffered by businesses that have been advised that a supplier’s bank account details have changed.

Over the past six months, KPMG’s forensic team has examined 11 new cases of this type of fraud and become aware of at least 13 more.

Cases range in value from just over £30,000 lost by one business in a single transaction to a total of £5 million extracted from another.

It also appears that there is little discrimination in the type of organisation being targeted.

Increasingly known as “Payment Diversion” or “Mandate” fraud, the scam involves fraudsters posing as employees of an organisation’s supplier and providing false instructions, asking for bank account details to be changed.

The cases examined by KPMG suggest that fraudsters also assume a lack of knowledge amongst employees about the typical “red flags” to look out for to prevent discovery of the crimes before it is too late.

To fight the growth of Payment Diversion Fraud KPMG recommends that organisations adopt five key actions as follows:

Know who you are speaking to on the phone and keep logs of callers and requests so these can be referred to when taking calls, to see the call history.

Stop employees volunteering private information to callers (such as supplier numbers).

Confirm who is making the request to change bank account details – is it from the usual contact and usual email address?

Check the supplier history – have any other changes in standard data been requested, is this a supplier with high value transactions?

Only process requests that are received in writing and on letterhead – check letterhead to others from the same supplier and verify requests with trusted contacts at suppliers.