How eInvoicing helps combat email invoice fraud

Email invoice scams are quickly gaining traction as one of the biggest cybersecurity concerns for businesses. 

The latest statistics paint a worrying picture. 

In Australia, for example, businesses reported $23.2 million dollars in losses due to scams in 2022, with invoicing scams – also known as false billing scams – seeing the largest increase over the year. Reports of false billing scams rose by 1,174% in 2022, contributing to $8.6 million in losses.

Data from the ACCC (Australian Competition & Consumer Commission) shows that small businesses are particularly vulnerable to email compromise, opening the door to invoices being altered or faked. 

The strategies employed by scammers have become increasingly sophisticated, presenting a real risk to even the most cyber-savvy businesses and their customers. Some of the most common tactics include:

Fake invoices: Scammers hack a business’ email and send customers fake invoices, with funds to be sent to a scammer’s bank account.

Misdirection: Scammers send an email from the business’ email address asking the customer to pay into a different bank account, citing an administrative error.

Altered invoices: Scammers intercept an invoice and change the bank account details on the invoice to the scammer’s bank account. 

Scam invoices and emails often come from a business’ legitimate email account, making it especially difficult for recipients to pick up on.

Not only that, but some scammers are setting up auto-forwarding rules on the business’ email to cover their tracks. If a customer replies to the email querying the invoice, the scammer can reply without the business knowing. 

Scammers can also set up filtering rules to delete all their sent emails, so their fraudulent messages and invoices can’t easily be discovered.

Invoices sent via email are increasingly at risk of being intercepted and falsified, as we have seen with the rise of email invoice scams. They can also be easily sent to the wrong person. 

Similarly, paper invoices risk getting lost in the post, which again poses a security risk. 

So, what’s the alternative?

eInvoicing is a secure, standardised way to digitally send invoices between the accounting software of businesses and their customers. This differs from sending a PDF invoice via email because an eInvoice is directly sent from one accounting system to another via a secure network called Peppol.

There are many benefits to eInvoicing, but one of the biggest is enhanced security. 

With eInvoicing, sender and receiver details are validated, audit logs are kept and strict protocols are followed to minimise the risk of fraud or scams.

The eInvoicing network has robust, multi-layered security requirements including encryption, security certification (ISO27001 or ASD/NZISM) and Know Your Customer (KYC) compliance. In Australia, the sender and receiver of an eInvoice are verified by ABN (Australian Business Number). In New Zealand, eInvoices are verified by NZBN (New Zealand Business Number). 

eInvoices also can’t be forwarded by email, which means they can only be received by the person who’s supposed to receive them – decreasing the likelihood of sensitive data being compromised.

Many countries (particularly in the EU) have mandated eInvoicing, with Australia and New Zealand likely to follow suit. The Australian Government has made eInvoicing mandatory for federal government organisations and continues to encourage their suppliers to send eInvoices.

However, it’s worth noting that your invoice data can only be viewed by your trading partners within their software. They are not viewed by the ATO in Australia or IRD in New Zealand.

Along with enhanced security, adopting eInvoicing via the Peppol network has other notable advantages, including:

Tickstar (a subsidiary of Xero) builds, delivers and maintains the technology infrastructure for businesses, government organisations and accounting software platforms to send and receive eInvoices via the Peppol network. Xero uses Tickstar technology to connect customers to eInvoicing networks in Australia, New Zealand and elsewhere around the world.

With email invoice fraud on the rise, now’s the time to consider switching to eInvoicing – a more secure, cost-effective, globally-accepted way to invoice for your organisation.