Alphus Hinds

NEW YORK — As technology continues to evolve, so do criminals that seek to tap it in order to defraud individuals and businesses. The FBI’s internet crime center has been monitoring the scale of this issue and estimates that in 2017 alone over 15,000 U.S. businesses were defrauded out of more than $675 million through business email correspondence (BEC) scams, which target businesses that regularly perform wire transfers.

There is no shortage of individuals devising schemes to exploit loopholes; thus it is no surprise that the pharmaceutical industry has also been affected. Likewise, finance teams are realizing the need for increased vigilance as threats can be both external and internal, as shown by recent news that a Florida pharmacy owner was ordered to pay $54 million for his role in a scheme to defraud Medicare and a handful of private insurance agencies.

In particular, invoice fraud, in which businesses inadvertently divert funds to daring criminals, is on the rise. According to research conducted by Tungsten Network, almost half (47%) of the businesses surveyed had received a fraudulent invoice in the past year, and this figure rises to 51% for the pharmaceutical industry. Of those affected, one in six firms believed that the fraud had cost them more than $6,600 in the past year alone.

A specific challenge comes from the format in which invoices arrive at a business. They may come as a hard copy or PDF scan, or they may be completely electronic. An invoice could arrive via post, email or a Web portal, or it could be uploaded directly to an accounting system. The numbers of options are seemingly limitless, and thus they are confusing to keep track of. Consequently, there are numerous ways for criminals to corrupt an invoice or the invoice process. Therefore, finance teams must be vigilant to prevent all the potential scams.

Our research shows that internet hackers infiltrate and con pharmaceutical companies in a variety of ways. Nearly half of pharma businesses (46%) have received a virus embedded in an attachment, a quarter have been notified of a false change in account details by email, and 16% have been sent duplicate invoices. It’s not hard to see how businesses could be deceived when there are so many different tactics out there.

For retail pharmacies with international operations, there is an even greater risk. The more countries you operate in and the more complex your payment process is, the more opportunity fraudsters have to target your business. Moreover, there are certain higher-risk parts of the world where you need to be particularly alert and agile to understand the complexities of operating in that market and how to protect your business.

Our research also found that while nearly half of all pharma companies (45%) are concerned about fraud, with 55% stating that they see cybercrime in general as the single biggest threat to their business, close to one in six (16%) said they would take no action or would be unsure of what action to take if they did receive a fraudulent invoice.

Given this context, it’s imperative that pharmaceutical professionals understand how they can prevent invoice fraud and know the appropriate action to take if they receive a suspicious invoice or correspondence.

One particular challenge is the pressure employees are under to provide high-quality patient care, which, combined with the level of urgency that exists within the health care industry, makes it easy for back-office tasks to get overlooked. Likewise, it can be daunting for administrators to keep pace with the ever-changing landscape of cyberthreats and potential malicious activity.

For this reason, many are turning to electronic invoicing as a way to help eliminate invoice fraud. By automating the process, you shift some of the responsibility for checking an invoice from a manual process that is prone to human error to a highly sophisticated, technical solution that is designed to identify rogue invoices.

Fraud within pharma and health care is not a new problem; however, much of the conversation has historically revolved around unscrupulous practices by health care providers and insurance companies. Given the statistics and instances in the news, it is clear that this not an issue that can be ignored, and that pharmacies must take proactive steps to safeguard their businesses.

Alphus Hinds is manager of cyber risk, security and compliance at Tungsten Network.