CreditWatch Founder Colin Porter Returns to End Invoice Scams Costing Businesses Over $100 Million
Despite the scale of the problem, Mr Porter said the crime often goes unreported.
“That’s because it’s an annoyance for businesses when they make the fraudulent payment,” Porter said.
“There is no recourse for them, and they have to pay twice.”
The scam is made possible because old bank computer systems do not link bank account names to their account numbers. This means that a fraudster can submit a fake invoice with the correct name but change the account number.
If the customer authorizes the payment, the loss rests on his shoulders, not on the bank.
Bank payment fraud rose to prominence around this time last year, when Levitas Capital was forced to close when hackers hacked into its messaging system and redirected payments pretending to be the handler.
The source of the infection was a dodgy Zoom invite that allowed malware to enter the system and led the trustee and fund administrator to mistakenly approve $8.7 million worth of fraudulent invoices. This led to the fund’s largest investor withdrawing its money, forcing it to close.
But Levitas is not alone: over 3,300 BEC incidents have been reported to the Australian Center for Cyber Security through its cyber reporting portal in the past year; almost half of the cases resulted in losses.
“There’s a whole range of scams out there right now, but the most common is payment redirection,” Porter said.
“There is no marriage between names and account numbers, so if you make a payment to someone, you can put Mickey Mouse as the account name, and that will pass.”
PayOK, a software platform that will network businesses and use open banking to match names and account numbers. The system works by blocking transactions when an incorrect number is presented.
It can also monitor internal fraud, using credit bureau data.
In a world of real-time payments, Porter said the risk of payment fraud will increase because people won’t have time to notice it and stop it before it happens.
Nightingale manager Lindsay Phillips said he was drawn to Mr Porter and PayOK because he knew of a company that had been scammed out of $50,000 in a BEC scam, and was “shocked to see how easy it was.”
He is a former general manager of Lazard, which owned Dun & Bradstreet in Australia, a member of the credit bureau duopoly broken by CreditorWatch, who introduced him to Mr. Porter’s management style.
“He sees things that need to be fixed, but more importantly he surrounds himself with fantastic people, and to be successful that’s what you need,” Mr Phillips said.
“He goes hard, has total belief and faith in what he does, and he gets things done.”