UK businesses are being alerted to the dangers of “Payment Diversion” or “Mandate” fraud, which involves criminals fraudulently changing a supplier’s bank account details.
According to KPMG, 11 new cases of this type of fraud have been examined by its forensic experts in the last six months, with cases ranging in value from just over £30,000 lost by one business in a single transaction to a total of £5 million extracted from another.
It also appears that there is little discrimination in the type of organisation being targeted.
Of the various instances identified, seven have been in the retail industry, but telecoms suppliers, manufacturers, providers of leisure services and public sector organisations are also amongst the victims.
However, fraudsters are assuming a lack of knowledge amongst employees about the typical “red flags” to look out for, and KPMG recommends that organisations adopt five key actions without delay:
Know who you are speaking to on the phone and keep logs of callers and requests so these can be referred to when taking calls, to see the call history.
Stop employees volunteering private information to callers (such as supplier numbers).
Confirm who is making the request to change bank account details – is it from the usual contact and usual email address?
Check the supplier history – have any other changes in standard data been requested, is this a supplier with high value transactions?
Only process requests that are received in writing and on letterhead – check letterhead to others from the same supplier and verify requests with trusted contacts at suppliers.