Mary Schaeffer
Mary Schaeffer

Protect Your Firm Against Payment Fraud

Twelve tips show you how.

May 6, 2010
by Mary Schaeffer

A just-released survey (PDF) by Association for Financial Professionals (AFP) reveals that 73 percent of organizations experienced attempted or actual payments fraud in 2009. The problem is absolutely not going away. By taking appropriate action you can step into the breach and play a meaningful role in thwarting would-be thieves. Here is a list of tactics that your organization can and should employ.

Automated Clearing House (ACH)

1. Payee Name Positive Pay. Contact your bank and find out what you need to do to begin. This is your single best defense against check fraud.

2. Put ACH blocks on all accounts in which ACH debit activity is not anticipated. Not doing this is the leading reason so many fraudulent ACH debits slip through.

3. Reconcile any account without an ACH block every single day. You only have 24 hours to report fraudulent ACH debit transactions and have them reversed. Wait any longer and your organization may be eating the loss.

Master Vendor Files

4. Verify that all new vendors are legitimate, no matter how small the original order. A crook knows that if he or she can get onto your master vendor file with a small order, the next time a fraudulent invoice is given, it will be easier to get it through.

5. Cleanse the master vendor file on a regular basis. Many organizations do this every two years. Ideally it should be done once a year. Employees playing games with your organization’s money know they can reference inactive vendors to facilitate their malfeasance.

6. Deactivate inactive vendors in your master vendor file. Do this while you are cleansing the master vendor file. Do not delete the information because you may need it later to prove a payment was made.

7. Use a strict naming standard in your master vendor file that conforms to invoice-coding convention. Also remember to revise it and make the appropriate changes. This isn’t an easy task if you have never had naming standards, so think through the naming convention.

Purchasing Cards (a.k.a. p-cards)

8. Cancel p-cards of departing employees immediately. The p-card administrator should be on the list of people notified immediately by human resources. Unfortunately, this doesn’t happen in many organizations. This step should be incorporated into all policies and procedures.

9. Review p-card activity and cancel inactive p-cards periodically. In some organizations everyone over a certain level is given a p-card, regardless of whether they need one or not. This is just begging for trouble, especially if cards of departing employees are not immediately canceled.

10. Set p-card limits in concert with activity on the card not the employees’ status within the organization. If a cardholder only uses the card for $150 each month, a $250 limit should suffice, regardless if the person is a senior vice president or the handyman in the plant.

Employee Management

11. Rotate jobs on a semi-regular basis wherever possible. This prevents any employee from becoming too friendly with your suppliers making fraudulent collusion easier. A side benefit of job rotation is you’ll have a staff that is cross-trained and can step in for each other in case of unexpected absences.

12. Vacations are not only good for the employee; they are good for the employer. The sad fact is that internal fraud is most frequently committed by long-term, trusted employees. By requiring vacations of at least five consecutive days, most if not all frauds should come to light. If your organization provides four weeks of vacation, consider asking your employees for 10 consecutive days.


Stay alert to new frauds. This means, at a minimum, continually reading industry publications. Crooks and the professionals who work so diligently to thwart them continually play a game of cat and mouse. As soon as a fraud is uncovered and technology developed to combat it, crooks move onto another weakness and exploit it. To fully protect your organization you must stay continually vigilant.

How many of these procedures are you using?

Additional Resources: Managing the Business Risk of Fraud
AICPA Forensic & Valuation Services

Rate this article 5 (excellent) to 1 (poor). Send your responses here.

Mary S. Schaeffer is the author of over a dozen business books including Travel & Entertainment Best Practices (John Wiley & Sons) and Fraud in Accounts Payable: How to Prevent It (John Wiley & Sons). She is the publisher of the CFO & Controllers Accounts Payable Management Journal, a quarterly electronic journal for senior executives concerned about internal controls and cost control in their payment function, writes a monthly newsletter, a free weekly ezine e-AP News, speaks at accounts payable webinars, seminars and conferences and directs the organization’s consulting practice. Corporate Finance Insider readers should note that the views expressed in this article are solely the author’s and does not reflect the views of the AICPA or AICPA Corporate Finance Insider.