Business losses from mandate fraud double to £77m

Businesses are being urged to alert staff to the dangers of mandate fraud after new figures show that losses more than doubled in the last year to reach £77m.

The data, obtained by RSM from Action Fraud, the UK’s national fraud and cyber-crime reporting centre, revealed that businesses submitted over 3,451 reports about mandate fraud in 2017-18, a rise of 123 per cent over the previous year's figure of 1,551. 

Mandate fraud occurs when an employee is tricked into changing a regular payment mandate such as a direct debit, standing order or bank transfer and redirecting it into a fraudster’s account. 

Typically, a fraudster will contact an employee via email purporting to be from a supplier that receives regular payments. These approaches are sometimes plausible as the fraudsters have correct details of staff members’ names and departments obtained as a result of phishing attacks. 

The bogus supplier will explain that as they have changed banks, the standing order will need to be updated with the new account details. 

Often the scam will only come to light when the real supplier chases for payment. In some cases, this can be many months after the first transfer of money. 

According to the latest data for 2017-18, the average amount lost by each business was £22,500, 8 per cent higher than the year before.

Akhlaq Ahmed, forensic partner at audit, tax and consulting firm RSM said: ‘The doubling of losses from mandate fraud over the last year should be a cause for concern for all businesses.

‘Far too many businesses are falling victim to mandate fraud. In some cases, the losses are relatively small, in others they can run into hundreds of thousands of pounds, potentially putting the future viability of the business at risk.

'Businesses must ensure their accounts staff are trained to recognise the hallmarks of a mandate fraud attempt. With the right training and controls in place, there’s no reason why these frauds should be successful.’

Businesses are advised to do the following:

  • implement training programmes for staff, particularly those in the finance function, so they are aware of the risks;
  • consider running an ethical hacking exercise to test resilience to phishing attacks;
  • verify all requests for amended payments by checking directly with the organisation or supplier in question;
  • monitor bank statements regularly and report any suspicions to the bank and the police;
  • notify the supplier organisation that has been impersonated; and
  • never leave invoices or regular payment mandates on display for others to see.

Complaints from businesses to ActionFraud about Mandate Fraud

NFIB5D - Mandate Fraud  Amount of loss   Number of complaints  Average loss per complaint
2016-17 £32,246,594  1,551 £20,791 
2017-18 £77,321,094 3,451 £22,405