How AP Automation Helps Prevent BEC Attacks

Thomas Nappi

The best AP automation solutions help stop phishing attacks and Business E-mail Compromise (BEC) schemes while automating invoice processing

How AP Automation Helps Prevent BEC Attacks

Watch Out!

Accounts payable departments like yours are falling prey to an insidious new fraud scheme – Business E-Mail Compromise.

Business E-mail Compromise (BEC) attacks are schemes where fraudsters impersonate legitimate suppliers. The fraudsters then trick AP departments into making payments to a bank account that the fraudster controls.

It used to be that bad actors would spend hours sending phishing emails to numerous random e-mail addresses.  It didn’t take much for accounts payable departments to easily identify these e-mails as spam. So, the phishing e-mails were rarely successful (apologies if you fell victim to them!).  The bad guys figured this out.

Nowadays, bad actors do some research on a target first before launching an e-mail attack.

The fraudsters select the business on which to launch a BEC attack. Then they use social engineering to determine who their key suppliers and senior executives are (ensuring that they have their exact names).  The fraudsters then decide who their victim will be within the business.  They will usually select someone in the finance department who manages money, or an accounts payable leader.

The fraudster then sends an e-mail impersonating a supplier or the target’s CEO or CFO.  The goal is to trick the person in treasury or accounts payable to initiate one or more electronic payments.  In many cases, the e-mail will refer to the need for fast payment for expedited shipment of goods.

Many bad actors try to trick companies into paying via wire transfer.  But BEC attacks also are impacting ACH payments, which have long been perceived as being secure.  ACH debit fraud increased to record levels and continues its upward trend, per the Association for Finance Professionals (AFP).  There has been a steady increase in ACH credit fraud since 2012.


How AP automation solutions and invoice processing software help identify and avoid BEC attacks

Once the money is deposited into the fraudsters account, it is quickly whisked away, typically to banks in a faraway country where the funds are harder to track and recover.

The financial losses can be massive.  And bad actors are targeting companies of all sizes.

This is how AP automation solutions can help:

  • E-mail servers can be configured to identify e-mails that originate from outside your domain – making it easier for AP departments to spot cases where someone is impersonating a CFO or other senior executive
  • Intelligent workflows in an AP automation solution can ensure that invoices go through proper channels for payment
  • Business rules for high-dollar invoices can be pre-set in invoice processing software to require senior management approval
  • Intelligent workflows in an AP automation solution can out-sort any e-mails that aren’t associated with a PO in your ERP
  • A portal built into invoice processing software empowers vendors to make changes to bank account information themselves, providing a clue to accounts payable staff that e-mail requests to change bank information may not be legitimate
  • Business intelligence in accounts payable automation software can highlight unusual trends in a supplier’s invoicing activity, such as a sudden spike in invoice volume or a large increase in the amount of money being invoiced
  • A vendor management system integrated with an AP automation solution can house complete contact information for a supplier contact to confirm changes to bank account information or unexpected invoices regarding fast shipment
  • A vendor management system can help accounts payable staff quickly identify anomalies in e-mails requesting prompt payments, enabling staff to confirm bank account changes via phone


AP automation helps prevent fraud

The combination of vigilance with the capabilities of an automated AP solution or invoice processing software can help your business mitigate the growing threat of BEC attacks.



Edenred Pay, an Edenred Company, is the global leader in invoice-to-pay automation. Our integrated platform connects businesses with suppliers, ERPs, banks, FinTechs, and payment rails to automate, optimize, and monetize the entire B2B payments lifecycle – from invoice receipt through payment reconciliation. Edenred Pay’s efficient, integrated solutions create a frictionless process and help deliver value to the enterprise by enhancing visibility and monetizing AP.

Visit or contact us to learn more.